| OLD | NEW |
| 1 /* | 1 /* |
| 2 * SSL v2 handshake functions, and functions common to SSL2 and SSL3. | 2 * SSL v2 handshake functions, and functions common to SSL2 and SSL3. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 * in which case the provisions of the GPL or the LGPL are applicable instead | 30 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 31 * of those above. If you wish to allow use of your version of this file only | 31 * of those above. If you wish to allow use of your version of this file only |
| 32 * under the terms of either the GPL or the LGPL, and not to allow others to | 32 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 33 * use your version of this file under the terms of the MPL, indicate your | 33 * use your version of this file under the terms of the MPL, indicate your |
| 34 * decision by deleting the provisions above and replace them with the notice | 34 * decision by deleting the provisions above and replace them with the notice |
| 35 * and other provisions required by the GPL or the LGPL. If you do not delete | 35 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 36 * the provisions above, a recipient may use your version of this file under | 36 * the provisions above, a recipient may use your version of this file under |
| 37 * the terms of any one of the MPL, the GPL or the LGPL. | 37 * the terms of any one of the MPL, the GPL or the LGPL. |
| 38 * | 38 * |
| 39 * ***** END LICENSE BLOCK ***** */ | 39 * ***** END LICENSE BLOCK ***** */ |
| 40 /* $Id: sslcon.c,v 1.45 2011/11/19 21:58:21 bsmith%mozilla.com Exp $ */ | 40 /* $Id: sslcon.c,v 1.48 2012/03/18 00:31:20 wtc%google.com Exp $ */ |
| 41 | 41 |
| 42 #include "nssrenam.h" | 42 #include "nssrenam.h" |
| 43 #include "cert.h" | 43 #include "cert.h" |
| 44 #include "secitem.h" | 44 #include "secitem.h" |
| 45 #include "sechash.h" | 45 #include "sechash.h" |
| 46 #include "cryptohi.h" /* for SGN_ funcs */ | 46 #include "cryptohi.h" /* for SGN_ funcs */ |
| 47 #include "keyhi.h" /* for SECKEY_ high level functions. */ | 47 #include "keyhi.h" /* for SECKEY_ high level functions. */ |
| 48 #include "ssl.h" | 48 #include "ssl.h" |
| 49 #include "sslimpl.h" | 49 #include "sslimpl.h" |
| 50 #include "sslproto.h" | 50 #include "sslproto.h" |
| (...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 goto disabled; | 270 goto disabled; |
| 271 | 271 |
| 272 allowed = ss->allowedByPolicy & ss->chosenPreference; | 272 allowed = ss->allowedByPolicy & ss->chosenPreference; |
| 273 if (! allowed) | 273 if (! allowed) |
| 274 ss->opt.enableSSL2 = PR_FALSE; /* not really enabled if no ciphers */ | 274 ss->opt.enableSSL2 = PR_FALSE; /* not really enabled if no ciphers */ |
| 275 | 275 |
| 276 /* ssl3_config_match_init was called in ssl2_ConstructCipherSpecs(). */ | 276 /* ssl3_config_match_init was called in ssl2_ConstructCipherSpecs(). */ |
| 277 /* Ask how many ssl3 CipherSuites were enabled. */ | 277 /* Ask how many ssl3 CipherSuites were enabled. */ |
| 278 rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount); | 278 rv = ssl3_ConstructV2CipherSpecsHack(ss, NULL, &ssl3CipherCount); |
| 279 if (rv != SECSuccess || ssl3CipherCount <= 0) { | 279 if (rv != SECSuccess || ssl3CipherCount <= 0) { |
| 280 » ss->opt.enableSSL3 = PR_FALSE; /* not really enabled if no ciphers */ | 280 » /* SSL3/TLS not really enabled if no ciphers */ |
| 281 » ss->opt.enableTLS = PR_FALSE; | 281 » ss->vrange.min = SSL_LIBRARY_VERSION_NONE; |
| 282 » ss->vrange.max = SSL_LIBRARY_VERSION_NONE; |
| 282 } | 283 } |
| 283 | 284 |
| 284 if (!ss->opt.enableSSL2 && !ss->opt.enableSSL3 && !ss->opt.enableTLS) { | 285 if (!ss->opt.enableSSL2 && SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 285 » SSL_DBG(("%d: SSL[%d]: Can't handshake! both v2 and v3 disabled.", | 286 » SSL_DBG(("%d: SSL[%d]: Can't handshake! all versions disabled.", |
| 286 SSL_GETPID(), ss->fd)); | 287 SSL_GETPID(), ss->fd)); |
| 287 disabled: | 288 disabled: |
| 288 PORT_SetError(SSL_ERROR_SSL_DISABLED); | 289 PORT_SetError(SSL_ERROR_SSL_DISABLED); |
| 289 return SECFailure; | 290 return SECFailure; |
| 290 } | 291 } |
| 291 return SECSuccess; | 292 return SECSuccess; |
| 292 } | 293 } |
| 293 | 294 |
| 294 /* | 295 /* |
| 295 * Since this is a global (not per-socket) setting, we cannot use the | 296 * Since this is a global (not per-socket) setting, we cannot use the |
| (...skipping 1132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1428 CK_MECHANISM_TYPE mechanism; | 1429 CK_MECHANISM_TYPE mechanism; |
| 1429 SECItem readKey; | 1430 SECItem readKey; |
| 1430 SECItem writeKey; | 1431 SECItem writeKey; |
| 1431 | 1432 |
| 1432 void *readcx = 0; | 1433 void *readcx = 0; |
| 1433 void *writecx = 0; | 1434 void *writecx = 0; |
| 1434 readKey.data = 0; | 1435 readKey.data = 0; |
| 1435 writeKey.data = 0; | 1436 writeKey.data = 0; |
| 1436 | 1437 |
| 1437 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 1438 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
| 1438 if(ss->sec.ci.sid == 0) | 1439 if (ss->sec.ci.sid == 0) |
| 1439 goto sec_loser; /* don't crash if asserts are off */ | 1440 goto sec_loser; /* don't crash if asserts are off */ |
| 1440 | 1441 |
| 1441 /* Trying to cut down on all these switch statements that should be tables. | 1442 /* Trying to cut down on all these switch statements that should be tables. |
| 1442 * So, test cipherType once, here, and then use tables below. | 1443 * So, test cipherType once, here, and then use tables below. |
| 1443 */ | 1444 */ |
| 1444 switch (cipherType) { | 1445 switch (cipherType) { |
| 1445 case SSL_CK_RC4_128_EXPORT40_WITH_MD5: | 1446 case SSL_CK_RC4_128_EXPORT40_WITH_MD5: |
| 1446 case SSL_CK_RC4_128_WITH_MD5: | 1447 case SSL_CK_RC4_128_WITH_MD5: |
| 1447 case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: | 1448 case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: |
| 1448 case SSL_CK_RC2_128_CBC_WITH_MD5: | 1449 case SSL_CK_RC2_128_CBC_WITH_MD5: |
| (...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1676 | 1677 |
| 1677 /* Cheaply verify that PKCS#1 was used to format the encryption block */ | 1678 /* Cheaply verify that PKCS#1 was used to format the encryption block */ |
| 1678 if ((kbuf[0] != 0x00) || (kbuf[1] != 0x02) || (dk[-1] != 0x00)) { | 1679 if ((kbuf[0] != 0x00) || (kbuf[1] != 0x02) || (dk[-1] != 0x00)) { |
| 1679 SSL_DBG(("%d: SSL[%d]: strange encryption block", | 1680 SSL_DBG(("%d: SSL[%d]: strange encryption block", |
| 1680 SSL_GETPID(), ss->fd)); | 1681 SSL_GETPID(), ss->fd)); |
| 1681 PORT_SetError(SSL_ERROR_BAD_CLIENT); | 1682 PORT_SetError(SSL_ERROR_BAD_CLIENT); |
| 1682 goto hide_loser; | 1683 goto hide_loser; |
| 1683 } | 1684 } |
| 1684 | 1685 |
| 1685 /* Make sure we're not subject to a version rollback attack. */ | 1686 /* Make sure we're not subject to a version rollback attack. */ |
| 1686 if (ss->opt.enableSSL3 || ss->opt.enableTLS) { | 1687 if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 1687 static const PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03, | 1688 static const PRUint8 threes[8] = { 0x03, 0x03, 0x03, 0x03, |
| 1688 0x03, 0x03, 0x03, 0x03 }; | 1689 0x03, 0x03, 0x03, 0x03 }; |
| 1689 | 1690 |
| 1690 if (PORT_Memcmp(dk - 8 - 1, threes, 8) == 0) { | 1691 if (PORT_Memcmp(dk - 8 - 1, threes, 8) == 0) { |
| 1691 PORT_SetError(SSL_ERROR_BAD_CLIENT); | 1692 PORT_SetError(SSL_ERROR_BAD_CLIENT); |
| 1692 goto hide_loser; | 1693 goto hide_loser; |
| 1693 } | 1694 } |
| 1694 } | 1695 } |
| 1695 if (0) { | 1696 if (0) { |
| 1696 hide_loser: | 1697 hide_loser: |
| (...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2137 */ | 2138 */ |
| 2138 modulusLen = SECKEY_PublicKeyStrength(serverKey); | 2139 modulusLen = SECKEY_PublicKeyStrength(serverKey); |
| 2139 rek.data = keyData + ckLen; | 2140 rek.data = keyData + ckLen; |
| 2140 rek.len = keyLen - ckLen; | 2141 rek.len = keyLen - ckLen; |
| 2141 eblock = ssl_FormatSSL2Block(modulusLen, &rek); | 2142 eblock = ssl_FormatSSL2Block(modulusLen, &rek); |
| 2142 if (eblock == NULL) | 2143 if (eblock == NULL) |
| 2143 goto loser; | 2144 goto loser; |
| 2144 | 2145 |
| 2145 /* Set up the padding for version 2 rollback detection. */ | 2146 /* Set up the padding for version 2 rollback detection. */ |
| 2146 /* XXX We should really use defines here */ | 2147 /* XXX We should really use defines here */ |
| 2147 if (ss->opt.enableSSL3 || ss->opt.enableTLS) { | 2148 if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 2148 PORT_Assert((modulusLen - rek.len) > 12); | 2149 PORT_Assert((modulusLen - rek.len) > 12); |
| 2149 PORT_Memset(eblock + modulusLen - rek.len - 8 - 1, 0x03, 8); | 2150 PORT_Memset(eblock + modulusLen - rek.len - 8 - 1, 0x03, 8); |
| 2150 } | 2151 } |
| 2151 ekbuf = (PRUint8*) PORT_Alloc(modulusLen); | 2152 ekbuf = (PRUint8*) PORT_Alloc(modulusLen); |
| 2152 if (!ekbuf) | 2153 if (!ekbuf) |
| 2153 goto loser; | 2154 goto loser; |
| 2154 PRINT_BUF(10, (ss, "master key encryption block:", | 2155 PRINT_BUF(10, (ss, "master key encryption block:", |
| 2155 eblock, modulusLen)); | 2156 eblock, modulusLen)); |
| 2156 | 2157 |
| 2157 /* Encrypt ekitem */ | 2158 /* Encrypt ekitem */ |
| (...skipping 886 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3044 SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd)); | 3045 SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd)); |
| 3045 | 3046 |
| 3046 /* Try to find server in our session-id cache */ | 3047 /* Try to find server in our session-id cache */ |
| 3047 if (ss->opt.noCache) { | 3048 if (ss->opt.noCache) { |
| 3048 sid = NULL; | 3049 sid = NULL; |
| 3049 } else { | 3050 } else { |
| 3050 sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, | 3051 sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, |
| 3051 ss->url); | 3052 ss->url); |
| 3052 } | 3053 } |
| 3053 while (sid) { /* this isn't really a loop */ | 3054 while (sid) { /* this isn't really a loop */ |
| 3055 PRBool sidVersionEnabled = |
| 3056 (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && |
| 3057 sid->version >= ss->vrange.min && |
| 3058 sid->version <= ss->vrange.max) || |
| 3059 (sid->version < SSL_LIBRARY_VERSION_3_0 && ss->opt.enableSSL2); |
| 3060 |
| 3054 /* if we're not doing this SID's protocol any more, drop it. */ | 3061 /* if we're not doing this SID's protocol any more, drop it. */ |
| 3055 » if (((sid->version < SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL2) |
| | 3062 » if (!sidVersionEnabled) { |
| 3056 » ((sid->version == SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableSSL3) |
| | |
| 3057 » ((sid->version > SSL_LIBRARY_VERSION_3_0) && !ss->opt.enableTLS)) { | |
| 3058 ss->sec.uncache(sid); | 3063 ss->sec.uncache(sid); |
| 3059 ssl_FreeSID(sid); | 3064 ssl_FreeSID(sid); |
| 3060 sid = NULL; | 3065 sid = NULL; |
| 3061 break; | 3066 break; |
| 3062 } | 3067 } |
| 3063 » if (ss->opt.enableSSL2 && sid->version < SSL_LIBRARY_VERSION_3_0) { | 3068 » if (sid->version < SSL_LIBRARY_VERSION_3_0) { |
| 3064 /* If the cipher in this sid is not enabled, drop it. */ | 3069 /* If the cipher in this sid is not enabled, drop it. */ |
| 3065 for (i = 0; i < ss->sizeCipherSpecs; i += 3) { | 3070 for (i = 0; i < ss->sizeCipherSpecs; i += 3) { |
| 3066 if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType) | 3071 if (ss->cipherSpecs[i] == sid->u.ssl2.cipherType) |
| 3067 break; | 3072 break; |
| 3068 } | 3073 } |
| 3069 if (i >= ss->sizeCipherSpecs) { | 3074 if (i >= ss->sizeCipherSpecs) { |
| 3070 ss->sec.uncache(sid); | 3075 ss->sec.uncache(sid); |
| 3071 ssl_FreeSID(sid); | 3076 ssl_FreeSID(sid); |
| 3072 sid = NULL; | 3077 sid = NULL; |
| 3073 break; | 3078 break; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 3099 } | 3104 } |
| 3100 if (ss->url != NULL) { | 3105 if (ss->url != NULL) { |
| 3101 sid->urlSvrName = PORT_Strdup(ss->url); | 3106 sid->urlSvrName = PORT_Strdup(ss->url); |
| 3102 } | 3107 } |
| 3103 } | 3108 } |
| 3104 ss->sec.ci.sid = sid; | 3109 ss->sec.ci.sid = sid; |
| 3105 | 3110 |
| 3106 PORT_Assert(sid != NULL); | 3111 PORT_Assert(sid != NULL); |
| 3107 | 3112 |
| 3108 if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello)
&& | 3113 if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello)
&& |
| 3109 (ss->opt.enableSSL3 || ss->opt.enableTLS)) { | 3114 » !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 3110 | |
| 3111 ss->gs.state = GS_INIT; | 3115 ss->gs.state = GS_INIT; |
| 3112 ss->handshake = ssl_GatherRecord1stHandshake; | 3116 ss->handshake = ssl_GatherRecord1stHandshake; |
| 3113 | 3117 |
| 3114 /* ssl3_SendClientHello will override this if it succeeds. */ | 3118 /* ssl3_SendClientHello will override this if it succeeds. */ |
| 3115 ss->version = SSL_LIBRARY_VERSION_3_0; | 3119 ss->version = SSL_LIBRARY_VERSION_3_0; |
| 3116 | 3120 |
| 3117 ssl_GetSSL3HandshakeLock(ss); | 3121 ssl_GetSSL3HandshakeLock(ss); |
| 3118 ssl_GetXmitBufLock(ss); | 3122 ssl_GetXmitBufLock(ss); |
| 3119 rv = ssl3_SendClientHello(ss); | 3123 rv = ssl3_SendClientHello(ss); |
| 3120 ssl_ReleaseXmitBufLock(ss); | 3124 ssl_ReleaseXmitBufLock(ss); |
| (...skipping 29 matching lines...) Expand all Loading... |
| 3150 | 3154 |
| 3151 ssl_GetXmitBufLock(ss); /***************************************/ | 3155 ssl_GetXmitBufLock(ss); /***************************************/ |
| 3152 | 3156 |
| 3153 rv = ssl2_GetSendBuffer(ss, sendLen); | 3157 rv = ssl2_GetSendBuffer(ss, sendLen); |
| 3154 if (rv) | 3158 if (rv) |
| 3155 goto unlock_loser; | 3159 goto unlock_loser; |
| 3156 | 3160 |
| 3157 /* Construct client-hello message */ | 3161 /* Construct client-hello message */ |
| 3158 cp = msg = ss->sec.ci.sendBuf.buf; | 3162 cp = msg = ss->sec.ci.sendBuf.buf; |
| 3159 msg[0] = SSL_MT_CLIENT_HELLO; | 3163 msg[0] = SSL_MT_CLIENT_HELLO; |
| 3160 if ( ss->opt.enableTLS ) { | 3164 ss->clientHelloVersion = SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) ? |
| 3161 » ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_1_TLS; | 3165 » SSL_LIBRARY_VERSION_2 : ss->vrange.max; |
| 3162 } else if ( ss->opt.enableSSL3 ) { | 3166 |
| 3163 » ss->clientHelloVersion = SSL_LIBRARY_VERSION_3_0; | |
| 3164 } else { | |
| 3165 » ss->clientHelloVersion = SSL_LIBRARY_VERSION_2; | |
| 3166 } | |
| 3167 | |
| 3168 msg[1] = MSB(ss->clientHelloVersion); | 3167 msg[1] = MSB(ss->clientHelloVersion); |
| 3169 msg[2] = LSB(ss->clientHelloVersion); | 3168 msg[2] = LSB(ss->clientHelloVersion); |
| 3170 /* Add 3 for SCSV */ | 3169 /* Add 3 for SCSV */ |
| 3171 msg[3] = MSB(localCipherSize + 3); | 3170 msg[3] = MSB(localCipherSize + 3); |
| 3172 msg[4] = LSB(localCipherSize + 3); | 3171 msg[4] = LSB(localCipherSize + 3); |
| 3173 msg[5] = MSB(sidLen); | 3172 msg[5] = MSB(sidLen); |
| 3174 msg[6] = LSB(sidLen); | 3173 msg[6] = LSB(sidLen); |
| 3175 msg[7] = MSB(SSL_CHALLENGE_BYTES); | 3174 msg[7] = MSB(SSL_CHALLENGE_BYTES); |
| 3176 msg[8] = LSB(SSL_CHALLENGE_BYTES); | 3175 msg[8] = LSB(SSL_CHALLENGE_BYTES); |
| 3177 cp += SSL_HL_CLIENT_HELLO_HBYTES; | 3176 cp += SSL_HL_CLIENT_HELLO_HBYTES; |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3374 if (rv != SECSuccess) { | 3373 if (rv != SECSuccess) { |
| 3375 goto loser; | 3374 goto loser; |
| 3376 } | 3375 } |
| 3377 | 3376 |
| 3378 /* Examine version information */ | 3377 /* Examine version information */ |
| 3379 /* | 3378 /* |
| 3380 * See if this might be a V2 client hello asking to use the V3 protocol | 3379 * See if this might be a V2 client hello asking to use the V3 protocol |
| 3381 */ | 3380 */ |
| 3382 if ((data[0] == SSL_MT_CLIENT_HELLO) && | 3381 if ((data[0] == SSL_MT_CLIENT_HELLO) && |
| 3383 (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) && | 3382 (data[1] >= MSB(SSL_LIBRARY_VERSION_3_0)) && |
| 3384 » (ss->opt.enableSSL3 || ss->opt.enableTLS)) { | 3383 » !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) { |
| 3385 rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen); | 3384 rv = ssl3_HandleV2ClientHello(ss, data, ss->gs.recordLen); |
| 3386 if (rv != SECFailure) { /* Success */ | 3385 if (rv != SECFailure) { /* Success */ |
| 3387 ss->handshake = NULL; | 3386 ss->handshake = NULL; |
| 3388 ss->nextHandshake = ssl_GatherRecord1stHandshake; | 3387 ss->nextHandshake = ssl_GatherRecord1stHandshake; |
| 3389 ss->securityHandshake = NULL; | 3388 ss->securityHandshake = NULL; |
| 3390 ss->gs.state = GS_INIT; | 3389 ss->gs.state = GS_INIT; |
| 3391 | 3390 |
| 3392 /* ssl3_HandleV3ClientHello has set ss->version, | 3391 /* ssl3_HandleV3ClientHello has set ss->version, |
| 3393 ** and has gotten us a brand new sid. | 3392 ** and has gotten us a brand new sid. |
| 3394 */ | 3393 */ |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3713 | 3712 |
| 3714 c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; | 3713 c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; |
| 3715 return NSS_VersionCheck(importedVersion); | 3714 return NSS_VersionCheck(importedVersion); |
| 3716 } | 3715 } |
| 3717 | 3716 |
| 3718 const char * | 3717 const char * |
| 3719 NSSSSL_GetVersion(void) | 3718 NSSSSL_GetVersion(void) |
| 3720 { | 3719 { |
| 3721 return NSS_VERSION; | 3720 return NSS_VERSION; |
| 3722 } | 3721 } |
| OLD | NEW |