Chromium Code Reviews Chromium Code Reviews
Issue 23928007:
NSS: don't advertise TLS 1.2-only ciphersuites in a TLS 1.1 ClientHello. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/third_party/nss/ssl/ssl3con.c |
| diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
| index bc54c995b60c80d539c3fe86f77450e3f31a203f..5ebafc2984fec267cd7774656901e8e025b72e87 100644 |
| --- a/net/third_party/nss/ssl/ssl3con.c |
| +++ b/net/third_party/nss/ssl/ssl3con.c |
| @@ -631,8 +631,9 @@ void SSL_AtomicIncrementLong(long * x) |
| } |
| static PRBool |
| -ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite, |
| - SSL3ProtocolVersion version) |
| +ssl3_CipherSuiteAllowedForVersionRange( |
| + ssl3CipherSuite cipherSuite, |
| + SSLVersionRange vrange) |
|
wtc
2013/09/25 00:42:14
Nit: use const SSLVersionRange *vrange ?
I know S
agl
2013/09/25 16:21:53
Done.
|
| { |
| switch (cipherSuite) { |
| /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or |
| @@ -649,7 +650,9 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite, |
| * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented |
| * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented |
| */ |
| - return version <= SSL_LIBRARY_VERSION_TLS_1_0; |
| + return vrange.min <= SSL_LIBRARY_VERSION_TLS_1_0; |
| + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: |
| + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: |
| case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: |
| case TLS_RSA_WITH_AES_256_CBC_SHA256: |
| case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: |
| @@ -661,7 +664,7 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite, |
| case TLS_RSA_WITH_AES_128_CBC_SHA256: |
| case TLS_RSA_WITH_AES_128_GCM_SHA256: |
| case TLS_RSA_WITH_NULL_SHA256: |
| - return version >= SSL_LIBRARY_VERSION_TLS_1_2; |
| + return vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2; |
| default: |
| return PR_TRUE; |
| } |
| @@ -804,7 +807,8 @@ ssl3_config_match_init(sslSocket *ss) |
| } |
| -/* return PR_TRUE if suite matches policy and enabled state */ |
| +/* return PR_TRUE if suite matches policy, enabled state and is applicable to |
| + * the given version range. */ |
| /* It would be a REALLY BAD THING (tm) if we ever permitted the use |
| ** of a cipher that was NOT_ALLOWED. So, if this is ever called with |
| ** policy == SSL_NOT_ALLOWED, report no match. |
| @@ -812,7 +816,8 @@ ssl3_config_match_init(sslSocket *ss) |
| /* adjust suite enabled to the availability of a token that can do the |
| * cipher suite. */ |
| static PRBool |
| -config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) |
| +config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, |
| + SSLVersionRange vrange) |
| { |
| PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); |
| if (policy == SSL_NOT_ALLOWED || !enabled) |
| @@ -820,10 +825,13 @@ config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled) |
| return (PRBool)(suite->enabled && |
| suite->isPresent && |
| suite->policy != SSL_NOT_ALLOWED && |
| - suite->policy <= policy); |
| + suite->policy <= policy && |
| + ssl3_CipherSuiteAllowedForVersionRange( |
| + suite->cipher_suite, vrange)); |
| } |
| -/* return number of cipher suites that match policy and enabled state */ |
| +/* return number of cipher suites that match policy, enabled state and are |
| + * applicable for the given protocol version. */ |
|
wtc
2013/09/25 00:42:14
"the given protocol version" is wrong because this
agl
2013/09/25 16:21:53
Done.
|
| /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */ |
| static int |
| count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) |
| @@ -834,7 +842,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) |
| return 0; |
| } |
| for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| - if (config_match(&ss->cipherSuites[i], policy, enabled)) |
| + if (config_match(&ss->cipherSuites[i], policy, enabled, ss->vrange)) |
| count++; |
| } |
| if (count <= 0) { |
| @@ -5294,7 +5302,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) |
| } |
| for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| - if (config_match(suite, ss->ssl3.policy, PR_TRUE)) { |
| + if (config_match(suite, ss->ssl3.policy, PR_TRUE, ss->vrange)) { |
| actual_count++; |
| if (actual_count > num_suites) { |
| /* set error card removal/insertion error */ |
| @@ -6359,15 +6367,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
| for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| if (temp == suite->cipher_suite) { |
| - if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) { |
| + SSLVersionRange vrange = {ss->version, ss->version}; |
| + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| break; /* failure */ |
| } |
| - if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| - ss->version)) { |
| - desc = handshake_failure; |
| - errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION; |
|
wtc
2013/09/25 00:42:14
Hmm... this change causes us to lose the more info
agl
2013/09/25 16:21:53
Done.
|
| - goto alert_loser; |
| - } |
| suite_found = PR_TRUE; |
| break; /* success */ |
| @@ -8008,6 +8011,9 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
| */ |
| if (sid) do { |
| ssl3CipherSuiteCfg *suite; |
| +#ifdef PARANOID |
| + SSLVersionRange vrange = {ss->version, ss->version}; |
| +#endif |
| /* Check that the cached compression method is still enabled. */ |
| if (!compressionEnabled(ss, sid->u.ssl3.compression)) |
| @@ -8036,7 +8042,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
| * The product policy won't change during the process lifetime. |
| * Implemented ("isPresent") shouldn't change for servers. |
| */ |
| - if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) |
| + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) |
| break; |
| #else |
| if (!suite->enabled) |
| @@ -8084,9 +8090,8 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) |
| */ |
| for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
| ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
| - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || |
| - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| - ss->version)) { |
| + SSLVersionRange vrange = {ss->version, ss->version}; |
| + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| continue; |
| } |
| for (i = 0; i + 1 < suites.len; i += 2) { |
| @@ -8619,9 +8624,8 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) |
| */ |
| for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
| ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; |
| - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) || |
| - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite, |
| - ss->version)) { |
| + SSLVersionRange vrange = {ss->version, ss->version}; |
| + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, vrange)) { |
| continue; |
| } |
| for (i = 0; i+2 < suite_length; i += 3) { |
| @@ -12324,7 +12328,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) |
| /* ssl3_config_match_init was called by the caller of this function. */ |
| for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
| ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; |
| - if (config_match(suite, SSL_ALLOWED, PR_TRUE)) { |
| + if (config_match(suite, SSL_ALLOWED, PR_TRUE, ss->vrange)) { |
| if (cs != NULL) { |
| *cs++ = 0x00; |
| *cs++ = (suite->cipher_suite >> 8) & 0xFF; |
