OLD | NEW |
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c | 1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c |
2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 18:04:43.127747463 -0800 | 2 index da0abfb..375ed6a 100644 |
3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 18:06:21.919386088 -0800 | 3 --- a/ssl/ssl3con.c |
| 4 +++ b/ssl/ssl3con.c |
4 @@ -8,6 +8,7 @@ | 5 @@ -8,6 +8,7 @@ |
5 | 6 |
6 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 7 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
7 | 8 |
8 +#define _GNU_SOURCE 1 | 9 +#define _GNU_SOURCE 1 |
9 #include "cert.h" | 10 #include "cert.h" |
10 #include "ssl.h" | 11 #include "ssl.h" |
11 #include "cryptohi.h" /* for DSAU_ stuff */ | 12 #include "cryptohi.h" /* for DSAU_ stuff */ |
12 @@ -44,6 +45,9 @@ | 13 @@ -44,6 +45,9 @@ |
13 #ifdef NSS_ENABLE_ZLIB | 14 #ifdef NSS_ENABLE_ZLIB |
14 #include "zlib.h" | 15 #include "zlib.h" |
15 #endif | 16 #endif |
16 +#ifdef LINUX | 17 +#ifdef LINUX |
17 +#include <dlfcn.h> | 18 +#include <dlfcn.h> |
18 +#endif | 19 +#endif |
19 | 20 |
20 #ifndef PK11_SETATTRS | 21 #ifndef PK11_SETATTRS |
21 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ | 22 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ |
22 @@ -1842,6 +1846,63 @@ ssl3_BuildRecordPseudoHeader(unsigned ch | 23 @@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out, |
23 return 13; | 24 return 13; |
24 } | 25 } |
25 | 26 |
26 +typedef SECStatus (*PK11CryptFcn)( | 27 +typedef SECStatus (*PK11CryptFcn)( |
27 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, | 28 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, |
28 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, | 29 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, |
29 + const unsigned char *in, unsigned int inLen); | 30 + const unsigned char *in, unsigned int inLen); |
30 + | 31 + |
31 +static PK11CryptFcn pk11_encrypt = NULL; | 32 +static PK11CryptFcn pk11_encrypt = NULL; |
32 +static PK11CryptFcn pk11_decrypt = NULL; | 33 +static PK11CryptFcn pk11_decrypt = NULL; |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
76 + PR_FALSE); | 77 + PR_FALSE); |
77 + PORT_Assert(rv == SECSuccess); /* else is coding error */ | 78 + PORT_Assert(rv == SECSuccess); /* else is coding error */ |
78 + } | 79 + } |
79 + } | 80 + } |
80 + return SECSuccess; | 81 + return SECSuccess; |
81 +} | 82 +} |
82 + | 83 + |
83 static SECStatus | 84 static SECStatus |
84 ssl3_AESGCM(ssl3KeyMaterial *keys, | 85 ssl3_AESGCM(ssl3KeyMaterial *keys, |
85 PRBool doDecrypt, | 86 PRBool doDecrypt, |
86 @@ -1893,10 +1960,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, | 87 @@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, |
87 gcmParams.ulTagBits = tagSize * 8; | 88 gcmParams.ulTagBits = tagSize * 8; |
88 | 89 |
89 if (doDecrypt) { | 90 if (doDecrypt) { |
90 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 91 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
91 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 92 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
92 maxout, in, inlen); | 93 maxout, in, inlen); |
93 } else { | 94 } else { |
94 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 95 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
95 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 96 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
96 maxout, in, inlen); | 97 maxout, in, inlen); |
97 } | 98 } |
98 *outlen += (int) uOutLen; | 99 *outlen += (int) uOutLen; |
99 @@ -5103,6 +5170,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo | 100 @@ -5147,6 +5208,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
100 ssl3_DisableNonDTLSSuites(ss); | 101 ssl3_DisableNonDTLSSuites(ss); |
101 } | 102 } |
102 | 103 |
103 + if (!ssl3_HasGCMSupport()) { | 104 + if (!ssl3_HasGCMSupport()) { |
104 + ssl3_DisableGCMSuites(ss); | 105 + ssl3_DisableGCMSuites(ss); |
105 + } | 106 + } |
106 + | 107 + |
107 /* how many suites are permitted by policy and user preference? */ | 108 /* how many suites are permitted by policy and user preference? */ |
108 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 109 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); |
109 if (!num_suites) { | 110 if (!num_suites) { |
110 @@ -8080,6 +8151,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS | 111 @@ -8159,6 +8224,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUi
nt32 length) |
111 ssl3_DisableNonDTLSSuites(ss); | 112 ssl3_DisableNonDTLSSuites(ss); |
112 } | 113 } |
113 | 114 |
114 + if (!ssl3_HasGCMSupport()) { | 115 + if (!ssl3_HasGCMSupport()) { |
115 + ssl3_DisableGCMSuites(ss); | 116 + ssl3_DisableGCMSuites(ss); |
116 + } | 117 + } |
117 + | 118 + |
118 #ifdef PARANOID | 119 #ifdef PARANOID |
119 /* Look for a matching cipher suite. */ | 120 /* Look for a matching cipher suite. */ |
120 j = ssl3_config_match_init(ss); | 121 j = ssl3_config_match_init(ss); |
OLD | NEW |