Support the new TLS 1.2 HMAC-SHA256 cipher suites specified in

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* $Id$ */
 #include "seccomon.h"
@@ skipping 20 matching lines @@
 
 struct cipherPolicyStr {
         int             cipher;
         unsigned char   export; /* policy value for export policy */
         unsigned char   france; /* policy value for france policy */
 };
 
 typedef struct cipherPolicyStr cipherPolicy;
 
 /* This table contains two preconfigured policies: Export and France.
-** It is used only by the functions SSL_SetDomesticPolicy, 
-** SSL_SetExportPolicy, and SSL_SetFrancyPolicy.
+** It is used only by the functions NSS_SetDomesticPolicy, 
+** NSS_SetExportPolicy, and NSS_SetFrancePolicy.
 ** Order of entries is not important.
 */
 static cipherPolicy ssl_ciphers[] = {      /*   Export           France   */
  {  SSL_EN_RC4_128_WITH_MD5,                SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_EN_RC4_128_EXPORT40_WITH_MD5,       SSL_ALLOWED,     SSL_ALLOWED },
  {  SSL_EN_RC2_128_CBC_WITH_MD5,            SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,   SSL_ALLOWED,     SSL_ALLOWED },
  {  SSL_EN_DES_64_CBC_WITH_MD5,             SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_EN_DES_192_EDE3_CBC_WITH_MD5,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_RSA_WITH_RC4_128_MD5,               SSL_RESTRICTED,  SSL_NOT_ALLOWED },
  {  SSL_RSA_WITH_RC4_128_SHA,               SSL_RESTRICTED,  SSL_NOT_ALLOWED },
  {  SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_RSA_WITH_3DES_EDE_CBC_SHA,          SSL_RESTRICTED,  SSL_NOT_ALLOWED },
  {  SSL_RSA_FIPS_WITH_DES_CBC_SHA,          SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_RSA_WITH_DES_CBC_SHA,               SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_RSA_EXPORT_WITH_RC4_40_MD5,         SSL_ALLOWED,     SSL_ALLOWED },
  {  SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     SSL_ALLOWED,     SSL_ALLOWED },
  {  SSL_DHE_RSA_WITH_DES_CBC_SHA,           SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_DHE_DSS_WITH_DES_CBC_SHA,           SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_DSS_WITH_RC4_128_SHA,           SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  SSL_RSA_WITH_NULL_MD5,                  SSL_ALLOWED,     SSL_ALLOWED },
  {  SSL_RSA_WITH_NULL_SHA,                  SSL_ALLOWED,     SSL_ALLOWED },
- {  SSL_RSA_WITH_NULL_MD5,                  SSL_ALLOWED,     SSL_ALLOWED },
+ {  TLS_RSA_WITH_NULL_SHA256,               SSL_ALLOWED,     SSL_ALLOWED },
  {  TLS_DHE_DSS_WITH_AES_128_CBC_SHA,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,    SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_WITH_AES_128_CBC_SHA,           SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_RSA_WITH_AES_128_CBC_SHA256,        SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_DSS_WITH_AES_256_CBC_SHA,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,    SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_WITH_AES_256_CBC_SHA,           SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_RSA_WITH_AES_256_CBC_SHA256,        SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_WITH_SEED_CBC_SHA,              SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    SSL_ALLOWED,     SSL_NOT_ALLOWED },
  {  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     SSL_ALLOWED,     SSL_NOT_ALLOWED },
 #ifdef NSS_ENABLE_ECC
  {  TLS_ECDH_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED,     SSL_ALLOWED },
  {  TLS_ECDH_ECDSA_WITH_RC4_128_SHA,        SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,    SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,    SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_ECDSA_WITH_NULL_SHA,          SSL_ALLOWED,     SSL_ALLOWED },
  {  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,       SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,   SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,   SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_RSA_WITH_NULL_SHA,             SSL_ALLOWED,     SSL_ALLOWED },
  {  TLS_ECDH_RSA_WITH_RC4_128_SHA,          SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_RSA_WITH_NULL_SHA,            SSL_ALLOWED,     SSL_ALLOWED },
  {  TLS_ECDHE_RSA_WITH_RC4_128_SHA,         SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,    SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,     SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
+ {  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,  SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
  {  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,     SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
 #endif /* NSS_ENABLE_ECC */
  {  0,                                      SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }
 };
 
 static const sslSocketOps ssl_default_ops = {   /* No SSL. */
     ssl_DefConnect,
     NULL,
     ssl_DefBind,
     ssl_DefListen,
@@ skipping 670 matching lines @@
         if (on) 
             SSL_DisableExportCipherSuites(fd);
         break;
 
       case SSL_BYPASS_PKCS11:
         if (ss->handshakeBegun) {
             PORT_SetError(PR_INVALID_STATE_ERROR);
             rv = SECFailure;
         } else {
             if (PR_FALSE != on) {
-                /* TLS 1.2 isn't supported in bypass mode. */
-                if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
-                    /* If the user requested a minimum version of TLS 1.2 then
-                     * we don't silently downgrade. */
-                    PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
-                    rv = SECFailure;
-                    break;
-                }
-                if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
-                    ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
-                }
-                if (PR_SUCCESS == SSL_BypassSetup() ) {
+                /* PKCS#11 bypass is not supported with TLS 1.2. */
+                if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2) {
+                    ss->opt.bypassPKCS11   = PR_FALSE;

[wtc, 2013/06/05 00:30:40]

This change is necessary to make the upstream NSS SSL tests pass.

If we silently downgrade to TLS 1.1 here, the new HMAC-SHA256 cipher suites
will be disabled, and those upstream NSS SSL tests exercising these cipher
suites will fail in "bypass" mode.  (NSS test programs call SSL_VersionRangeSet
first, and then enable the SSL_BYPASS_PKCS11 option.)

So I instead turn off ss->opt.bypassPKCS11 here if TLS 1.2 is enabled.
This means an application interested in PKCS #11 bypass can enable at
most TLS 1.1.

[agl, 2013/06/05 14:53:47]

(nit: extra space before equals.)

This seems like slightly unfortunate behaviour - that the bypass request is
silently ignored. However, I don't have a better idea for making the tests pass
and users of bypass are already mostly on their own I guess.

[wtc, 2013/06/05 18:51:20]

Done.
Another solution is to modify the upstream NSS SSL test script to skip
the tests that use these TLS 1.2-only cipher suites (or even skip all
TLS 1.2 tests) in bypass mode.

I will revisit this later.

+                } else if (PR_SUCCESS == SSL_BypassSetup() ) {
 #ifdef NO_PKCS11_BYPASS
                     ss->opt.bypassPKCS11   = PR_FALSE;
 #else
                     ss->opt.bypassPKCS11   = on;
 #endif
                 } else {
                     rv = SECFailure;
                 }
             } else {
                 ss->opt.bypassPKCS11   = PR_FALSE;
@@ skipping 2313 matching lines @@
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
         ss->protocolVariant = protocolVariant;
     }
     return ss;
 }