OLD | NEW |
(Empty) | |
| 1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c |
| 2 index bc54c99..5ebafc2 100644 |
| 3 --- a/nss/lib/ssl/ssl3con.c |
| 4 +++ b/nss/lib/ssl/ssl3con.c |
| 5 @@ -631,8 +631,9 @@ void SSL_AtomicIncrementLong(long * x) |
| 6 } |
| 7 |
| 8 static PRBool |
| 9 -ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite, |
| 10 - SSL3ProtocolVersion version) |
| 11 +ssl3_CipherSuiteAllowedForVersionRange( |
| 12 + ssl3CipherSuite cipherSuite, |
| 13 + SSLVersionRange vrange) |
| 14 { |
| 15 switch (cipherSuite) { |
| 16 /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or |
| 17 @@ -649,7 +650,9 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuit
e, |
| 18 * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented |
| 19 * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented |
| 20 */ |
| 21 - return version <= SSL_LIBRARY_VERSION_TLS_1_0; |
| 22 + return vrange.min <= SSL_LIBRARY_VERSION_TLS_1_0; |
| 23 + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: |
| 24 + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: |
| 25 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: |
| 26 case TLS_RSA_WITH_AES_256_CBC_SHA256: |
| 27 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
| 28 @@ -661,7 +664,7 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuit
e, |
| 29 case TLS_RSA_WITH_AES_128_CBC_SHA256: |
| 30 case TLS_RSA_WITH_AES_128_GCM_SHA256: |
| 31 case TLS_RSA_WITH_NULL_SHA256: |
| 32 - return version >= SSL_LIBRARY_VERSION_TLS_1_2; |
| 33 + return vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2; |
| 34 default: |
| 35 return PR_TRUE; |
| 36 } |
| 37 @@ -804,7 +807,8 @@ ssl3_config_match_init(sslSocket *ss) |
| 38 } |
| 39 |
| 40 |
| 41 -/* return PR_TRUE if suite matches policy and enabled state */ |
| 42 +/* return PR_TRUE if suite matches policy, enabled state and is applicable to |
| 43 + * the given version range. */ |
| 44 /* It would be a REALLY BAD THING (tm) if we ever permitted the use |
| 45 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with |
| 46 ** policy == SSL_NOT_ALLOWED, report no match. |
| 47 @@ -812,7 +816,8 @@ ssl3_config_match_init(sslSocket *ss) |
| 48 /* adjust suite enabled to the availability of a token that can do the |
| 49 * cipher suite. */ |
| 50 static PRBool |
| 51 -config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) |
| 52 +config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, |
| 53 + SSLVersionRange vrange) |
| 54 { |
| 55 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); |
| 56 if (policy == SSL_NOT_ALLOWED || !enabled) |
| 57 @@ -820,10 +825,13 @@ config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool
enabled) |
| 58 return (PRBool)(suite->enabled && |
| 59 suite->isPresent && |
| 60 suite->policy != SSL_NOT_ALLOWED && |
| 61 - suite->policy <= policy); |
| 62 + suite->policy <= policy && |
| 63 + ssl3_CipherSuiteAllowedForVersionRange( |
| 64 + suite->cipher_suite, vrange)); |
| 65 } |
| 66 |
| 67 -/* return number of cipher suites that match policy and enabled state */ |
| 68 +/* return number of cipher suites that match policy, enabled state and are |
| 69 + * applicable for the given protocol version. */ |
| 70 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
| 71 static int |
| 72 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) |
| 73 @@ -834,7 +842,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enable
d) |
| 74 return 0; |
| 75 } |
| 76 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 77 - if (config_match(&ss->cipherSuites[i], policy, enabled)) |
| 78 + if (config_match(&ss->cipherSuites[i], policy, enabled, ss->vrange)) |
| 79 count++; |
| 80 } |
| 81 if (count <= 0) { |
| 82 @@ -5294,7 +5302,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
| 83 } |
| 84 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 85 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| 86 - if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { |
| 87 + if (config_match(suite, ss->ssl3.policy, PR_TRUE, ss->vrange)) { |
| 88 actual_count++; |
| 89 if (actual_count > num_suites) { |
| 90 /* set error card removal/insertion error */ |
| 91 @@ -6359,15 +6367,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRU
int32 length) |
| 92 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 93 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| 94 if (temp == suite->cipher_suite) { |
| 95 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) { |
| 96 + SSLVersionRange vrange = {ss->version, ss->version}; |
| 97 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| 98 break; /* failure */ |
| 99 } |
| 100 - if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| 101 - ss->version)) { |
| 102 - desc = handshake_failure; |
| 103 - errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; |
| 104 - goto alert_loser; |
| 105 - } |
| 106 |
| 107 suite_found = PR_TRUE; |
| 108 break; /* success */ |
| 109 @@ -8008,6 +8011,9 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUin
t32 length) |
| 110 */ |
| 111 if (sid) do { |
| 112 ssl3CipherSuiteCfg *suite; |
| 113 +#ifdef PARANOID |
| 114 + SSLVersionRange vrange = {ss->version, ss->version}; |
| 115 +#endif |
| 116 |
| 117 /* Check that the cached compression method is still enabled. */ |
| 118 if (!compressionEnabled(ss, sid->u.ssl3.compression)) |
| 119 @@ -8036,7 +8042,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUin
t32 length) |
| 120 * The product policy won't change during the process lifetime. |
| 121 * Implemented ("isPresent") shouldn't change for servers. |
| 122 */ |
| 123 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) |
| 124 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) |
| 125 break; |
| 126 #else |
| 127 if (!suite->enabled) |
| 128 @@ -8084,9 +8090,8 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUin
t32 length) |
| 129 */ |
| 130 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
| 131 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
| 132 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || |
| 133 - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| 134 - ss->version)) { |
| 135 + SSLVersionRange vrange = {ss->version, ss->version}; |
| 136 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| 137 continue; |
| 138 } |
| 139 for (i = 0; i + 1 < suites.len; i += 2) { |
| 140 @@ -8619,9 +8624,8 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buf
fer, int length) |
| 141 */ |
| 142 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
| 143 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
| 144 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || |
| 145 - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| 146 - ss->version)) { |
| 147 + SSLVersionRange vrange = {ss->version, ss->version}; |
| 148 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| 149 continue; |
| 150 } |
| 151 for (i = 0; i+2 < suite_length; i += 3) { |
| 152 @@ -12324,7 +12328,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned
char *cs, int *size) |
| 153 /* ssl3_config_match_init was called by the caller of this function. */ |
| 154 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| 155 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| 156 - if (config_match(suite, SSL_ALLOWED, PR_TRUE)) { |
| 157 + if (config_match(suite, SSL_ALLOWED, PR_TRUE, ss->vrange)) { |
| 158 if (cs != NULL) { |
| 159 *cs++ = 0x00; |
| 160 *cs++ = (suite->cipher_suite >> 8) & 0xFF; |
OLD | NEW |