net/third_party/nss/ssl/ssl3con.c - Issue 23889028: Merge 221609 "Prefer to generate SHA-1 signatures for TLS 1.2 cl..."

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 23889028: Merge 221609 "Prefer to generate SHA-1 signatures for TLS 1.2 cl..." (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1599/src/

Patch Set: Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* -- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -- */	1 /* -- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -- */

2 /*	2 /*

3 * SSL3 Protocol	3 * SSL3 Protocol

4 *	4 *

5 * This Source Code Form is subject to the terms of the Mozilla Public	5 * This Source Code Form is subject to the terms of the Mozilla Public

6 * License, v. 2.0. If a copy of the MPL was not distributed with this	6 * License, v. 2.0. If a copy of the MPL was not distributed with this

7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */	7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

8	8

9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */	9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */

10	10

(...skipping 3657 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3668 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);	3668 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);

3669 return SECFailure;	3669 return SECFailure;

3670 }	3670 }

3671 ss->ssl3.hs.hashType = handshake_hash_single;	3671 ss->ssl3.hs.hashType = handshake_hash_single;

3672	3672

3673 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {	3673 if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {

3674 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);	3674 ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);

3675 return SECFailure;	3675 return SECFailure;

3676 }	3676 }

3677	3677

3678 #ifdef _WIN32

3679 /* A backup SHA-1 hash for a potential client auth signature. */	3678 /* A backup SHA-1 hash for a potential client auth signature. */

3680 if (!ss->sec.isServer) {	3679 if (!ss->sec.isServer) {

3681 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1);	3680 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_SHA1);

3682 if (ss->ssl3.hs.md5 == NULL) {	3681 if (ss->ssl3.hs.md5 == NULL) {

3683 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);	3682 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);

3684 return SECFailure;	3683 return SECFailure;

3685 }	3684 }

3686	3685

3687 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) {	3686 if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) {

3688 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);	3687 ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);

3689 return SECFailure;	3688 return SECFailure;

3690 }	3689 }

3691 }	3690 }

3692 #endif

3693 } else {	3691 } else {

3694 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or	3692 /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or

3695 * created successfully. */	3693 * created successfully. */

3696 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);	3694 ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);

3697 if (ss->ssl3.hs.md5 == NULL) {	3695 if (ss->ssl3.hs.md5 == NULL) {

3698 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);	3696 ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);

3699 return SECFailure;	3697 return SECFailure;

3700 }	3698 }

3701 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);	3699 ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);

3702 if (ss->ssl3.hs.sha == NULL) {	3700 if (ss->ssl3.hs.sha == NULL) {

(...skipping 3076 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6779 }	6777 }

6780 if (ss->ssl3.platformClientKey) {	6778 if (ss->ssl3.platformClientKey) {

6781 ssl_FreePlatformKey(ss->ssl3.platformClientKey);	6779 ssl_FreePlatformKey(ss->ssl3.platformClientKey);

6782 ss->ssl3.platformClientKey = (PlatformKey)NULL;	6780 ss->ssl3.platformClientKey = (PlatformKey)NULL;

6783 }	6781 }

6784 goto send_no_certificate;	6782 goto send_no_certificate;

6785 }	6783 }

6786	6784

6787 if (isTLS12 && ss->ssl3.hs.md5) {	6785 if (isTLS12 && ss->ssl3.hs.md5) {

6788 PRBool need_backup_hash = PR_FALSE;	6786 PRBool need_backup_hash = PR_FALSE;

	6787 PRBool prefer_sha1 = PR_FALSE;

6789 #ifdef _WIN32	6788 #ifdef _WIN32

6790 /* If the key is in CAPI, assume conservatively that the CAPI	6789 /* If the key is in CAPI, assume conservatively that the CAPI

6791 * service provider may be unable to sign SHA-256 hashes.	6790 * service provider may be unable to sign SHA-256 hashes.

6792 » » * Use SHA-1 if the server supports it. */	6791 » » */

6793 if (ss->ssl3.platformClientKey->dwKeySpec !=	6792 if (ss->ssl3.platformClientKey->dwKeySpec !=

6794 CERT_NCRYPT_KEY_SPEC) {	6793 CERT_NCRYPT_KEY_SPEC) {

	6794 /* CAPI only supports RSA and DSA signatures, so we don't

	6795 * need to check the key type. */

	6796 prefer_sha1 = PR_TRUE;

	6797 }

	6798 #endif /* _WIN32 */

	6799 /* If the key is a 1024-bit RSA or DSA key, assume

	6800 * conservatively that it may be unable to sign SHA-256

	6801 * hashes. This is the case for older Estonian ID cards that

	6802 * have 1024-bit RSA keys. In FIPS 186-2 and older, DSA key

	6803 * size is at most 1024 bits and the hash function must be

	6804 * SHA-1.

	6805 */

	6806 if (!prefer_sha1) {

	6807 SECKEYPublicKey *pubk =

	6808 CERT_ExtractPublicKey(ss->ssl3.clientCertificate);

	6809 if (pubk == NULL) {

	6810 errCode = SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE;

	6811 goto loser;

	6812 }

	6813 if (pubk->keyType == rsaKey \|\| pubk->keyType == dsaKey) {

	6814 prefer_sha1 = SECKEY_PublicKeyStrength(pubk) <= 128;

	6815 }

	6816 SECKEY_DestroyPublicKey(pubk);

	6817 }

	6818 /* Use SHA-1 if the server supports it. */

	6819 if (prefer_sha1) {

6795 for (i = 0; i < algorithms.len; i += 2) {	6820 for (i = 0; i < algorithms.len; i += 2) {

6796 /* CAPI only supports RSA and DSA signatures. */

6797 if (algorithms.data[i] == tls_hash_sha1 &&	6821 if (algorithms.data[i] == tls_hash_sha1 &&

6798 (algorithms.data[i+1] == tls_sig_rsa \|\|	6822 (algorithms.data[i+1] == tls_sig_rsa \|\|

6799 algorithms.data[i+1] == tls_sig_dsa)) {	6823 algorithms.data[i+1] == tls_sig_dsa)) {

6800 need_backup_hash = PR_TRUE;	6824 need_backup_hash = PR_TRUE;

6801 break;	6825 break;

6802 }	6826 }

6803 }	6827 }

6804 }	6828 }

6805 #endif /* _WIN32 */

6806 if (!need_backup_hash) {	6829 if (!need_backup_hash) {

6807 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);	6830 PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);

6808 ss->ssl3.hs.md5 = NULL;	6831 ss->ssl3.hs.md5 = NULL;

6809 }	6832 }

6810 }	6833 }

6811 break; /* not an error */	6834 break; /* not an error */

6812 }	6835 }

6813 #endif /* NSS_PLATFORM_CLIENT_AUTH */	6836 #endif /* NSS_PLATFORM_CLIENT_AUTH */

6814 /* check what the callback function returned */	6837 /* check what the callback function returned */

6815 if ((!ss->ssl3.clientCertificate) \|\| (!ss->ssl3.clientPrivateKey)) {	6838 if ((!ss->ssl3.clientCertificate) \|\| (!ss->ssl3.clientPrivateKey)) {

(...skipping 5238 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
12054 PORT_Free(ss->ssl3.hs.recvdFragments.buf);	12077 PORT_Free(ss->ssl3.hs.recvdFragments.buf);

12055 }	12078 }

12056 }	12079 }

12057	12080

12058 ss->ssl3.initialized = PR_FALSE;	12081 ss->ssl3.initialized = PR_FALSE;

12059	12082

12060 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);	12083 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);

12061 }	12084 }

12062	12085

12063 /* End of ssl3con.c */	12086 /* End of ssl3con.c */

OLD	NEW

« no previous file with comments | « net/third_party/nss/patches/tls12backuphash.patch ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | no next file with comments »