mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1166031 - Update NSS to NSS_3_19_1_BETA1. r=mt
This commit is contained in:
parent
05ad7f7385
commit
b1647b5e41
2
CLOBBER
2
CLOBBER
@ -22,4 +22,4 @@
|
||||
# changes to stick? As of bug 928195, this shouldn't be necessary! Please
|
||||
# don't change CLOBBER for WebIDL changes any more.
|
||||
|
||||
Bug 1163201 needs clobber.
|
||||
Bug 1166031 - NSS update hit needs-clobber bustage.
|
||||
|
@ -1 +1 @@
|
||||
NSS_3_19_RTM
|
||||
NSS_3_19_1_BETA1
|
||||
|
@ -180,7 +180,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
|
||||
|
||||
static SECStatus
|
||||
CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
|
||||
SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii,
|
||||
SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii,
|
||||
const char *emailAddrs, const char *dnsNames,
|
||||
certutilExtnList extnList, const char *extGeneric,
|
||||
/*out*/ SECItem *result)
|
||||
@ -270,7 +270,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
|
||||
}
|
||||
|
||||
if (!phone)
|
||||
phone = strdup("(not specified)");
|
||||
phone = "(not specified)";
|
||||
|
||||
email = CERT_GetCertEmailAddress(subject);
|
||||
if (!email)
|
||||
@ -323,6 +323,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
|
||||
}
|
||||
PR_smprintf_free(header);
|
||||
}
|
||||
PORT_Free(obuf);
|
||||
} else {
|
||||
(void) SECITEM_CopyItem(NULL, result, &signedReq);
|
||||
}
|
||||
|
@ -10,3 +10,4 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -30,8 +30,5 @@ INCLUDES += -I.
|
||||
# To create a loadable module on Darwin, we must use -bundle.
|
||||
#
|
||||
ifeq ($(OS_TARGET),Darwin)
|
||||
ifndef USE_64
|
||||
DSO_LDOPTS = -bundle
|
||||
endif
|
||||
endif
|
||||
|
||||
|
@ -27,8 +27,5 @@ endif
|
||||
# To create a loadable module on Darwin, we must use -bundle.
|
||||
#
|
||||
ifeq ($(OS_TARGET),Darwin)
|
||||
ifndef USE_64
|
||||
DSO_LDOPTS = -bundle
|
||||
endif
|
||||
endif
|
||||
|
||||
|
@ -37,6 +37,11 @@ extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
|
||||
extern SECStatus
|
||||
SECKEY_UpdateCertPQG(CERTCertificate * subjectCert);
|
||||
|
||||
/*
|
||||
** Return the number of bits in the provided big integer. This assumes that the
|
||||
** SECItem contains a big-endian number and counts from the first non-zero bit.
|
||||
*/
|
||||
extern unsigned SECKEY_BigIntegerBitLength(const SECItem *number);
|
||||
|
||||
/*
|
||||
** Return the strength of the public key in bytes
|
||||
|
@ -178,8 +178,8 @@ SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c
|
||||
PK11SlotInfo *slot;
|
||||
|
||||
if (!param || !param->base.data || !param->prime.data ||
|
||||
param->prime.len < 512/8 || param->base.len == 0 ||
|
||||
param->base.len > param->prime.len + 1 ||
|
||||
SECKEY_BigIntegerBitLength(¶m->prime) < DH_MIN_P_BITS ||
|
||||
param->base.len == 0 || param->base.len > param->prime.len + 1 ||
|
||||
(param->base.len == 1 && param->base.data[0] == 0)) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return NULL;
|
||||
@ -941,61 +941,76 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)
|
||||
}
|
||||
}
|
||||
|
||||
/* The number of bits in the number from the first non-zero bit onward. */
|
||||
unsigned
|
||||
SECKEY_BigIntegerBitLength(const SECItem *number)
|
||||
{
|
||||
const unsigned char *p;
|
||||
unsigned octets;
|
||||
unsigned bits;
|
||||
|
||||
if (!number || !number->data) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = number->data;
|
||||
octets = number->len;
|
||||
while (octets > 0 && !*p) {
|
||||
++p;
|
||||
--octets;
|
||||
}
|
||||
if (octets == 0) {
|
||||
return 0;
|
||||
}
|
||||
/* bits = 7..1 because we know at least one bit is set already */
|
||||
/* Note: This could do a binary search, but this is faster for keys if we
|
||||
* assume that good keys will have the MSB set. */
|
||||
for (bits = 7; bits > 0; --bits) {
|
||||
if (*p & (1 << bits)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return octets * 8 + bits - 7;
|
||||
}
|
||||
|
||||
/* returns key strength in bytes (not bits) */
|
||||
unsigned
|
||||
SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk)
|
||||
{
|
||||
unsigned char b0;
|
||||
unsigned size;
|
||||
|
||||
/* interpret modulus length as key strength */
|
||||
if (!pubk)
|
||||
goto loser;
|
||||
switch (pubk->keyType) {
|
||||
case rsaKey:
|
||||
if (!pubk->u.rsa.modulus.data) break;
|
||||
b0 = pubk->u.rsa.modulus.data[0];
|
||||
return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
|
||||
case dsaKey:
|
||||
if (!pubk->u.dsa.publicValue.data) break;
|
||||
b0 = pubk->u.dsa.publicValue.data[0];
|
||||
return b0 ? pubk->u.dsa.publicValue.len :
|
||||
pubk->u.dsa.publicValue.len - 1;
|
||||
case dhKey:
|
||||
if (!pubk->u.dh.publicValue.data) break;
|
||||
b0 = pubk->u.dh.publicValue.data[0];
|
||||
return b0 ? pubk->u.dh.publicValue.len :
|
||||
pubk->u.dh.publicValue.len - 1;
|
||||
case ecKey:
|
||||
/* Get the key size in bits and adjust */
|
||||
size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
|
||||
return (size + 7)/8;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
loser:
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
return (SECKEY_PublicKeyStrengthInBits(pubk) + 7) / 8;
|
||||
}
|
||||
|
||||
/* returns key strength in bits */
|
||||
unsigned
|
||||
SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk)
|
||||
{
|
||||
unsigned size;
|
||||
switch (pubk->keyType) {
|
||||
case rsaKey:
|
||||
case dsaKey:
|
||||
case dhKey:
|
||||
return SECKEY_PublicKeyStrength(pubk) * 8; /* 1 byte = 8 bits */
|
||||
case ecKey:
|
||||
size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
|
||||
return size;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
unsigned bitSize = 0;
|
||||
|
||||
if (!pubk) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* interpret modulus length as key strength */
|
||||
switch (pubk->keyType) {
|
||||
case rsaKey:
|
||||
bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus);
|
||||
break;
|
||||
case dsaKey:
|
||||
bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.publicValue);
|
||||
break;
|
||||
case dhKey:
|
||||
bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue);
|
||||
break;
|
||||
case ecKey:
|
||||
bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
|
||||
break;
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_KEY);
|
||||
break;
|
||||
}
|
||||
return bitSize;
|
||||
}
|
||||
|
||||
/* returns signature length in bytes (not bits) */
|
||||
|
@ -138,10 +138,13 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
|
||||
* These values come from the initial key size limits from the PKCS #11
|
||||
* module. They may be arbitrarily adjusted to any value freebl supports.
|
||||
*/
|
||||
#define RSA_MIN_MODULUS_BITS 128
|
||||
#define RSA_MIN_MODULUS_BITS 512
|
||||
#define RSA_MAX_MODULUS_BITS 16384
|
||||
#define RSA_MAX_EXPONENT_BITS 64
|
||||
#define DH_MIN_P_BITS 128
|
||||
/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
|
||||
* only 1023 bits and similar. We don't have good data on whether this
|
||||
* happens because NSS used to count bit lengths incorrectly. */
|
||||
#define DH_MIN_P_BITS 1023
|
||||
#define DH_MAX_P_BITS 16384
|
||||
|
||||
/*
|
||||
@ -181,7 +184,7 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
|
||||
|
||||
#define DSA1_Q_BITS 160
|
||||
#define DSA_MAX_P_BITS 3072
|
||||
#define DSA_MIN_P_BITS 512
|
||||
#define DSA_MIN_P_BITS 1023
|
||||
#define DSA_MAX_Q_BITS 256
|
||||
#define DSA_MIN_Q_BITS 160
|
||||
|
||||
|
@ -144,6 +144,20 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
|
||||
MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
|
||||
MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
|
||||
|
||||
if (mp_cmp_z(&C) == 0) {
|
||||
/* P == Q or P == -Q */
|
||||
if (mp_cmp_z(&D) == 0) {
|
||||
/* P == Q */
|
||||
/* It is cheaper to double (qx, qy, 1) than (px, py, pz). */
|
||||
MP_DIGIT(&D, 0) = 1; /* Set D to 1. */
|
||||
MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group));
|
||||
} else {
|
||||
/* P == -Q */
|
||||
MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
|
||||
}
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
||||
/* C2 = C^2, C3 = C^3 */
|
||||
MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
|
||||
MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
|
||||
@ -205,7 +219,8 @@ ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz,
|
||||
MP_CHECKOK(mp_init(&M));
|
||||
MP_CHECKOK(mp_init(&S));
|
||||
|
||||
if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
|
||||
/* P == inf or P == -P */
|
||||
if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) {
|
||||
MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
|
||||
goto CLEANUP;
|
||||
}
|
||||
|
@ -16,7 +16,7 @@
|
||||
* output that is still field-encoded.
|
||||
*
|
||||
*/
|
||||
mp_err
|
||||
static mp_err
|
||||
ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
|
||||
const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz,
|
||||
mp_int *raz4, mp_int scratch[], const ECGroup *group)
|
||||
@ -86,7 +86,7 @@ ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
|
||||
* Uses mixed Modified_Jacobian-affine coordinates. Assumes input is
|
||||
* already field-encoded using field_enc, and returns output that is still
|
||||
* field-encoded. */
|
||||
mp_err
|
||||
static mp_err
|
||||
ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
|
||||
const mp_int *paz4, const mp_int *qx,
|
||||
const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz,
|
||||
|
@ -1076,3 +1076,9 @@ CERT_GetImposedNameConstraints;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.19.1 { # NSS 3.19.1 release
|
||||
;+ global:
|
||||
SECKEY_BigIntegerBitLength;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
@ -33,12 +33,12 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.19" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.19.1" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 19
|
||||
#define NSS_VPATCH 0
|
||||
#define NSS_VPATCH 1
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_FALSE
|
||||
#define NSS_BETA PR_TRUE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
@ -1247,7 +1247,7 @@ loser:
|
||||
PORT_ZFree(newKey.data,newKey.len);
|
||||
}
|
||||
if (result) {
|
||||
SECITEM_FreeItem(result, PR_FALSE);
|
||||
SECITEM_FreeItem(result, PR_TRUE);
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
(*keydb->db->sdb_Abort)(keydb->db);
|
||||
|
@ -25,11 +25,11 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.19" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.19.1" SOFTOKEN_ECC_STRING " Beta"
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 19
|
||||
#define SOFTOKEN_VPATCH 0
|
||||
#define SOFTOKEN_VPATCH 1
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_BETA PR_FALSE
|
||||
#define SOFTOKEN_BETA PR_TRUE
|
||||
|
||||
#endif /* _SOFTKVER_H_ */
|
||||
|
@ -422,3 +422,6 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
|
||||
ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
|
||||
"The server rejected the handshake because the client downgraded to a lower "
|
||||
"TLS version than the server supports.")
|
||||
|
||||
ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
|
||||
"The server certificate included a public key that was too weak.")
|
||||
|
@ -5401,9 +5401,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
|
||||
return SECFailure;
|
||||
}
|
||||
if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
|
||||
ssl_GetXmitBufLock(ss);
|
||||
rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
|
||||
ssl_ReleaseXmitBufLock(ss);
|
||||
(void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
|
||||
PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
|
||||
return SECFailure;
|
||||
}
|
||||
@ -6601,29 +6599,6 @@ loser:
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned,
|
||||
* big-endian integer is > 1 */
|
||||
static PRBool
|
||||
ssl3_BigIntGreaterThanOne(const SECItem* mpint) {
|
||||
unsigned char firstNonZeroByte = 0;
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < mpint->len; i++) {
|
||||
if (mpint->data[i]) {
|
||||
firstNonZeroByte = mpint->data[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (firstNonZeroByte == 0)
|
||||
return PR_FALSE;
|
||||
if (firstNonZeroByte > 1)
|
||||
return PR_TRUE;
|
||||
|
||||
/* firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte
|
||||
* is followed by another byte. */
|
||||
return (i < mpint->len - 1);
|
||||
}
|
||||
|
||||
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
|
||||
* ssl3 ServerKeyExchange message.
|
||||
@ -6668,6 +6643,12 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
}
|
||||
/* This exchange method is only used by export cipher suites.
|
||||
* Those are broken and so this code will eventually be removed. */
|
||||
if (SECKEY_BigIntegerBitLength(&modulus) < 512) {
|
||||
desc = isTLS ? insufficient_security : illegal_parameter;
|
||||
goto alert_loser;
|
||||
}
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
@ -6753,12 +6734,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
SECItem dh_p = {siBuffer, NULL, 0};
|
||||
SECItem dh_g = {siBuffer, NULL, 0};
|
||||
SECItem dh_Ys = {siBuffer, NULL, 0};
|
||||
unsigned dh_p_bits;
|
||||
unsigned dh_g_bits;
|
||||
unsigned dh_Ys_bits;
|
||||
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
}
|
||||
if (dh_p.len < 512/8) {
|
||||
dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
|
||||
if (dh_p_bits < DH_MIN_P_BITS) {
|
||||
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
|
||||
goto alert_loser;
|
||||
}
|
||||
@ -6766,13 +6751,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
}
|
||||
if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g))
|
||||
/* Abort if dh_g is 0, 1, or obviously too big. */
|
||||
dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g);
|
||||
if (dh_g_bits > dh_p_bits || dh_g_bits <= 1)
|
||||
goto alert_loser;
|
||||
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed. */
|
||||
}
|
||||
if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_Ys))
|
||||
dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys);
|
||||
if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1)
|
||||
goto alert_loser;
|
||||
if (isTLS12) {
|
||||
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
|
||||
@ -8881,6 +8869,10 @@ ssl3_SendServerKeyExchange(sslSocket *ss)
|
||||
2 + sdPub->u.rsa.publicExponent.len +
|
||||
2 + signed_hash.len;
|
||||
|
||||
if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
length += 2;
|
||||
}
|
||||
|
||||
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* err set by AppendHandshake. */
|
||||
@ -10055,33 +10047,25 @@ ssl3_AuthCertificate(sslSocket *ss)
|
||||
if (pubKey) {
|
||||
ss->sec.keaKeyBits = ss->sec.authKeyBits =
|
||||
SECKEY_PublicKeyStrengthInBits(pubKey);
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
if (ss->sec.keaType == kt_ecdh) {
|
||||
/* Get authKeyBits from signing key.
|
||||
* XXX The code below uses a quick approximation of
|
||||
* key size based on cert->signatureWrap.signature.data
|
||||
* (which contains the DER encoded signature). The field
|
||||
* cert->signatureWrap.signature.len contains the
|
||||
* length of the encoded signature in bits.
|
||||
*/
|
||||
if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) {
|
||||
ss->sec.authKeyBits =
|
||||
cert->signatureWrap.signature.data[3]*8;
|
||||
if (cert->signatureWrap.signature.data[4] == 0x00)
|
||||
ss->sec.authKeyBits -= 8;
|
||||
/*
|
||||
* XXX: if cert is not signed by ecdsa we should
|
||||
* destroy pubKey and goto bad_cert
|
||||
*/
|
||||
} else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) {
|
||||
ss->sec.authKeyBits = cert->signatureWrap.signature.len;
|
||||
/*
|
||||
* XXX: if cert is not signed by rsa we should
|
||||
* destroy pubKey and goto bad_cert
|
||||
*/
|
||||
KeyType pubKeyType = SECKEY_GetPublicKeyType(pubKey);
|
||||
/* Too small: not good enough. Send a fatal alert. */
|
||||
/* TODO: Use 1023 for RSA because a higher RSA_MIN_MODULUS_BITS
|
||||
* breaks export cipher suites, not 1024 to be conservative; when
|
||||
* export removed, increase RSA_MIN_MODULUS_BITS and use that. */
|
||||
/* We aren't checking EC here on the understanding that we only
|
||||
* support curves we like, a decision that might need revisiting. */
|
||||
if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey ||
|
||||
pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) ||
|
||||
(pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) ||
|
||||
(pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) {
|
||||
PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal,
|
||||
ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
|
||||
? insufficient_security
|
||||
: illegal_parameter);
|
||||
SECKEY_DestroyPublicKey(pubKey);
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
SECKEY_DestroyPublicKey(pubKey);
|
||||
pubKey = NULL;
|
||||
}
|
||||
|
@ -625,8 +625,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
|
||||
rv = ssl3_ValidateNextProtoNego(data->data, data->len);
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -653,8 +653,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
|
||||
/* The callback might say OK, but then it picks a default value - one
|
||||
* that was not listed. That's OK for NPN, but not ALPN. */
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -673,8 +673,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
* despite it being permitted by the spec. */
|
||||
if (ss->firstHsDone || data->len == 0) {
|
||||
/* Clients MUST send a non-empty ALPN extension. */
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -701,8 +701,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
rv = ssl3_RegisterServerHelloExtensionSender(
|
||||
ss, ex_type, ssl3_ServerSendAppProtoXtn);
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
@ -722,8 +722,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
|
||||
* we've negotiated NPN then we're required to send the NPN handshake
|
||||
* message. Thus, these two extensions cannot both be negotiated on the
|
||||
* same connection. */
|
||||
PORT_SetError(SSL_ERROR_BAD_SERVER);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
||||
PORT_SetError(SSL_ERROR_BAD_SERVER);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -733,8 +733,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
|
||||
* we sent the ClientHello and now. */
|
||||
if (!ss->nextProtoCallback) {
|
||||
PORT_Assert(0);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -758,16 +758,16 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
* uint8 len; // where len >= 1
|
||||
* uint8 protocol_name[len]; */
|
||||
if (data->len < 4 || data->len > 2 + 1 + 255) {
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
|
||||
/* The list has to be the entire extension. */
|
||||
if (list_len != data->len) {
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -775,8 +775,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
&data->data, &data->len);
|
||||
/* The list must have exactly one value. */
|
||||
if (rv != SECSuccess || data->len != 0) {
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -2063,8 +2063,8 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
|
||||
}
|
||||
if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
|
||||
data->data + 1, len)) {
|
||||
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
|
||||
PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
||||
return SECFailure;
|
||||
}
|
||||
/* remember that we got this extension and it was correct. */
|
||||
@ -2188,8 +2188,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
}
|
||||
|
||||
if (!found) {
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -2202,8 +2202,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
|
||||
/* We didn't offer an MKI, so this must be 0 length */
|
||||
if (litem.len != 0) {
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -2313,8 +2313,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
}
|
||||
/* Trailing data, empty value, or odd-length value is invalid. */
|
||||
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -2328,8 +2328,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
|
||||
ss->ssl3.hs.clientSigAndHash =
|
||||
PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
|
||||
if (!ss->ssl3.hs.clientSigAndHash) {
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
||||
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
|
||||
return SECFailure;
|
||||
}
|
||||
ss->ssl3.hs.numClientSigAndHash = 0;
|
||||
|
@ -198,6 +198,8 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
|
||||
|
||||
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
|
||||
|
||||
SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132),
|
||||
|
||||
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
|
||||
} SSLErrorCodes;
|
||||
#endif /* NO_SECURITY_ERROR_ENUM */
|
||||
|
@ -19,12 +19,12 @@
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.19"
|
||||
#define NSSUTIL_VERSION "3.19.1 Beta"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 19
|
||||
#define NSSUTIL_VPATCH 0
|
||||
#define NSSUTIL_VPATCH 1
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user