OLD | NEW |
(Empty) | |
| 1 Index: net/third_party/nss/ssl/sslplatf.c |
| 2 =================================================================== |
| 3 --- net/third_party/nss/ssl/sslplatf.c (revision 202696) |
| 4 +++ net/third_party/nss/ssl/sslplatf.c (working copy) |
| 5 @@ -212,9 +212,8 @@ |
| 6 DWORD dwFlags = 0; |
| 7 VOID *pPaddingInfo = NULL; |
| 8 |
| 9 - /* Always encode using PKCS#1 block type, with no OID/encoded DigestInfo */ |
| 10 + /* Always encode using PKCS#1 block type. */ |
| 11 BCRYPT_PKCS1_PADDING_INFO rsaPaddingInfo; |
| 12 - rsaPaddingInfo.pszAlgId = NULL; |
| 13 |
| 14 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) { |
| 15 PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0); |
| 16 @@ -227,8 +226,29 @@ |
| 17 |
| 18 switch (keyType) { |
| 19 case rsaKey: |
| 20 - hashItem.data = hash->md5; |
| 21 - hashItem.len = sizeof(SSL3Hashes); |
| 22 + switch (hash->hashAlg) { |
| 23 + case SEC_OID_UNKNOWN: |
| 24 + /* No OID/encoded DigestInfo. */ |
| 25 + rsaPaddingInfo.pszAlgId = NULL; |
| 26 + break; |
| 27 + case SEC_OID_SHA1: |
| 28 + rsaPaddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; |
| 29 + break; |
| 30 + case SEC_OID_SHA256: |
| 31 + rsaPaddingInfo.pszAlgId = BCRYPT_SHA256_ALGORITHM; |
| 32 + break; |
| 33 + case SEC_OID_SHA384: |
| 34 + rsaPaddingInfo.pszAlgId = BCRYPT_SHA384_ALGORITHM; |
| 35 + break; |
| 36 + case SEC_OID_SHA512: |
| 37 + rsaPaddingInfo.pszAlgId = BCRYPT_SHA512_ALGORITHM; |
| 38 + break; |
| 39 + default: |
| 40 + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 41 + return SECFailure; |
| 42 + } |
| 43 + hashItem.data = hash->u.raw; |
| 44 + hashItem.len = hash->len; |
| 45 dwFlags = BCRYPT_PAD_PKCS1; |
| 46 pPaddingInfo = &rsaPaddingInfo; |
| 47 break; |
| 48 @@ -239,8 +259,13 @@ |
| 49 } else { |
| 50 doDerEncode = isTLS; |
| 51 } |
| 52 - hashItem.data = hash->sha; |
| 53 - hashItem.len = sizeof(hash->sha); |
| 54 + if (hash->hashAlg == SEC_OID_UNKNOWN) { |
| 55 + hashItem.data = hash->u.s.sha; |
| 56 + hashItem.len = sizeof(hash->u.s.sha); |
| 57 + } else { |
| 58 + hashItem.data = hash->u.raw; |
| 59 + hashItem.len = hash->len; |
| 60 + } |
| 61 break; |
| 62 default: |
| 63 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 64 @@ -315,11 +340,34 @@ |
| 65 |
| 66 buf->data = NULL; |
| 67 |
| 68 + switch (hash->hashAlg) { |
| 69 + case SEC_OID_UNKNOWN: |
| 70 + hashAlg = 0; |
| 71 + break; |
| 72 + case SEC_OID_SHA1: |
| 73 + hashAlg = CALG_SHA1; |
| 74 + break; |
| 75 + case SEC_OID_SHA256: |
| 76 + hashAlg = CALG_SHA_256; |
| 77 + break; |
| 78 + case SEC_OID_SHA384: |
| 79 + hashAlg = CALG_SHA_384; |
| 80 + break; |
| 81 + case SEC_OID_SHA512: |
| 82 + hashAlg = CALG_SHA_512; |
| 83 + break; |
| 84 + default: |
| 85 + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 86 + return SECFailure; |
| 87 + } |
| 88 + |
| 89 switch (keyType) { |
| 90 case rsaKey: |
| 91 - hashAlg = CALG_SSL3_SHAMD5; |
| 92 - hashItem.data = hash->md5; |
| 93 - hashItem.len = sizeof(SSL3Hashes); |
| 94 + if (hashAlg == 0) { |
| 95 + hashAlg = CALG_SSL3_SHAMD5; |
| 96 + } |
| 97 + hashItem.data = hash->u.raw; |
| 98 + hashItem.len = hash->len; |
| 99 break; |
| 100 case dsaKey: |
| 101 case ecKey: |
| 102 @@ -328,9 +376,14 @@ |
| 103 } else { |
| 104 doDerEncode = isTLS; |
| 105 } |
| 106 - hashAlg = CALG_SHA1; |
| 107 - hashItem.data = hash->sha; |
| 108 - hashItem.len = sizeof(hash->sha); |
| 109 + if (hashAlg == 0) { |
| 110 + hashAlg = CALG_SHA1; |
| 111 + hashItem.data = hash->u.s.sha; |
| 112 + hashItem.len = sizeof(hash->u.s.sha); |
| 113 + } else { |
| 114 + hashItem.data = hash->u.raw; |
| 115 + hashItem.len = hash->len; |
| 116 + } |
| 117 break; |
| 118 default: |
| 119 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 120 @@ -468,11 +521,36 @@ |
| 121 goto done; /* error code was set. */ |
| 122 |
| 123 sigAlg = cssmKey->KeyHeader.AlgorithmId; |
| 124 + if (keyType == rsaKey) { |
| 125 + PORT_Assert(sigAlg == CSSM_ALGID_RSA); |
| 126 + switch (hash->hashAlg) { |
| 127 + case SEC_OID_UNKNOWN: |
| 128 + break; |
| 129 + case SEC_OID_SHA1: |
| 130 + sigAlg = CSSM_ALGID_SHA1WithRSA; |
| 131 + break; |
| 132 + case SEC_OID_SHA224: |
| 133 + sigAlg = CSSM_ALGID_SHA224WithRSA; |
| 134 + break; |
| 135 + case SEC_OID_SHA256: |
| 136 + sigAlg = CSSM_ALGID_SHA256WithRSA; |
| 137 + break; |
| 138 + case SEC_OID_SHA384: |
| 139 + sigAlg = CSSM_ALGID_SHA384WithRSA; |
| 140 + break; |
| 141 + case SEC_OID_SHA512: |
| 142 + sigAlg = CSSM_ALGID_SHA512WithRSA; |
| 143 + break; |
| 144 + default: |
| 145 + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 146 + goto done; |
| 147 + } |
| 148 + } |
| 149 + |
| 150 switch (keyType) { |
| 151 case rsaKey: |
| 152 - PORT_Assert(sigAlg == CSSM_ALGID_RSA); |
| 153 - hashData.Data = hash->md5; |
| 154 - hashData.Length = sizeof(SSL3Hashes); |
| 155 + hashData.Data = hash->u.raw; |
| 156 + hashData.Length = hash->len; |
| 157 break; |
| 158 case dsaKey: |
| 159 case ecKey: |
| 160 @@ -483,8 +561,13 @@ |
| 161 PORT_Assert(sigAlg == CSSM_ALGID_DSA); |
| 162 doDerEncode = isTLS; |
| 163 } |
| 164 - hashData.Data = hash->sha; |
| 165 - hashData.Length = sizeof(hash->sha); |
| 166 + if (hash->hashAlg == SEC_OID_UNKNOWN) { |
| 167 + hashData.Data = hash->u.s.sha; |
| 168 + hashData.Length = sizeof(hash->u.s.sha); |
| 169 + } else { |
| 170 + hashData.Data = hash->u.raw; |
| 171 + hashData.Length = hash->len; |
| 172 + } |
| 173 break; |
| 174 default: |
| 175 PORT_SetError(SEC_ERROR_INVALID_KEY); |
| 176 Index: net/third_party/nss/ssl/ssl3ecc.c |
| 177 =================================================================== |
| 178 --- net/third_party/nss/ssl/ssl3ecc.c (revision 202696) |
| 179 +++ net/third_party/nss/ssl/ssl3ecc.c (working copy) |
| 180 @@ -31,6 +31,12 @@ |
| 181 |
| 182 #include <stdio.h> |
| 183 |
| 184 +/* This is a bodge to allow this code to be compiled against older NSS headers |
| 185 + * that don't contain the TLS 1.2 changes. */ |
| 186 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| 187 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 188 +#endif |
| 189 + |
| 190 #ifdef NSS_ENABLE_ECC |
| 191 |
| 192 /* |
| 193 Index: net/third_party/nss/ssl/sslsock.c |
| 194 =================================================================== |
| 195 --- net/third_party/nss/ssl/sslsock.c (revision 202696) |
| 196 +++ net/third_party/nss/ssl/sslsock.c (working copy) |
| 197 @@ -18,8 +18,15 @@ |
| 198 #ifndef NO_PKCS11_BYPASS |
| 199 #include "blapi.h" |
| 200 #endif |
| 201 +#include "pk11pub.h" |
| 202 #include "nss.h" |
| 203 |
| 204 +/* This is a bodge to allow this code to be compiled against older NSS headers |
| 205 + * that don't contain the TLS 1.2 changes. */ |
| 206 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
| 207 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 208 +#endif |
| 209 + |
| 210 #define SET_ERROR_CODE /* reminder */ |
| 211 |
| 212 struct cipherPolicyStr { |
| 213 @@ -1895,6 +1913,24 @@ |
| 214 return SECSuccess; |
| 215 } |
| 216 |
| 217 +static PRCallOnceType checkTLS12TokenOnce; |
| 218 +static PRBool tls12TokenExists; |
| 219 + |
| 220 +static PRStatus |
| 221 +ssl_CheckTLS12Token(void) |
| 222 +{ |
| 223 + tls12TokenExists = |
| 224 + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); |
| 225 + return PR_SUCCESS; |
| 226 +} |
| 227 + |
| 228 +static PRBool |
| 229 +ssl_TLS12TokenExists(void) |
| 230 +{ |
| 231 + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); |
| 232 + return tls12TokenExists; |
| 233 +} |
| 234 + |
| 235 SECStatus |
| 236 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) |
| 237 { |
| 238 @@ -1915,6 +1951,24 @@ |
| 239 ssl_GetSSL3HandshakeLock(ss); |
| 240 |
| 241 ss->vrange = *vrange; |
| 242 + /* If we don't have a sufficiently up-to-date softoken then we cannot do |
| 243 + * TLS 1.2. */ |
| 244 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && |
| 245 + !ssl_TLS12TokenExists()) { |
| 246 + /* If the user requested a minimum version of 1.2, then we don't |
| 247 + * silently downgrade. */ |
| 248 + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 249 + ssl_ReleaseSSL3HandshakeLock(ss); |
| 250 + ssl_Release1stHandshakeLock(ss); |
| 251 + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); |
| 252 + return SECFailure; |
| 253 + } |
| 254 + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; |
| 255 + } |
| 256 + /* PKCS#11 bypass is not supported with TLS 1.2. */ |
| 257 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) { |
| 258 + ss->opt.bypassPKCS11 = PR_FALSE; |
| 259 + } |
| 260 |
| 261 ssl_ReleaseSSL3HandshakeLock(ss); |
| 262 ssl_Release1stHandshakeLock(ss); |
| 263 Index: net/third_party/nss/ssl/ssl3con.c |
| 264 =================================================================== |
| 265 --- net/third_party/nss/ssl/ssl3con.c (revision 202696) |
| 266 +++ net/third_party/nss/ssl/ssl3con.c (working copy) |
| 267 @@ -31,6 +32,15 @@ |
| 268 #include "blapi.h" |
| 269 #endif |
| 270 |
| 271 +/* This is a bodge to allow this code to be compiled against older NSS headers |
| 272 + * that don't contain the TLS 1.2 changes. */ |
| 273 +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 |
| 274 +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) |
| 275 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) |
| 276 +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) |
| 277 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
| 278 +#endif |
| 279 + |
| 280 #include <stdio.h> |
| 281 #ifdef NSS_ENABLE_ZLIB |
| 282 #include "zlib.h" |
| 283 @@ -5360,16 +5737,18 @@ |
| 284 } |
| 285 |
| 286 isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); |
| 287 + isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2)
; |
| 288 if (ss->ssl3.platformClientKey) { |
| 289 #ifdef NSS_PLATFORM_CLIENT_AUTH |
| 290 + keyType = CERT_GetCertKeyType( |
| 291 + &ss->ssl3.clientCertificate->subjectPublicKeyInfo); |
| 292 rv = ssl3_PlatformSignHashes( |
| 293 - &hashes, ss->ssl3.platformClientKey, &buf, isTLS, |
| 294 - CERT_GetCertKeyType( |
| 295 - &ss->ssl3.clientCertificate->subjectPublicKeyInfo)); |
| 296 + &hashes, ss->ssl3.platformClientKey, &buf, isTLS, keyType); |
| 297 ssl_FreePlatformKey(ss->ssl3.platformClientKey); |
| 298 ss->ssl3.platformClientKey = (PlatformKey)NULL; |
| 299 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| 300 } else { |
| 301 + keyType = ss->ssl3.clientPrivateKey->keyType; |
| 302 rv = ssl3_SignHashes(&hashes, ss->ssl3.clientPrivateKey, &buf, isTLS); |
| 303 if (rv == SECSuccess) { |
| 304 PK11SlotInfo * slot; |
| 305 @@ -9409,9 +9978,10 @@ |
| 306 pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX); |
| 307 |
| 308 memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC)); |
| 309 - memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), &hashes, sizeof(hashes)); |
| 310 + memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), hashes.u.raw, hashes.len); |
| 311 |
| 312 - rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, sizeof(signed_data))
; |
| 313 + rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, |
| 314 + sizeof(CHANNEL_ID_MAGIC) + hashes.len); |
| 315 if (rv != SECSuccess) |
| 316 goto loser; |
| 317 |
OLD | NEW |