Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(651)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/ssl3ecc.c

Issue 1053903002: Update libssl to NSS 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix typo Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/ssl3ecc.c
diff --git a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c
index 39f9af12c56041c1cf1eb102c404453534a4b42b..d5d6c9c6bc6903ea74ed9592672492170b08b94a 100644
--- a/net/third_party/nss/ssl/ssl3ecc.c
+++ b/net/third_party/nss/ssl/ssl3ecc.c
@@ -10,7 +10,7 @@
#include "nss.h"
#include "cert.h"
#include "ssl.h"
-#include "cryptohi.h" /* for DSAU_ stuff */
+#include "cryptohi.h" /* for DSAU_ stuff */
#include "keyhi.h"
#include "secder.h"
#include "secitem.h"
@@ -36,11 +36,11 @@
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
#endif
-#ifdef NSS_ENABLE_ECC
+#ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l);
+ (x)->pValue=(v); (x)->ulValueLen = (l);
#endif
#define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \
@@ -62,61 +62,61 @@ static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve);
* ECC-TLS IETF draft.
*/
static const SECOidTag ecName2OIDTag[] = {
- 0,
- SEC_OID_SECG_EC_SECT163K1, /* 1 */
- SEC_OID_SECG_EC_SECT163R1, /* 2 */
- SEC_OID_SECG_EC_SECT163R2, /* 3 */
- SEC_OID_SECG_EC_SECT193R1, /* 4 */
- SEC_OID_SECG_EC_SECT193R2, /* 5 */
- SEC_OID_SECG_EC_SECT233K1, /* 6 */
- SEC_OID_SECG_EC_SECT233R1, /* 7 */
- SEC_OID_SECG_EC_SECT239K1, /* 8 */
- SEC_OID_SECG_EC_SECT283K1, /* 9 */
- SEC_OID_SECG_EC_SECT283R1, /* 10 */
- SEC_OID_SECG_EC_SECT409K1, /* 11 */
- SEC_OID_SECG_EC_SECT409R1, /* 12 */
- SEC_OID_SECG_EC_SECT571K1, /* 13 */
- SEC_OID_SECG_EC_SECT571R1, /* 14 */
- SEC_OID_SECG_EC_SECP160K1, /* 15 */
- SEC_OID_SECG_EC_SECP160R1, /* 16 */
- SEC_OID_SECG_EC_SECP160R2, /* 17 */
- SEC_OID_SECG_EC_SECP192K1, /* 18 */
- SEC_OID_SECG_EC_SECP192R1, /* 19 */
- SEC_OID_SECG_EC_SECP224K1, /* 20 */
- SEC_OID_SECG_EC_SECP224R1, /* 21 */
- SEC_OID_SECG_EC_SECP256K1, /* 22 */
- SEC_OID_SECG_EC_SECP256R1, /* 23 */
- SEC_OID_SECG_EC_SECP384R1, /* 24 */
- SEC_OID_SECG_EC_SECP521R1, /* 25 */
+ 0,
+ SEC_OID_SECG_EC_SECT163K1, /* 1 */
+ SEC_OID_SECG_EC_SECT163R1, /* 2 */
+ SEC_OID_SECG_EC_SECT163R2, /* 3 */
+ SEC_OID_SECG_EC_SECT193R1, /* 4 */
+ SEC_OID_SECG_EC_SECT193R2, /* 5 */
+ SEC_OID_SECG_EC_SECT233K1, /* 6 */
+ SEC_OID_SECG_EC_SECT233R1, /* 7 */
+ SEC_OID_SECG_EC_SECT239K1, /* 8 */
+ SEC_OID_SECG_EC_SECT283K1, /* 9 */
+ SEC_OID_SECG_EC_SECT283R1, /* 10 */
+ SEC_OID_SECG_EC_SECT409K1, /* 11 */
+ SEC_OID_SECG_EC_SECT409R1, /* 12 */
+ SEC_OID_SECG_EC_SECT571K1, /* 13 */
+ SEC_OID_SECG_EC_SECT571R1, /* 14 */
+ SEC_OID_SECG_EC_SECP160K1, /* 15 */
+ SEC_OID_SECG_EC_SECP160R1, /* 16 */
+ SEC_OID_SECG_EC_SECP160R2, /* 17 */
+ SEC_OID_SECG_EC_SECP192K1, /* 18 */
+ SEC_OID_SECG_EC_SECP192R1, /* 19 */
+ SEC_OID_SECG_EC_SECP224K1, /* 20 */
+ SEC_OID_SECG_EC_SECP224R1, /* 21 */
+ SEC_OID_SECG_EC_SECP256K1, /* 22 */
+ SEC_OID_SECG_EC_SECP256R1, /* 23 */
+ SEC_OID_SECG_EC_SECP384R1, /* 24 */
+ SEC_OID_SECG_EC_SECP521R1, /* 25 */
};
static const PRUint16 curve2bits[] = {
- 0, /* ec_noName = 0, */
- 163, /* ec_sect163k1 = 1, */
- 163, /* ec_sect163r1 = 2, */
- 163, /* ec_sect163r2 = 3, */
- 193, /* ec_sect193r1 = 4, */
- 193, /* ec_sect193r2 = 5, */
- 233, /* ec_sect233k1 = 6, */
- 233, /* ec_sect233r1 = 7, */
- 239, /* ec_sect239k1 = 8, */
- 283, /* ec_sect283k1 = 9, */
- 283, /* ec_sect283r1 = 10, */
- 409, /* ec_sect409k1 = 11, */
- 409, /* ec_sect409r1 = 12, */
- 571, /* ec_sect571k1 = 13, */
- 571, /* ec_sect571r1 = 14, */
- 160, /* ec_secp160k1 = 15, */
- 160, /* ec_secp160r1 = 16, */
- 160, /* ec_secp160r2 = 17, */
- 192, /* ec_secp192k1 = 18, */
- 192, /* ec_secp192r1 = 19, */
- 224, /* ec_secp224k1 = 20, */
- 224, /* ec_secp224r1 = 21, */
- 256, /* ec_secp256k1 = 22, */
- 256, /* ec_secp256r1 = 23, */
- 384, /* ec_secp384r1 = 24, */
- 521, /* ec_secp521r1 = 25, */
+ 0, /* ec_noName = 0, */
+ 163, /* ec_sect163k1 = 1, */
+ 163, /* ec_sect163r1 = 2, */
+ 163, /* ec_sect163r2 = 3, */
+ 193, /* ec_sect193r1 = 4, */
+ 193, /* ec_sect193r2 = 5, */
+ 233, /* ec_sect233k1 = 6, */
+ 233, /* ec_sect233r1 = 7, */
+ 239, /* ec_sect239k1 = 8, */
+ 283, /* ec_sect283k1 = 9, */
+ 283, /* ec_sect283r1 = 10, */
+ 409, /* ec_sect409k1 = 11, */
+ 409, /* ec_sect409r1 = 12, */
+ 571, /* ec_sect571k1 = 13, */
+ 571, /* ec_sect571r1 = 14, */
+ 160, /* ec_secp160k1 = 15, */
+ 160, /* ec_secp160r1 = 16, */
+ 160, /* ec_secp160r2 = 17, */
+ 192, /* ec_secp192k1 = 18, */
+ 192, /* ec_secp192r1 = 19, */
+ 224, /* ec_secp224k1 = 20, */
+ 224, /* ec_secp224r1 = 21, */
+ 256, /* ec_secp256k1 = 22, */
+ 256, /* ec_secp256r1 = 23, */
+ 384, /* ec_secp384r1 = 24, */
+ 521, /* ec_secp521r1 = 25, */
65535 /* ec_pastLastName */
};
@@ -126,31 +126,31 @@ typedef struct Bits2CurveStr {
} Bits2Curve;
static const Bits2Curve bits2curve [] = {
- { 192, ec_secp192r1 /* = 19, fast */ },
- { 160, ec_secp160r2 /* = 17, fast */ },
- { 160, ec_secp160k1 /* = 15, */ },
- { 160, ec_secp160r1 /* = 16, */ },
- { 163, ec_sect163k1 /* = 1, */ },
- { 163, ec_sect163r1 /* = 2, */ },
- { 163, ec_sect163r2 /* = 3, */ },
- { 192, ec_secp192k1 /* = 18, */ },
- { 193, ec_sect193r1 /* = 4, */ },
- { 193, ec_sect193r2 /* = 5, */ },
- { 224, ec_secp224r1 /* = 21, fast */ },
- { 224, ec_secp224k1 /* = 20, */ },
- { 233, ec_sect233k1 /* = 6, */ },
- { 233, ec_sect233r1 /* = 7, */ },
- { 239, ec_sect239k1 /* = 8, */ },
- { 256, ec_secp256r1 /* = 23, fast */ },
- { 256, ec_secp256k1 /* = 22, */ },
- { 283, ec_sect283k1 /* = 9, */ },
- { 283, ec_sect283r1 /* = 10, */ },
- { 384, ec_secp384r1 /* = 24, fast */ },
- { 409, ec_sect409k1 /* = 11, */ },
- { 409, ec_sect409r1 /* = 12, */ },
- { 521, ec_secp521r1 /* = 25, fast */ },
- { 571, ec_sect571k1 /* = 13, */ },
- { 571, ec_sect571r1 /* = 14, */ },
+ { 192, ec_secp192r1 /* = 19, fast */ },
+ { 160, ec_secp160r2 /* = 17, fast */ },
+ { 160, ec_secp160k1 /* = 15, */ },
+ { 160, ec_secp160r1 /* = 16, */ },
+ { 163, ec_sect163k1 /* = 1, */ },
+ { 163, ec_sect163r1 /* = 2, */ },
+ { 163, ec_sect163r2 /* = 3, */ },
+ { 192, ec_secp192k1 /* = 18, */ },
+ { 193, ec_sect193r1 /* = 4, */ },
+ { 193, ec_sect193r2 /* = 5, */ },
+ { 224, ec_secp224r1 /* = 21, fast */ },
+ { 224, ec_secp224k1 /* = 20, */ },
+ { 233, ec_sect233k1 /* = 6, */ },
+ { 233, ec_sect233r1 /* = 7, */ },
+ { 239, ec_sect239k1 /* = 8, */ },
+ { 256, ec_secp256r1 /* = 23, fast */ },
+ { 256, ec_secp256k1 /* = 22, */ },
+ { 283, ec_sect283k1 /* = 9, */ },
+ { 283, ec_sect283r1 /* = 10, */ },
+ { 384, ec_secp384r1 /* = 24, fast */ },
+ { 409, ec_sect409k1 /* = 11, */ },
+ { 409, ec_sect409r1 /* = 12, */ },
+ { 521, ec_secp521r1 /* = 25, fast */ },
+ { 571, ec_sect571k1 /* = 13, */ },
+ { 571, ec_sect571r1 /* = 14, */ },
{ 65535, ec_noName }
};
@@ -163,21 +163,21 @@ typedef struct ECDHEKeyPairStr {
/* arrays of ECDHE KeyPairs */
static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName];
-SECStatus
+SECStatus
ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
{
SECOidData *oidData = NULL;
if ((curve <= ec_noName) || (curve >= ec_pastLastName) ||
- ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
+ ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
+ return SECFailure;
}
SECITEM_AllocItem(arena, params, (2 + oidData->oid.len));
- /*
+ /*
* params->data needs to contain the ASN encoding of an object ID (OID)
- * representing the named curve. The actual OID is in
+ * representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
params->data[0] = SEC_ASN1_OBJECT_ID;
@@ -187,14 +187,14 @@ ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params)
return SECSuccess;
}
-static ECName
+static ECName
params2ecName(SECKEYECParams * params)
{
SECItem oid = { siBuffer, NULL, 0};
SECOidData *oidData = NULL;
ECName i;
- /*
+ /*
* params->data needs to contain the ASN encoding of an object ID (OID)
* representing a named curve. Here, we strip away everything
* before the actual OID and use the OID to look up a named curve.
@@ -204,8 +204,8 @@ params2ecName(SECKEYECParams * params)
oid.data = params->data + 2;
if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName;
for (i = ec_noName + 1; i < ec_pastLastName; i++) {
- if (ecName2OIDTag[i] == oidData->offset)
- return i;
+ if (ecName2OIDTag[i] == oidData->offset)
+ return i;
}
return ec_noName;
@@ -214,13 +214,13 @@ params2ecName(SECKEYECParams * params)
/* Caller must set hiLevel error code. */
static SECStatus
ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
- SECItem ec_params, SECItem server_ecpoint,
- SSL3Random *client_rand, SSL3Random *server_rand,
- SSL3Hashes *hashes, PRBool bypassPKCS11)
+ SECItem ec_params, SECItem server_ecpoint,
+ SSL3Random *client_rand, SSL3Random *server_rand,
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
{
PRUint8 * hashBuf;
PRUint8 * pBuf;
- SECStatus rv = SECSuccess;
+ SECStatus rv = SECSuccess;
unsigned int bufLen;
/*
* XXX For now, we only support named curves (the appropriate
@@ -232,37 +232,37 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
if (bufLen <= sizeof buf) {
- hashBuf = buf;
+ hashBuf = buf;
} else {
- hashBuf = PORT_Alloc(bufLen);
- if (!hashBuf) {
- return SECFailure;
- }
+ hashBuf = PORT_Alloc(bufLen);
+ if (!hashBuf) {
+ return SECFailure;
+ }
}
- memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
- pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+ memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
+ pBuf = hashBuf + SSL3_RANDOM_LENGTH;
memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
- pBuf += SSL3_RANDOM_LENGTH;
+ pBuf += SSL3_RANDOM_LENGTH;
memcpy(pBuf, ec_params.data, ec_params.len);
- pBuf += ec_params.len;
+ pBuf += ec_params.len;
pBuf[0] = (PRUint8)(server_ecpoint.len);
pBuf += 1;
memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
- pBuf += server_ecpoint.len;
+ pBuf += server_ecpoint.len;
PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes,
- bypassPKCS11);
+ bypassPKCS11);
PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
- hashes->u.s.md5, MD5_LENGTH));
+ hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
- hashes->u.s.sha, SHA1_LENGTH));
+ hashes->u.s.sha, SHA1_LENGTH));
if (hashBuf != buf)
- PORT_Free(hashBuf);
+ PORT_Free(hashBuf);
return rv;
}
@@ -271,12 +271,12 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
SECStatus
ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
{
- PK11SymKey * pms = NULL;
- SECStatus rv = SECFailure;
+ PK11SymKey * pms = NULL;
+ SECStatus rv = SECFailure;
PRBool isTLS, isTLS12;
- CK_MECHANISM_TYPE target;
- SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
- SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
+ CK_MECHANISM_TYPE target;
+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */
+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
@@ -286,39 +286,39 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
/* Generate ephemeral EC keypair */
if (svrPubKey->keyType != ecKey) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- goto loser;
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ goto loser;
}
/* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */
- privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
- &pubKey, ss->pkcs11PinArg);
+ privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams,
+ &pubKey, ss->pkcs11PinArg);
if (!privKey || !pubKey) {
- ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
- rv = SECFailure;
- goto loser;
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ rv = SECFailure;
+ goto loser;
}
PRINT_BUF(50, (ss, "ECDH public value:",
- pubKey->u.ec.publicValue.data,
- pubKey->u.ec.publicValue.len));
+ pubKey->u.ec.publicValue.data,
+ pubKey->u.ec.publicValue.len));
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
- target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
- target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+ target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL,
- CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
- CKD_NULL, NULL, NULL);
+ CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+ CKD_NULL, NULL, NULL);
if (pms == NULL) {
- SSL3AlertDescription desc = illegal_parameter;
- (void)SSL3_SendAlert(ss, alert_fatal, desc);
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
+ SSL3AlertDescription desc = illegal_parameter;
+ (void)SSL3_SendAlert(ss, alert_fatal, desc);
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
SECKEY_DestroyPrivateKey(privKey);
@@ -328,24 +328,24 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey)
PK11_FreeSymKey(pms); pms = NULL;
if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
- rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
- pubKey->u.ec.publicValue.len + 1);
+ rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+ pubKey->u.ec.publicValue.len + 1);
if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
+ goto loser; /* err set by ssl3_AppendHandshake* */
}
- rv = ssl3_AppendHandshakeVariable(ss,
- pubKey->u.ec.publicValue.data,
- pubKey->u.ec.publicValue.len, 1);
+ rv = ssl3_AppendHandshakeVariable(ss,
+ pubKey->u.ec.publicValue.data,
+ pubKey->u.ec.publicValue.len, 1);
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
if (rv != SECSuccess) {
- goto loser; /* err set by ssl3_AppendHandshake* */
+ goto loser; /* err set by ssl3_AppendHandshake* */
}
rv = SECSuccess;
@@ -363,59 +363,59 @@ loser:
*/
SECStatus
ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
- PRUint32 length,
+ PRUint32 length,
SECKEYPublicKey *srvrPubKey,
SECKEYPrivateKey *srvrPrivKey)
{
PK11SymKey * pms;
SECStatus rv;
SECKEYPublicKey clntPubKey;
- CK_MECHANISM_TYPE target;
+ CK_MECHANISM_TYPE target;
PRBool isTLS, isTLS12;
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
clntPubKey.keyType = ecKey;
- clntPubKey.u.ec.DEREncodedParams.len =
- srvrPubKey->u.ec.DEREncodedParams.len;
- clntPubKey.u.ec.DEREncodedParams.data =
- srvrPubKey->u.ec.DEREncodedParams.data;
+ clntPubKey.u.ec.DEREncodedParams.len =
+ srvrPubKey->u.ec.DEREncodedParams.len;
+ clntPubKey.u.ec.DEREncodedParams.data =
+ srvrPubKey->u.ec.DEREncodedParams.data;
- rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
- 1, &b, &length);
+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
+ 1, &b, &length);
if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* XXX Who sets the error code?? */
+ SEND_ALERT
+ return SECFailure; /* XXX Who sets the error code?? */
}
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
} else if (isTLS) {
- target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
- target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+ target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
}
/* Determine the PMS */
pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,
- CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
- CKD_NULL, NULL, NULL);
+ CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+ CKD_NULL, NULL, NULL);
if (pms == NULL) {
- /* last gasp. */
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- return SECFailure;
+ /* last gasp. */
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
}
rv = ssl3_InitPendingCipherSpec(ss, pms);
PK11_FreeSymKey(pms);
if (rv != SECSuccess) {
- SEND_ALERT
- return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
+ SEND_ALERT
+ return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
}
return SECSuccess;
}
@@ -424,13 +424,13 @@ ECName
ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits)
{
int i;
-
+
for ( i = 0; bits2curve[i].curve != ec_noName; i++) {
- if (bits2curve[i].bits < requiredECCbits)
- continue;
- if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
- return bits2curve[i].curve;
- }
+ if (bits2curve[i].bits < requiredECCbits)
+ continue;
+ if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) {
+ return bits2curve[i].curve;
+ }
}
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
return ec_noName;
@@ -448,24 +448,24 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
int requiredECCbits = ss->sec.secretKeyBits * 2;
if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) {
- svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
- if (svrPublicKey)
- ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
- if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
- PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
- return ec_noName;
- }
- signatureKeyStrength = curve2bits[ ec_curve ];
+ svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh);
+ if (svrPublicKey)
+ ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams);
+ if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) {
+ PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+ return ec_noName;
+ }
+ signatureKeyStrength = curve2bits[ ec_curve ];
} else {
/* RSA is our signing cert */
int serverKeyStrengthInBits;
-
+
svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa);
if (!svrPublicKey) {
PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
return ec_noName;
}
-
+
/* currently strength in bytes */
serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len;
if (svrPublicKey->u.rsa.modulus.data[0] == 0) {
@@ -473,28 +473,28 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss)
}
/* convert to strength in bits */
serverKeyStrengthInBits *= BPB;
-
+
signatureKeyStrength =
- SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+ SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
}
- if ( requiredECCbits > signatureKeyStrength )
+ if ( requiredECCbits > signatureKeyStrength )
requiredECCbits = signatureKeyStrength;
return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves,
- requiredECCbits);
+ requiredECCbits);
}
/* function to clear out the lists */
-static SECStatus
+static SECStatus
ssl3_ShutdownECDHECurves(void *appData, void *nssData)
{
int i;
ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0];
for (i=0; i < ec_pastLastName; i++, keyPair++) {
- if (keyPair->pair) {
- ssl3_FreeKeyPair(keyPair->pair);
- }
+ if (keyPair->pair) {
+ ssl3_FreeKeyPair(keyPair->pair);
+ }
}
memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs);
return SECSuccess;
@@ -506,42 +506,52 @@ ssl3_ECRegister(void)
SECStatus rv;
rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs);
if (rv != SECSuccess) {
- gECDHEKeyPairs[ec_noName].error = PORT_GetError();
+ gECDHEKeyPairs[ec_noName].error = PORT_GetError();
}
return (PRStatus)rv;
}
-/* CallOnce function, called once for each named curve. */
-static PRStatus
-ssl3_CreateECDHEphemeralKeyPair(void * arg)
+/* Create an ECDHE key pair for a given curve */
+static SECStatus
+ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair)
{
SECKEYPrivateKey * privKey = NULL;
SECKEYPublicKey * pubKey = NULL;
- ssl3KeyPair * keyPair = NULL;
- ECName ec_curve = (ECName)arg;
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
- PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
-
- /* ok, no one has generated a global key for this curve yet, do so */
if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
- gECDHEKeyPairs[ec_curve].error = PORT_GetError();
- return PR_FAILURE;
+ return SECFailure;
}
-
- privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
+ privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
SECITEM_FreeItem(&ecParams, PR_FALSE);
- if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
- if (privKey) {
- SECKEY_DestroyPrivateKey(privKey);
- }
- if (pubKey) {
- SECKEY_DestroyPublicKey(pubKey);
- }
- ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
- gECDHEKeyPairs[ec_curve].error = PORT_GetError();
- return PR_FAILURE;
+ if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
+ if (privKey) {
+ SECKEY_DestroyPrivateKey(privKey);
+ }
+ if (pubKey) {
+ SECKEY_DestroyPublicKey(pubKey);
+ }
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ return SECFailure;
+ }
+
+ return SECSuccess;
+}
+
+/* CallOnce function, called once for each named curve. */
+static PRStatus
+ssl3_CreateECDHEphemeralKeyPairOnce(void * arg)
+{
+ ECName ec_curve = (ECName)arg;
+ ssl3KeyPair * keyPair = NULL;
+
+ PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
+
+ /* ok, no one has generated a global key for this curve yet, do so */
+ if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
+ gECDHEKeyPairs[ec_curve].error = PORT_GetError();
+ return PR_FAILURE;
}
gECDHEKeyPairs[ec_curve].pair = keyPair;
@@ -560,30 +570,30 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg)
static SECStatus
ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
{
- ssl3KeyPair * keyPair = NULL;
+ ssl3KeyPair * keyPair = NULL;
/* if there's no global key for this curve, make one. */
if (gECDHEKeyPairs[ec_curve].pair == NULL) {
- PRStatus status;
+ PRStatus status;
- status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
+ status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister);
if (status != PR_SUCCESS) {
- PORT_SetError(gECDHEKeyPairs[ec_noName].error);
- return SECFailure;
- }
- status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
- ssl3_CreateECDHEphemeralKeyPair,
- (void *)ec_curve);
+ PORT_SetError(gECDHEKeyPairs[ec_noName].error);
+ return SECFailure;
+ }
+ status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
+ ssl3_CreateECDHEphemeralKeyPairOnce,
+ (void *)ec_curve);
if (status != PR_SUCCESS) {
- PORT_SetError(gECDHEKeyPairs[ec_curve].error);
- return SECFailure;
- }
+ PORT_SetError(gECDHEKeyPairs[ec_curve].error);
+ return SECFailure;
+ }
}
keyPair = gECDHEKeyPairs[ec_curve].pair;
PORT_Assert(keyPair != NULL);
- if (!keyPair)
- return SECFailure;
+ if (!keyPair)
+ return SECFailure;
ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair);
return SECSuccess;
@@ -618,55 +628,55 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ec_params.data = paramBuf;
rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
/* Fail if the curve is not a named curve */
- if ((ec_params.data[0] != ec_type_named) ||
- (ec_params.data[1] != 0) ||
- !supportedCurve(ec_params.data[2])) {
- errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
- desc = handshake_failure;
- goto alert_loser;
+ if ((ec_params.data[0] != ec_type_named) ||
+ (ec_params.data[1] != 0) ||
+ !supportedCurve(ec_params.data[2])) {
+ errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+ desc = handshake_failure;
+ goto alert_loser;
}
rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
/* Fail if the ec point uses compressed representation */
if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
- errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
- desc = handshake_failure;
- goto alert_loser;
+ errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+ desc = handshake_failure;
+ goto alert_loser;
}
if (isTLS12) {
- rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
- &sigAndHash);
- if (rv != SECSuccess) {
- goto loser; /* malformed or unsupported. */
- }
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
- &sigAndHash, ss->sec.peerCert);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
+ &sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* malformed or unsupported. */
+ }
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+ &sigAndHash, ss->sec.peerCert);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
if (rv != SECSuccess) {
- goto loser; /* malformed. */
+ goto loser; /* malformed. */
}
if (length != 0) {
- if (isTLS)
- desc = decode_error;
- goto alert_loser; /* malformed. */
+ if (isTLS)
+ desc = decode_error;
+ goto alert_loser; /* malformed. */
}
- PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
- ec_params.len));
+ PRINT_BUF(60, (NULL, "Server EC params", ec_params.data,
+ ec_params.len));
PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
/* failures after this point are not malformed handshakes. */
@@ -677,51 +687,51 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
* check to make sure the hash is signed by right guy
*/
rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
+ errCode =
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto alert_loser;
}
rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature,
- isTLS, ss->pkcs11PinArg);
+ isTLS, ss->pkcs11PinArg);
if (rv != SECSuccess) {
- errCode =
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto alert_loser;
+ errCode =
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto alert_loser;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
- goto no_memory;
+ goto no_memory;
}
ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
- goto no_memory;
+ goto no_memory;
}
peerKey->arena = arena;
peerKey->keyType = ecKey;
/* set up EC parameters in peerKey */
- if (ssl3_ECName2Params(arena, ec_params.data[2],
- &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
- /* we should never get here since we already
- * checked that we are dealing with a supported curve
- */
- errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
- goto alert_loser;
+ if (ssl3_ECName2Params(arena, ec_params.data[2],
+ &peerKey->u.ec.DEREncodedParams) != SECSuccess) {
+ /* we should never get here since we already
+ * checked that we are dealing with a supported curve
+ */
+ errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+ goto alert_loser;
}
/* copy publicValue in peerKey */
if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point))
{
- PORT_FreeArena(arena, PR_FALSE);
- goto no_memory;
+ PORT_FreeArena(arena, PR_FALSE);
+ goto no_memory;
}
peerKey->pkcs11Slot = NULL;
peerKey->pkcs11ID = CK_INVALID_HANDLE;
@@ -737,7 +747,7 @@ loser:
PORT_SetError( errCode );
return SECFailure;
-no_memory: /* no-memory error has already been set. */
+no_memory: /* no-memory error has already been set. */
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
@@ -763,104 +773,110 @@ ssl3_SendECDHServerKeyExchange(
/* Generate ephemeral ECDH key pair and send the public key */
curve = ssl3_GetCurveNameForServerSocket(ss);
if (curve == ec_noName) {
- goto loser;
+ goto loser;
+ }
+
+ if (ss->opt.reuseServerECDHEKey) {
+ rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
+ } else {
+ rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
}
- rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
+ goto loser;
+ }
+
ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
PORT_Assert(ecdhePub != NULL);
if (!ecdhePub) {
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- return SECFailure;
- }
-
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
+ }
+
ec_params.len = sizeof paramBuf;
ec_params.data = paramBuf;
curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams);
if (curve != ec_noName) {
- ec_params.data[0] = ec_type_named;
- ec_params.data[1] = 0x00;
- ec_params.data[2] = curve;
+ ec_params.data[0] = ec_type_named;
+ ec_params.data[1] = 0x00;
+ ec_params.data[2] = curve;
} else {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- goto loser;
- }
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ goto loser;
+ }
rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg,
- ec_params,
- ecdhePub->u.ec.publicValue,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ ec_params,
+ ecdhePub->u.ec.publicValue,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto loser;
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
- /* XXX SSLKEAType isn't really a good choice for
+ /* XXX SSLKEAType isn't really a good choice for
* indexing certificates but that's all we have
* for now.
*/
if (kea_def->kea == kea_ecdhe_rsa)
- certIndex = kt_rsa;
+ certIndex = kt_rsa;
else /* kea_def->kea == kea_ecdhe_ecdsa */
- certIndex = kt_ecdh;
+ certIndex = kt_ecdh;
- rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
- &signed_hash, isTLS);
+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+ &signed_hash, isTLS);
if (rv != SECSuccess) {
- goto loser; /* ssl3_SignHashes has set err. */
+ goto loser; /* ssl3_SignHashes has set err. */
}
if (signed_hash.data == NULL) {
- /* how can this happen and rv == SECSuccess ?? */
- PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
- goto loser;
+ /* how can this happen and rv == SECSuccess ?? */
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
}
- length = ec_params.len +
- 1 + ecdhePub->u.ec.publicValue.len +
- (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
+ length = ec_params.len +
+ 1 + ecdhePub->u.ec.publicValue.len +
+ (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data,
- ecdhePub->u.ec.publicValue.len, 1);
+ ecdhePub->u.ec.publicValue.len, 1);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
if (isTLS12) {
- rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
- if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
- }
+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
}
rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
- signed_hash.len, 2);
+ signed_hash.len, 2);
if (rv != SECSuccess) {
- goto loser; /* err set by AppendHandshake. */
+ goto loser; /* err set by AppendHandshake. */
}
PORT_Free(signed_hash.data);
return SECSuccess;
loser:
- if (signed_hash.data != NULL)
- PORT_Free(signed_hash.data);
+ if (signed_hash.data != NULL)
+ PORT_Free(signed_hash.data);
return SECFailure;
}
@@ -958,11 +974,11 @@ SECStatus
ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
{
if (!suite)
- suite = ecSuites;
+ suite = ecSuites;
for (; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
+ SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_Assert(rv == SECSuccess); /* else is coding error */
}
return SECSuccess;
}
@@ -977,41 +993,41 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss)
svrCert = ss->serverCerts[kt_rsa].serverCert;
if (!svrCert) {
- ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
+ ssl3_DisableECCSuites(ss, ecdhe_rsa_suites);
}
svrCert = ss->serverCerts[kt_ecdh].serverCert;
if (!svrCert) {
- ssl3_DisableECCSuites(ss, ecdh_suites);
- ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
+ ssl3_DisableECCSuites(ss, ecdh_suites);
+ ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
} else {
- SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
-
- switch (sigTag) {
- case SEC_OID_PKCS1_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
- case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
- ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
- break;
- case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
- case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
- ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
- break;
- default:
- ssl3_DisableECCSuites(ss, ecdh_suites);
- break;
- }
+ SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature);
+
+ switch (sigTag) {
+ case SEC_OID_PKCS1_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+ case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
+ break;
+ case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+ case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+ ssl3_DisableECCSuites(ss, ecdh_rsa_suites);
+ break;
+ default:
+ ssl3_DisableECCSuites(ss, ecdh_suites);
+ break;
+ }
}
}
@@ -1026,18 +1042,18 @@ ssl3_IsECCEnabled(sslSocket * ss)
/* make sure we can do ECC */
slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
if (!slot) {
- return PR_FALSE;
+ return PR_FALSE;
}
PK11_FreeSlot(slot);
/* make sure an ECC cipher is enabled */
for (suite = ecSuites; *suite; ++suite) {
- PRBool enabled = PR_FALSE;
- SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
+ PRBool enabled = PR_FALSE;
+ SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
- PORT_Assert(rv == SECSuccess); /* else is coding error */
- if (rv == SECSuccess && enabled)
- return PR_TRUE;
+ PORT_Assert(rv == SECSuccess); /* else is coding error */
+ if (rv == SECSuccess && enabled)
+ return PR_TRUE;
}
return PR_FALSE;
}
@@ -1045,7 +1061,7 @@ ssl3_IsECCEnabled(sslSocket * ss)
#define BE(n) 0, n
/* Prefabricated TLS client hello extension, Elliptic Curves List,
- * offers only 3 curves, the Suite B curves, 23-25
+ * offers only 3 curves, the Suite B curves, 23-25
*/
static const PRUint8 suiteBECList[12] = {
BE(10), /* Extension type */
@@ -1061,9 +1077,9 @@ static const PRUint8 tlsECList[56] = {
BE(10), /* Extension type */
BE(52), /* octets that follow (25 pairs + 1 length pair) */
BE(50), /* octets that follow (25 pairs) */
- BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
- BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
- BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
+ BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7),
+ BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15),
+ BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23),
BE(24), BE(25)
};
@@ -1087,12 +1103,12 @@ ssl3_SuiteBOnly(sslSocket *ss)
/* See if we can support small curves (like 163). If not, assume we can
* only support Suite-B curves (P-256, P-384, P-521). */
PK11SlotInfo *slot =
- PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
- ss ? ss->pkcs11PinArg : NULL);
+ PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+ ss ? ss->pkcs11PinArg : NULL);
if (!slot) {
- /* nope, presume we can only do suite B */
- return PR_TRUE;
+ /* nope, presume we can only do suite B */
+ return PR_TRUE;
}
/* we can, presume we can do all curves */
PK11_FreeSlot(slot);
@@ -1107,33 +1123,33 @@ ssl3_SuiteBOnly(sslSocket *ss)
*/
PRInt32
ssl3_SendSupportedCurvesXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
PRInt32 ecListSize = 0;
const PRUint8 *ecList = NULL;
if (!ss || !ssl3_IsECCEnabled(ss))
- return 0;
+ return 0;
if (ssl3_SuiteBOnly(ss)) {
- ecListSize = sizeof suiteBECList;
- ecList = suiteBECList;
+ ecListSize = sizeof suiteBECList;
+ ecList = suiteBECList;
} else {
- ecListSize = sizeof tlsECList;
- ecList = tlsECList;
+ ecListSize = sizeof tlsECList;
+ ecList = tlsECList;
}
-
+
if (append && maxBytes >= ecListSize) {
- SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
- if (rv != SECSuccess)
- return -1;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_elliptic_curves_xtn;
- }
+ SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
+ if (rv != SECSuccess)
+ return -1;
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_elliptic_curves_xtn;
+ }
}
return ecListSize;
}
@@ -1142,7 +1158,7 @@ PRUint32
ssl3_GetSupportedECCurveMask(sslSocket *ss)
{
if (ssl3_SuiteBOnly(ss)) {
- return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
+ return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
}
return SSL3_ALL_SUPPORTED_CURVES_MASK;
}
@@ -1152,21 +1168,21 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss)
*/
PRInt32
ssl3_SendSupportedPointFormatsXtn(
- sslSocket * ss,
- PRBool append,
- PRUint32 maxBytes)
+ sslSocket * ss,
+ PRBool append,
+ PRUint32 maxBytes)
{
if (!ss || !ssl3_IsECCEnabled(ss))
- return 0;
+ return 0;
if (append && maxBytes >= (sizeof ecPtFmt)) {
- SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
- if (rv != SECSuccess)
- return -1;
- if (!ss->sec.isServer) {
- TLSExtensionData *xtnData = &ss->xtnData;
- xtnData->advertised[xtnData->numAdvertised++] =
- ssl_ec_point_formats_xtn;
- }
+ SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+ if (rv != SECSuccess)
+ return -1;
+ if (!ss->sec.isServer) {
+ TLSExtensionData *xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] =
+ ssl_ec_point_formats_xtn;
+ }
}
return (sizeof ecPtFmt);
}
@@ -1182,17 +1198,17 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type,
if (data->len < 2 || data->len > 255 || !data->data ||
data->len != (unsigned int)data->data[0] + 1) {
- /* malformed */
- goto loser;
+ /* malformed */
+ goto loser;
}
for (i = data->len; --i > 0; ) {
- if (data->data[i] == 0) {
- /* indicate that we should send a reply */
- SECStatus rv;
- rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
- &ssl3_SendSupportedPointFormatsXtn);
- return rv;
- }
+ if (data->data[i] == 0) {
+ /* indicate that we should send a reply */
+ SECStatus rv;
+ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+ &ssl3_SendSupportedPointFormatsXtn);
+ return rv;
+ }
}
loser:
/* evil client doesn't support uncompressed */
@@ -1206,14 +1222,14 @@ loser:
ss->serverCerts[type].serverKeyPair->pubKey : NULL)
/* Extract the TLS curve name for the public key in our EC server cert. */
-ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
+ECName ssl3_GetSvrCertCurveName(sslSocket *ss)
{
- SECKEYPublicKey *srvPublicKey;
- ECName ec_curve = ec_noName;
+ SECKEYPublicKey *srvPublicKey;
+ ECName ec_curve = ec_noName;
srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh);
if (srvPublicKey) {
- ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
+ ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams);
}
return ec_curve;
}
@@ -1230,37 +1246,37 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
PRUint16 svrCertCurveName;
if (!data->data || data->len < 4 || data->len > 65535)
- goto loser;
+ goto loser;
/* get the length of elliptic_curve_list */
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) {
- /* malformed */
- goto loser;
+ /* malformed */
+ goto loser;
}
/* build bit vector of peer's supported curve names */
while (data->len) {
- PRInt32 curve_name =
- ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
- if (curve_name > ec_noName && curve_name < ec_pastLastName) {
- peerCurves |= (1U << curve_name);
- }
+ PRInt32 curve_name =
+ ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
+ if (curve_name > ec_noName && curve_name < ec_pastLastName) {
+ peerCurves |= (1U << curve_name);
+ }
}
/* What curves do we support in common? */
mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves;
if (!mutualCurves) { /* no mutually supported EC Curves */
- goto loser;
+ goto loser;
}
- /* if our ECC cert doesn't use one of these supported curves,
- * disable ECC cipher suites that require an ECC cert.
+ /* if our ECC cert doesn't use one of these supported curves,
+ * disable ECC cipher suites that require an ECC cert.
*/
svrCertCurveName = ssl3_GetSvrCertCurveName(ss);
if (svrCertCurveName != ec_noName &&
(mutualCurves & (1U << svrCertCurveName)) != 0) {
- return SECSuccess;
+ return SECSuccess;
}
/* Our EC cert doesn't contain a mutually supported curve.
- * Disable all ECC cipher suites that require an EC cert
+ * Disable all ECC cipher suites that require an EC cert
*/
ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites);
ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);
@@ -1272,4 +1288,4 @@ loser:
return SECFailure;
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_DISABLE_ECC */
« no previous file with comments | « net/third_party/nss/ssl/ssl3con.c ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698