From 5f6fb751670afc83cdfcfc21eb5018b345382496 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 11 Jul 2018 20:39:02 +0800 Subject: [PATCH] cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2): bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171 --- security/nss/cmd/btoa/btoa.c | 20 +- security/nss/cmd/certutil/certext.c | 344 ++- security/nss/cmd/certutil/certutil.c | 205 +- security/nss/cmd/certutil/certutil.h | 7 +- security/nss/cmd/httpserv/httpserv.c | 4 +- security/nss/cmd/lib/secutil.c | 35 +- security/nss/cmd/lib/secutil.h | 3 + security/nss/cmd/pp/pp.c | 50 +- security/nss/coreconf/Linux.mk | 4 +- security/nss/doc/certutil.xml | 12 +- security/nss/doc/cmsutil.xml | 24 +- security/nss/doc/crlutil.xml | 111 +- security/nss/doc/html/certutil.html | 10 +- security/nss/doc/html/cmsutil.html | 9 +- security/nss/doc/html/crlutil.html | 39 +- security/nss/doc/html/modutil.html | 12 +- security/nss/doc/html/pk12util.html | 25 +- security/nss/doc/html/pp.html | 6 +- security/nss/doc/html/signtool.html | 40 +- security/nss/doc/html/signver.html | 8 +- security/nss/doc/html/ssltap.html | 27 +- security/nss/doc/html/vfychain.html | 2 +- security/nss/doc/html/vfyserv.html | 2 +- security/nss/doc/modutil.xml | 8 +- security/nss/doc/nroff/certutil.1 | 20 +- security/nss/doc/nroff/cmsutil.1 | 19 +- security/nss/doc/nroff/crlutil.1 | 69 +- security/nss/doc/nroff/modutil.1 | 18 +- security/nss/doc/nroff/pk12util.1 | 139 +- security/nss/doc/nroff/pp.1 | 4 +- security/nss/doc/nroff/signtool.1 | 26 +- security/nss/doc/nroff/signver.1 | 8 +- security/nss/doc/nroff/ssltap.1 | 50 +- security/nss/doc/nroff/vfychain.1 | 4 +- security/nss/doc/nroff/vfyserv.1 | 4 +- security/nss/doc/pk12util.xml | 220 +- security/nss/doc/signtool.xml | 99 +- security/nss/doc/signver.xml | 2 +- security/nss/doc/ssltap.xml | 60 +- security/nss/lib/certdb/alg1485.c | 10 +- security/nss/lib/certdb/certdb.h | 20 +- security/nss/lib/certdb/genname.c | 37 +- security/nss/lib/certdb/genname.h | 3 + security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/cryptohi/cryptohi.h | 2 +- security/nss/lib/cryptohi/secsign.c | 2 +- security/nss/lib/freebl/Makefile | 2 +- security/nss/lib/freebl/blapi.h | 2 +- security/nss/lib/freebl/loader.c | 2 +- security/nss/lib/freebl/loader.h | 2 +- security/nss/lib/freebl/rsa.c | 75 +- security/nss/lib/jar/jarver.c | 5 - security/nss/lib/nss/nss.def | 9 + security/nss/lib/nss/nss.h | 8 +- security/nss/lib/pk11wrap/pk11cert.c | 7 + security/nss/lib/pk11wrap/pk11load.c | 37 +- security/nss/lib/pk11wrap/pk11obj.c | 113 +- security/nss/lib/pk11wrap/pk11pub.h | 36 +- security/nss/lib/softoken/legacydb/lgattr.c | 6 +- security/nss/lib/softoken/legacydb/lgutil.c | 2 +- security/nss/lib/softoken/legacydb/pcertdb.c | 7 +- security/nss/lib/softoken/legacydb/pcertt.h | 24 +- security/nss/lib/softoken/manifest.mn.orig | 63 - security/nss/lib/softoken/pkcs11.c | 153 +- security/nss/lib/softoken/pkcs11c.c | 66 +- security/nss/lib/softoken/softkver.h | 8 +- security/nss/lib/ssl/SSLerrs.h | 6 + security/nss/lib/ssl/dtlscon.c | 527 ++--- security/nss/lib/ssl/ssl3con.c | 38 +- security/nss/lib/ssl/ssl3ecc.c | 812 +++---- security/nss/lib/ssl/ssl3ext.c | 2034 ++++++++-------- security/nss/lib/ssl/ssl3prot.h | 145 +- security/nss/lib/ssl/sslerr.h | 255 +- security/nss/lib/ssl/sslproto.h | 238 +- security/nss/lib/ssl/sslsock.c | 2201 +++++++++--------- security/nss/lib/util/nssutil.h | 8 +- security/nss/lib/util/secerr.h | 354 +-- security/nss/tests/all.sh | 10 +- security/nss/tests/cert/cert.sh | 196 ++ security/nss/tests/cipher/cipher.sh | 10 +- 80 files changed, 5073 insertions(+), 4215 deletions(-) delete mode 100644 security/nss/lib/softoken/manifest.mn.orig diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c index 7cee58ac..9416feb4 100644 --- a/security/nss/cmd/btoa/btoa.c +++ b/security/nss/cmd/btoa/btoa.c @@ -92,6 +92,10 @@ static void Usage(char *progName) "-i input"); fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", "-o output"); + fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n", + "-w suffix"); + fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n", + ""); exit(-1); } @@ -102,6 +106,7 @@ int main(int argc, char **argv) FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; + char *suffix = NULL; inFile = 0; outFile = 0; @@ -111,7 +116,7 @@ int main(int argc, char **argv) progName = progName ? progName+1 : argv[0]; /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); + optstate = PL_CreateOptState(argc, argv, "i:o:w:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { default: @@ -135,6 +140,13 @@ int main(int argc, char **argv) return -1; } break; + + case 'w': + if (!strcmp(optstate->value, "c")) + suffix = strdup("CERTIFICATE"); + else + suffix = strdup(optstate->value); + break; } } if (status == PL_OPT_BAD) @@ -171,11 +183,17 @@ int main(int argc, char **argv) #endif outFile = stdout; } + if (suffix) { + fprintf(outFile, "-----BEGIN %s-----\n", suffix); + } rv = encode_file(outFile, inFile); if (rv != SECSuccess) { fprintf(stderr, "%s: lossage: error=%d errno=%d\n", progName, PORT_GetError(), errno); return -1; } + if (suffix) { + fprintf(outFile, "-----END %s-----\n", suffix); + } return 0; } diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index ea423706..a87b4b1f 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -27,6 +27,8 @@ #include "xconst.h" #include "prprf.h" #include "certutil.h" +#include "genname.h" +#include "prnetdb.h" #define GEN_BREAK(e) rv=e; break; @@ -665,53 +667,213 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue) } +SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen) +{ + SECStatus rv; + SECOidTag tag; + SECOidData *coid; + + /* try dotted form first */ + rv = SEC_StringToOID(arena, to, from, fromLen); + if (rv == SECSuccess) { + return rv; + } + + /* Check to see if it matches a name in our oid table. + * SECOID_FindOIDByTag returns NULL if tag is out of bounds. + */ + tag = SEC_OID_UNKNOWN; + coid = SECOID_FindOIDByTag(tag); + for ( ; coid; coid = SECOID_FindOIDByTag(++tag)) { + if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) { + break; + } + } + if (coid == NULL) { + /* none found */ + return SECFailure; + } + return SECITEM_CopyItem(arena, to, &coid->oid); +} + static SECStatus AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp, - const char *names, CERTGeneralNameType type) + const char *constNames, CERTGeneralNameType type) { CERTGeneralName *nameList = NULL; CERTGeneralName *current = NULL; PRCList *prev = NULL; - const char *cp; - char *tbuf; + char *cp, *nextName = NULL; SECStatus rv = SECSuccess; + PRBool readTypeFromName = (PRBool) (type == 0); + char *names = NULL; + + if (constNames) + names = PORT_Strdup(constNames); + + if (names == NULL) { + return SECFailure; + } /* * walk down the comma separated list of names. NOTE: there is * no sanity checks to see if the email address look like * email addresses. + * + * Each name may optionally be prefixed with a type: string. + * If it isn't, the type from the previous name will be used. + * If there wasn't a previous name yet, the type given + * as a parameter to this function will be used. + * If the type value is zero (undefined), we'll fail. */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { + for (cp=names; cp; cp=nextName) { int len; - char *end; + char *oidString; + char *nextComma; + CERTName *name; + PRStatus status; + unsigned char *data; + PRNetAddr addr; + nextName = NULL; if (*cp == ',') { cp++; } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { + nextComma = PORT_Strchr(cp, ','); + if (nextComma) { + *nextComma = 0; + nextName = nextComma+1; + } + if ((*cp) == 0) { continue; } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); + if (readTypeFromName) { + char *save=cp; + /* Because we already replaced nextComma with end-of-string, + * a found colon belongs to the current name */ + cp = PORT_Strchr(cp, ':'); + if (cp) { + *cp = 0; + cp++; + type = CERT_GetGeneralNameTypeFromString(save); + if (*cp == 0) { + continue; + } + } else { + if (type == 0) { + /* no type known yet */ + rv = SECFailure; + break; + } + cp = save; + } + } + + current = PORT_ArenaZNew(arena, CERTGeneralName); if (!current) { rv = SECFailure; break; } + + current->type = type; + switch (type) { + /* string types */ + case certRFC822Name: + case certDNSName: + case certURI: + current->name.other.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + current->name.other.len = PORT_Strlen(cp); + break; + /* unformated data types */ + case certX400Address: + case certEDIPartyName: + /* turn a string into a data and len */ + rv = SECFailure; /* punt on these for now */ + fprintf(stderr,"EDI Party Name and X.400 Address not supported\n"); + break; + case certDirectoryName: + /* certDirectoryName */ + name = CERT_AsciiToName(cp); + if (name == NULL) { + rv = SECFailure; + fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp); + break; + } + rv = CERT_CopyName(arena,¤t->name.directoryName,name); + CERT_DestroyName(name); + break; + /* types that require more processing */ + case certIPAddress: + /* convert the string to an ip address */ + status = PR_StringToNetAddr(cp, &addr); + if (status != PR_SUCCESS) { + rv = SECFailure; + fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp); + break; + } + + if (PR_NetAddrFamily(&addr) == PR_AF_INET) { + len = sizeof(addr.inet.ip); + data = (unsigned char *)&addr.inet.ip; + } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) { + len = sizeof(addr.ipv6.ip); + data = (unsigned char *)&addr.ipv6.ip; + } else { + fprintf(stderr, "Invalid IP Family\n"); + rv = SECFailure; + break; + } + current->name.other.data = PORT_ArenaAlloc(arena, len); + if (current->name.other.data == NULL) { + rv = SECFailure; + break; + } + current->name.other.len = len; + PORT_Memcpy(current->name.other.data,data, len); + break; + case certRegisterID: + rv = GetOidFromString(arena, ¤t->name.other, cp, strlen(cp)); + break; + case certOtherName: + oidString = cp; + cp = PORT_Strchr(cp,';'); + if (cp == NULL) { + rv = SECFailure; + fprintf(stderr, "missing name in other name\n"); + break; + } + *cp++ = 0; + current->name.OthName.name.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + if (current->name.OthName.name.data == NULL) { + rv = SECFailure; + break; + } + current->name.OthName.name.len = PORT_Strlen(cp); + rv = GetOidFromString(arena, ¤t->name.OthName.oid, + oidString, strlen(oidString)); + break; + default: + rv = SECFailure; + fprintf(stderr, "Missing or invalid Subject Alternate Name type\n"); + break; + } + if (rv == SECFailure) { + break; + } + if (prev) { current->l.prev = prev; prev->next = &(current->l); } else { nameList = current; } - current->type = type; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); prev = &(current->l); } + PORT_Free(names); /* at this point nameList points to the head of a doubly linked, * but not yet circular, list and current points to its tail. */ if (rv == SECSuccess && nameList) { @@ -749,6 +911,12 @@ AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); } +static SECStatus +AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, + const char *altNames) +{ + return AddSubjectAltNames(arena, existingListp, altNames, 0); +} static SECStatus AddBasicConstraint(void *extHandle) @@ -1746,12 +1914,73 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) return (rv); } +/* Example of valid input: + * 1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz + */ +static SECStatus +parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen, + const char **crit, int *critLen, + const char **filename, int *filenameLen, + const char **next) +{ + const char *nextColon; + const char *nextComma; + const char *iter = nextExtension; + + if (!iter || !*iter) + return SECFailure; + + /* Require colons at earlier positions than nextComma (or end of string ) */ + nextComma = strchr(iter, ','); + + *oid = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *oidLen = (nextColon - *oid); + + if (!*oidLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *crit = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *critLen = (nextColon - *crit); + + if (!*critLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *filename = iter; + if (nextComma) { + *filenameLen = (nextComma - *filename); + iter = nextComma; + ++iter; + *next = iter; + } else { + *filenameLen = strlen(*filename); + *next = NULL; + } + + if (!*filenameLen) + return SECFailure; + + return SECSuccess; +} + SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList) + certutilExtnList extList, const char *extGeneric) { SECStatus rv = SECSuccess; char *errstring = NULL; + const char *nextExtension = NULL; do { /* Add key usage extension */ @@ -1864,7 +2093,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, } } - if (emailAddrs || dnsNames) { + if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) { PLArenaPool *arena; CERTGeneralName *namelist = NULL; SECItem item = { 0, NULL, 0 }; @@ -1874,10 +2103,21 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, rv = SECFailure; break; } + + rv = SECSuccess; - rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); + if (emailAddrs) { + rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs); + } - rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + if (dnsNames) { + rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + } + + if (extList[ext_subjectAltName].activated) { + rv |= AddGeneralSubjectAlt(arena, &namelist, + extList[ext_subjectAltName].arg); + } if (rv == SECSuccess) { rv = CERT_EncodeAltNameExtension(arena, namelist, &item); @@ -1898,5 +2138,71 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (rv != SECSuccess) { SECU_PrintError(progName, "Problem creating %s extension", errstring); } + + nextExtension = extGeneric; + while (nextExtension && *nextExtension) { + SECItem oid_item, value; + PRBool isCritical; + const char *oid, *crit, *filename, *next; + int oidLen, critLen, filenameLen; + PRFileDesc *inFile = NULL; + char *zeroTerminatedFilename = NULL; + + rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen, + &filename, &filenameLen, &next); + if (rv!= SECSuccess) { + SECU_PrintError(progName, + "error parsing generic extension parameter %s", + nextExtension); + break; + } + oid_item.data = NULL; + oid_item.len = 0; + rv = GetOidFromString(NULL, &oid_item, oid, oidLen); + if (rv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", nextExtension); + break; + } + if (!strncmp("critical", crit, critLen)) { + isCritical = PR_TRUE; + } else if (!strncmp("not-critical", crit, critLen)) { + isCritical = PR_FALSE; + } else { + rv = SECFailure; + SECU_PrintError(progName, "expected 'critical' or 'not-critical'"); + break; + } + zeroTerminatedFilename = PL_strndup(filename, filenameLen); + if (!zeroTerminatedFilename) { + rv = SECFailure; + SECU_PrintError(progName, "out of memory"); + break; + } + rv = SECFailure; + inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0); + if (inFile) { + rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; + } + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read file %s", + zeroTerminatedFilename); + } + PL_strfree(zeroTerminatedFilename); + if (rv != SECSuccess) { + break; + } + rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical, + PR_FALSE /*copyData*/); + if (rv != SECSuccess) { + SECITEM_FreeItem(&oid_item, PR_FALSE); + SECITEM_FreeItem(&value, PR_FALSE); + SECU_PrintError(progName, "failed to add extension %s", nextExtension); + break; + } + nextExtension = next; + } + return rv; } diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 1c33e6fc..b2f12f3f 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -182,7 +182,7 @@ static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, const char *emailAddrs, const char *dnsNames, - certutilExtnList extnList, + certutilExtnList extnList, const char *extGeneric, /*out*/ SECItem *result) { CERTSubjectPublicKeyInfo *spki; @@ -220,7 +220,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, PORT_FreeArena (arena, PR_FALSE); return SECFailure; } - if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList) + if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) != SECSuccess) { PORT_FreeArena (arena, PR_FALSE); return SECFailure; @@ -420,11 +420,64 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii) } static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) +outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii, + SECItem *extensionOID, PRFileDesc *outfile) { SECItem data; PRInt32 numBytes; + SECStatus rv = SECFailure; + if (extensionOID) { + int i; + PRBool found = PR_FALSE; + for (i=0; the_cert->extensions[i] != NULL; i++) { + CERTCertExtension *extension = the_cert->extensions[i]; + if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) { + found = PR_TRUE; + numBytes = PR_Write(outfile, extension->value.data, + extension->value.len); + rv = SECSuccess; + if (numBytes != (PRInt32) extension->value.len) { + SECU_PrintSystemError(progName, "error writing extension"); + rv = SECFailure; + } + rv = SECSuccess; + break; + } + } + if (!found) { + SECU_PrintSystemError(progName, "extension not found"); + rv = SECFailure; + } + } else { + data.data = the_cert->derCert.data; + data.len = the_cert->derCert.len; + if (ascii) { + PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); + rv = SECSuccess; + } else if (raw) { + numBytes = PR_Write(outfile, data.data, data.len); + rv = SECSuccess; + if (numBytes != (PRInt32) data.len) { + SECU_PrintSystemError(progName, "error writing raw cert"); + rv = SECFailure; + } + } else { + rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); + if (rv != SECSuccess) { + SECU_PrintError(progName, "problem printing certificate"); + } + } + } + return rv; +} + +static SECStatus +listCerts(CERTCertDBHandle *handle, char *name, char *email, + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, void *pwarg) +{ SECStatus rv = SECFailure; CERTCertList *certs; CERTCertListNode *node; @@ -461,34 +514,13 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } } } else if (email) { - CERTCertificate *the_cert; certs = PK11_FindCertsFromEmailAddress(email, NULL); if (!certs) { SECU_PrintError(progName, @@ -498,28 +530,8 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), - NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - rv = SECSuccess; - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } @@ -547,8 +559,9 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, static SECStatus ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, - PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, - secuPWData *pwdata) + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, secuPWData *pwdata) { SECStatus rv; @@ -569,7 +582,8 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, CERT_DestroyCertList(list); return SECSuccess; } - rv = listCerts(handle, nickname, email, slot, raw, ascii, outfile, pwdata); + rv = listCerts(handle, nickname, email, slot, raw, ascii, + extensionOID, outfile, pwdata); return rv; } @@ -615,6 +629,15 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date, case 'O': usage = certificateUsageStatusResponder; break; + case 'L': + usage = certificateUsageSSLCA; + break; + case 'A': + usage = certificateUsageAnyCA; + break; + case 'Y': + usage = certificateUsageVerifyCA; + break; case 'C': usage = certificateUsageSSLClient; break; @@ -989,7 +1012,7 @@ PrintSyntax(char *progName) FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", progName); - FPS "\t\t [-d certdir] [-P dbprefix]\n"); + FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); @@ -1008,7 +1031,8 @@ PrintSyntax(char *progName) "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" - "\t\t [--extSKID] [--extNC]\n", progName); + "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n" + "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName); FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); exit(1); } @@ -1308,7 +1332,7 @@ static void luL(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "L")); if (ul == usage_all || !command || is_my_command) - FPS "%-15s List all certs, or print out a single named cert\n", + FPS "%-15s List all certs, or print out a single named cert (or a subset)\n", "-L"); if (ul == usage_selected && !is_my_command) return; @@ -1327,6 +1351,9 @@ static void luL(enum usage_level ul, const char *command) " -r"); FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", " -a"); + FPS "%-20s \n" + "%-20s For single cert, print binary DER encoding of extension OID\n", + " --dump-ext-val OID", ""); FPS "\n"); } @@ -1472,6 +1499,9 @@ static void luV(enum usage_level ul, const char *command) FPS "%-20s Specify certificate usage:\n", " -u certusage"); FPS "%-25s C \t SSL Client\n", ""); FPS "%-25s V \t SSL Server\n", ""); + FPS "%-25s L \t SSL CA\n", ""); + FPS "%-25s A \t Any CA\n", ""); + FPS "%-25s Y \t Verify CA\n", ""); FPS "%-25s S \t Email signer\n", ""); FPS "%-25s R \t Email Recipient\n", ""); FPS "%-25s O \t OCSP status responder\n", ""); @@ -1638,6 +1668,18 @@ static void luS(enum usage_level ul, const char *command) " See -G for available key flag options"); FPS "%-20s Create a name constraints extension\n", " --extNC "); + FPS "%-20s \n" + "%-20s Create a Subject Alt Name extension with one or multiple names\n", + " --extSAN type:name[,type:name]...", ""); + FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", ""); + FPS "%-20s other, registerid, rfc822, uri, x400, x400addr\n", ""); + FPS "%-20s \n" + "%-20s Add one or multiple extensions that certutil cannot encode yet,\n" + "%-20s by loading their encodings from external files.\n", + " --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", ""); + FPS "%-20s - OID (example): 1.2.3.4\n", ""); + FPS "%-20s - critical-flag: critical or not-critical\n", ""); + FPS "%-20s - filename: full path to a file containing an encoded extension\n", ""); FPS "\n"); } @@ -1836,6 +1878,7 @@ CreateCert( PRBool ascii, PRBool selfsign, certutilExtnList extnList, + const char *extGeneric, int certVersion, SECItem * certDER) { @@ -1864,7 +1907,7 @@ CreateCert( GEN_BREAK (SECFailure) } - rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList); + rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric); if (rv != SECSuccess) { GEN_BREAK (SECFailure) } @@ -2212,6 +2255,9 @@ enum certutilOpts { opt_KeyAttrFlags, opt_EmptyPassword, opt_CertVersion, + opt_AddSubjectAltNameExt, + opt_DumpExtensionValue, + opt_GenericExtensions, opt_Help }; @@ -2323,6 +2369,11 @@ secuCommandFlag options_init[] = "empty-password"}, { /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE, "certVersion"}, + { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"}, + { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE, + "dump-ext-val"}, + { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, + "extGeneric"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2663,9 +2714,10 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } - /* if -L is given raw or ascii mode, it must be for only one cert. */ + /* if -L is given raw, ascii or dump mode, it must be for only one cert. */ if (certutil.commands[cmd_ListCerts].activated && (certutil.options[opt_ASCIIForIO].activated || + certutil.options[opt_DumpExtensionValue].activated || certutil.options[opt_BinaryDER].activated) && !certutil.options[opt_Nickname].activated) { PR_fprintf(PR_STDERR, @@ -2985,10 +3037,29 @@ merge_fail: /* List certs (-L) */ if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, email, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - outFile, &pwdata); + if (certutil.options[opt_DumpExtensionValue].activated) { + const char *oid_str; + SECItem oid_item; + SECStatus srv; + oid_item.data = NULL; + oid_item.len = 0; + oid_str = certutil.options[opt_DumpExtensionValue].arg; + srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str)); + if (srv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", + oid_str); + goto shutdown; + } + rv = ListCerts(certHandle, name, email, slot, + PR_TRUE /*binary*/, PR_FALSE /*ascii*/, + &oid_item, + outFile, &pwdata); + } else { + rv = ListCerts(certHandle, name, email, slot, + certutil.options[opt_BinaryDER].activated, + certutil.options[opt_ASCIIForIO].activated, + NULL, outFile, &pwdata); + } goto shutdown; } if (certutil.commands[cmd_DumpChain].activated) { @@ -3179,6 +3250,12 @@ merge_fail: certutil_extns[ext_extKeyUsage].arg = certutil.options[opt_AddCmdExtKeyUsageExt].arg; } + certutil_extns[ext_subjectAltName].activated = + certutil.options[opt_AddSubjectAltNameExt].activated; + if (certutil_extns[ext_subjectAltName].activated) { + certutil_extns[ext_subjectAltName].arg = + certutil.options[opt_AddSubjectAltNameExt].arg; + } certutil_extns[ext_authInfoAcc].activated = certutil.options[opt_AddAuthInfoAccExt].activated; @@ -3218,6 +3295,8 @@ merge_fail: certutil.options[opt_ExtendedEmailAddrs].arg, certutil.options[opt_ExtendedDNSNames].arg, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3240,6 +3319,8 @@ merge_fail: NULL, NULL, nullextnlist, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3259,6 +3340,8 @@ merge_fail: certutil.commands[cmd_CreateNewCert].activated, certutil.options[opt_SelfSign].activated, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), certVersion, &certDER); if (rv) diff --git a/security/nss/cmd/certutil/certutil.h b/security/nss/cmd/certutil/certutil.h index d4388fc3..92866490 100644 --- a/security/nss/cmd/certutil/certutil.h +++ b/security/nss/cmd/certutil/certutil.h @@ -35,6 +35,7 @@ enum certutilExtns { ext_inhibitAnyPolicy, ext_subjectKeyID, ext_nameConstraints, + ext_subjectAltName, ext_End }; @@ -47,7 +48,11 @@ typedef ExtensionEntry certutilExtnList[ext_End]; extern SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList); + certutilExtnList extList, const char *extGeneric); + +extern SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen); #endif /* _CERTUTIL_H */ diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index 6f37e42a..875b62bb 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -1312,8 +1312,10 @@ main(int argc, char **argv) inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0); if (inFile) { rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; } - if (!inFile || rv != SECSuccess) { + if (rv != SECSuccess) { fprintf(stderr, "unable to read crl file %s\n", revoInfo->crlFilename); exit(1); diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index d06dcf3c..0767be98 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -52,6 +52,19 @@ static char consoleName[] = { #include "ssl.h" #include "sslproto.h" +static PRBool utf8DisplayEnabled = PR_FALSE; + +void +SECU_EnableUtf8Display(PRBool enable) +{ + utf8DisplayEnabled = enable; +} + +PRBool +SECU_GetUtf8DisplayEnabled(void) +{ + return utf8DisplayEnabled; +} static void secu_ClearPassword(char *p) @@ -609,12 +622,22 @@ secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m, for (i = 0; i < si->len; i++) { unsigned char val = si->data[i]; + unsigned char c; if (SECU_GetWrapEnabled() && column > 76) { SECU_Newline(out); SECU_Indent(out, level); column = level*INDENT_MULT; } - fprintf(out,"%c", printable[val]); column++; + if (utf8DisplayEnabled) { + if (val < 32) + c = '.'; + else + c = val; + } else { + c = printable[val]; + } + fprintf(out,"%c", c); + column++; } if (quotes) { @@ -2441,19 +2464,19 @@ loser: int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) { - unsigned char fingerprint[20]; + unsigned char fingerprint[SHA256_LENGTH]; char *fpStr = NULL; int err = PORT_GetError(); SECStatus rv; SECItem fpItem; - /* print MD5 fingerprint */ + /* Print SHA-256 fingerprint */ memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); + rv = PK11_HashBuf(SEC_OID_SHA256, fingerprint, derCert->data, derCert->len); fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; + fpItem.len = SHA256_LENGTH; fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):", m); + SECU_Indent(out, level); fprintf(out, "%s (SHA-256):", m); if (SECU_GetWrapEnabled()) { fprintf(out, "\n"); SECU_Indent(out, level+1); diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 71a7f59b..2a299918 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -139,6 +139,9 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd, extern PRBool SECU_GetWrapEnabled(void); extern void SECU_EnableWrap(PRBool enable); +extern PRBool SECU_GetUtf8DisplayEnabled(void); +extern void SECU_EnableUtf8Display(PRBool enable); + /* revalidate the cert and print information about cert verification * failure at time == now */ extern void diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index c97b3e79..a739a915 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -22,22 +22,27 @@ extern int fprintf(FILE *, char *, ...); static void Usage(char *progName) { fprintf(stderr, - "Usage: %s -t type [-a] [-i input] [-o output] [-w]\n", + "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); - fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n", + fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); + fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", "-t type", SEC_CT_PRIVATE_KEY); - fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY, + fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); - fprintf(stderr, "%-20s %s, %s, %s or %s)\n", "", SEC_CT_CERTIFICATE_ID, + fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); - fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n", + fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID, + SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); + fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n", "-a"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", + fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n", "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", + fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n", "-o output"); - fprintf(stderr, "%-20s Don't wrap long output lines\n", + fprintf(stderr, "%-14s Don't wrap long output lines\n", "-w"); + fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n", + "-u"); exit(-1); } @@ -59,7 +64,7 @@ int main(int argc, char **argv) inFile = 0; outFile = 0; typeTag = 0; - optstate = PL_CreateOptState(argc, argv, "at:i:o:w"); + optstate = PL_CreateOptState(argc, argv, "at:i:o:uw"); while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) { switch (optstate->option) { case '?': @@ -92,6 +97,10 @@ int main(int argc, char **argv) typeTag = strdup(optstate->value); break; + case 'u': + SECU_EnableUtf8Display(PR_TRUE); + break; + case 'w': wrap = PR_FALSE; break; @@ -125,27 +134,34 @@ int main(int argc, char **argv) SECU_EnableWrap(wrap); /* Pretty print it */ - if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) { + if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || + PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, SECU_PrintCertificate); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || + PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, SECU_PrintDumpDerIssuerAndSerial); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 || + PORT_Strcmp(typeTag, "cr") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0, SECU_PrintCertificateRequest); - } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) { rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl); #ifdef HAVE_EPV_TEMPLATE - } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 || + PORT_Strcmp(typeTag, "sk") == 0) { rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0); #endif - } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 || + PORT_Strcmp (typeTag, "pk") == 0) { rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 || + PORT_Strcmp (typeTag, "p7") == 0) { rv = SECU_PrintPKCS7ContentInfo(outFile, &data, "PKCS #7 Content Info", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 || + PORT_Strcmp (typeTag, "n") == 0) { rv = SECU_PrintDERName(outFile, &data, "Name", 0); } else { fprintf(stderr, "%s: don't know how to print out '%s' files\n", diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 36995ba8..6567f25f 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -130,7 +130,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifdef USE_PTHREADS @@ -140,7 +140,7 @@ endif ARCH = linux DSO_CFLAGS = -fPIC -DSO_LDOPTS = -shared $(ARCHFLAG) +DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) # incorrectly reports undefined references in the libraries we link with, so # we don't use -z defs there. diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index a86e954f..87280679 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -196,10 +196,10 @@ If this option is not used, the validity check defaults to the current system ti certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). NSS recognizes the following prefixes: - sql: requests the newer database - dbm: requests the legacy database + sql: requests the newer database + dbm: requests the legacy database - If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. + If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. @@ -432,11 +432,11 @@ of the attribute codes: -1 | --keyUsage keyword,keyword - Set a Netscape Certificate Type Extension in the certificate. There are several available keywords: + Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords: - digital signature + digitalSignature @@ -498,7 +498,7 @@ of the attribute codes: -5 | --nsCertType keyword,keyword - Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords: + Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords: diff --git a/security/nss/doc/cmsutil.xml b/security/nss/doc/cmsutil.xml index ba45b99f..c7d2408d 100644 --- a/security/nss/doc/cmsutil.xml +++ b/security/nss/doc/cmsutil.xml @@ -61,16 +61,16 @@ Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: - - -D - Decode a message. - - -C Encrypt a message. + + -D + Decode a message. + + -E Envelope a message. @@ -267,23 +267,11 @@ cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [ - + See also certutil(1) - - - See Also - - - - - - - - - Additional Resources diff --git a/security/nss/doc/crlutil.xml b/security/nss/doc/crlutil.xml index a6dddd4d..e77570e2 100644 --- a/security/nss/doc/crlutil.xml +++ b/security/nss/doc/crlutil.xml @@ -75,15 +75,6 @@ The options and arguments for the crlutil command are defined as follows: - - -G - - -Create new Certificate Revocation List(CRL). - - - - -D @@ -93,16 +84,6 @@ Delete Certificate Revocation List from cert database. - - - -I - - -Import a CRL to the cert database - - - - -E @@ -112,6 +93,23 @@ Erase all CRLs of specified type from the cert database + + -G + + +Create new Certificate Revocation List (CRL). + + + + + + -I + + +Import a CRL to the cert database + + + -L @@ -122,15 +120,6 @@ List existing CRL located in cert database file. - - -S - - -Show contents of a CRL file which isn't stored in the database. - - - - -M @@ -141,38 +130,20 @@ Modify existing CRL which can be located in cert db or in arbitrary file. If loc - -G + -S - +Show contents of a CRL file which isn't stored in the database. Arguments - Option arguments modify an action and are lowercase. + Option arguments modify an action. - - -B - - -Bypass CA signature checks. - - - - - - -P dbprefix - - -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. - - - - -a @@ -182,6 +153,15 @@ Use ASCII format or allow the use of ASCII format for input and output. This for + + -B + + +Bypass CA signature checks. + + + + -c crl-gen-file @@ -204,19 +184,19 @@ The NSS database files must reside in the same directory. - -i crl-file + -f password-file -Specify the file which contains the CRL to import or show. +Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. - -f password-file + -i crl-file -Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. +Specify the file which contains the CRL to import or show. @@ -248,6 +228,15 @@ Specify the output file name for new CRL. Bracket the output-file string with qu + + -P dbprefix + + +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. + + + + -t crl-type @@ -355,7 +344,7 @@ Implemented Extensions * Add The Authority Key Identifier extension: - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. authKeyId critical [key-id | dn cert-serial] @@ -504,21 +493,9 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr - - See also - certutil(1) - - - See Also - - - - - - - + certutil(1) diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 34430f2c..c99513fc 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

@@ -10,7 +10,7 @@ For certificate requests, ASCII output defaults to standard output unless redire

If this option is not used, the validity check defaults to the current system time.

-c issuer

Identify the certificate of the CA from which a new certificate will derive its authenticity. Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string - with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

-f password-file

Specify a file that will automatically supply the password to include in a certificate + with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

-f password-file

Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

The valid key type options are rsa, dsa, ec, or all. The default @@ -59,8 +59,8 @@ of the attribute codes: the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is not used, the validity period begins at the current system time. The length - of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:

  • - digital signature + of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • + digitalSignature

  • nonRepudiation

  • @@ -75,7 +75,7 @@ of the attribute codes: crlSigning

  • critical -

-2

Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. certutil prompts for the certificate constraint extension to select.

X.509 certificate extensions are described in RFC 5280.

-3

Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.

X.509 certificate extensions are described in RFC 5280.

-4

Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). certutil prompts for the URL.

X.509 certificate extensions are described in RFC 5280.

-5 | --nsCertType keyword,keyword

Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:

  • +

-2

Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. certutil prompts for the certificate constraint extension to select.

X.509 certificate extensions are described in RFC 5280.

-3

Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.

X.509 certificate extensions are described in RFC 5280.

-4

Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). certutil prompts for the URL.

X.509 certificate extensions are described in RFC 5280.

-5 | --nsCertType keyword,keyword

Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:

  • sslClient

  • sslServer diff --git a/security/nss/doc/html/cmsutil.html b/security/nss/doc/html/cmsutil.html index 2b5249ca..1bed3fe6 100644 --- a/security/nss/doc/html/cmsutil.html +++ b/security/nss/doc/html/cmsutil.html @@ -1,4 +1,4 @@ -CMSUTIL

    CMSUTIL

    Name

    cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    Synopsis

    cmsutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CMSUTIL

    CMSUTIL

    Name

    cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    Synopsis

    cmsutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The cmsutil command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. @@ -8,7 +8,7 @@ To see a usage string, issue the command without options.

    Options

    Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: -

    -D

    Decode a message.

    -C

    Encrypt a message.

    -E

    Envelope a message.

    -O

    Create a certificates-only message.

    -S

    Sign a message.

    Arguments

    Option arguments modify an action.

    -b

    Decode a batch of files named in infile.

    -c content

    Use this detached content (decode only).

    -d dbdir

    Specify the key/certificate database directory (default is ".")

    -e envfile

    Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).

    -f pwfile

    Use password file to set password on all PKCS#11 tokens.

    -G

    Include a signing time attribute (sign only).

    -H hash

    Use specified hash algorithm (default:SHA1).

    -h num

    Generate email headers with info about CMS message (decode only).

    -i infile

    Use infile as a source of data (default is stdin).

    -k

    Keep decoded encryption certs in permanent cert db.

    -N nickname

    Specify nickname of certificate to sign with (sign only).

    -n

    Suppress output of contents (decode only).

    -o outfile

    Use outfile as a destination of data (default is stdout).

    -P

    Include an S/MIME capabilities attribute.

    -p password

    Use password as key database password.

    -r recipient1,recipient2, ...

    +

    -C

    Encrypt a message.

    -D

    Decode a message.

    -E

    Envelope a message.

    -O

    Create a certificates-only message.

    -S

    Sign a message.

    Arguments

    Option arguments modify an action.

    -b

    Decode a batch of files named in infile.

    -c content

    Use this detached content (decode only).

    -d dbdir

    Specify the key/certificate database directory (default is ".")

    -e envfile

    Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).

    -f pwfile

    Use password file to set password on all PKCS#11 tokens.

    -G

    Include a signing time attribute (sign only).

    -H hash

    Use specified hash algorithm (default:SHA1).

    -h num

    Generate email headers with info about CMS message (decode only).

    -i infile

    Use infile as a source of data (default is stdin).

    -k

    Keep decoded encryption certs in permanent cert db.

    -N nickname

    Specify nickname of certificate to sign with (sign only).

    -n

    Suppress output of contents (decode only).

    -o outfile

    Use outfile as a destination of data (default is stdout).

    -P

    Include an S/MIME capabilities attribute.

    -p password

    Use password as key database password.

    -r recipient1,recipient2, ...

    Specify list of recipients (email addresses) for an encrypted or enveloped message. For certificates-only message, list of certificates to send.

    -T

    Suppress content in CMS message (sign only).

    -u certusage

    Set type of cert usage (default is certUsageEmailSigner).

    -v

    Print debugging information.

    -Y ekprefnick

    Specify an encryption key preference by nickname.

    Usage

    Encrypt Example

    @@ -21,10 +21,7 @@ cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,reci
 cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."

    Sign Message Example

     cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
-

    See also

    certutil(1)

    See Also

    -

    -

    -

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    +

    See also

    certutil(1)

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

    LICENSE

    Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

    diff --git a/security/nss/doc/html/crlutil.html b/security/nss/doc/html/crlutil.html index 3f39545e..c27a06e7 100644 --- a/security/nss/doc/html/crlutil.html +++ b/security/nss/doc/html/crlutil.html @@ -1,6 +1,6 @@ CRLUTIL
    CRLUTIL

    Name

    crlutil — List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL. -

    Synopsis

    crlutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

    Synopsis

    crlutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The Certificate Revocation List (CRL) Management Tool, crlutil, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.

    The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation. @@ -16,44 +16,42 @@ where options and arguments are combinations of the options and arguments listed

    Options

    Options specify an action. Option arguments modify an action. The options and arguments for the crlutil command are defined as follows: -

    -G

    -Create new Certificate Revocation List(CRL). -

    -D

    +

    -D

    Delete Certificate Revocation List from cert database. -

    -I

    -Import a CRL to the cert database

    -E

    Erase all CRLs of specified type from the cert database +

    -G

    +Create new Certificate Revocation List (CRL). +

    -I

    +Import a CRL to the cert database

    -L

    List existing CRL located in cert database file. -

    -S

    -Show contents of a CRL file which isn't stored in the database.

    -M

    Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format. -

    -G

    - -

    Arguments

    Option arguments modify an action and are lowercase.

    -B

    -Bypass CA signature checks. -

    -P dbprefix

    -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. -

    -a

    +

    -S

    +Show contents of a CRL file which isn't stored in the database. +

    Arguments

    Option arguments modify an action.

    -a

    Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113. +

    -B

    +Bypass CA signature checks.

    -c crl-gen-file

    Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input.

    -d directory

    Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory.

    The NSS database files must reside in the same directory. -

    -i crl-file

    -Specify the file which contains the CRL to import or show.

    -f password-file

    Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. +

    -i crl-file

    +Specify the file which contains the CRL to import or show.

    -l algorithm-name

    Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512

    -n nickname

    Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.

    -o output-file

    Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output. +

    -P dbprefix

    +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -t crl-type

    Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete

    -u url

    @@ -103,7 +101,7 @@ Implemented Extensions

    * Add The Authority Key Identifier extension:

    - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.

    authKeyId critical [key-id | dn cert-serial]

    @@ -200,10 +198,7 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr * Import CRL from file: 

               crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] 
-

    See also

    certutil(1)

    See Also

    -

    -

    -

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    +

    See Also

    certutil(1)

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

    LICENSE

    Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

    diff --git a/security/nss/doc/html/modutil.html b/security/nss/doc/html/modutil.html index e67fde2a..5c53b0a6 100644 --- a/security/nss/doc/html/modutil.html +++ b/security/nss/doc/html/modutil.html @@ -1,7 +1,7 @@ -MODUTIL
    MODUTIL

    Name

    modutil — Manage PKCS #11 module information within the security module database.

    Synopsis

    modutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +MODUTIL

    MODUTIL

    Name

    modutil — Manage PKCS #11 module information within the security module database.

    Synopsis

    modutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The Security Module Database Tool, modutil, is a command-line utility for managing PKCS #11 module information both within secmod.db files and within hardware tokens. modutil can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

    The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.

    Options

    Running modutil always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments. -

    Options

    -add modulename

    Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

    -changepw tokenname

    Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

    -chkfips

    Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

    -create

    Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

    -default modulename

    Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

    -delete modulename

    Delete the named module. The default NSS PKCS #11 module cannot be deleted.

    -disable modulename

    Disable all slots on the named module. Use the -slot argument to disable a specific slot.

    -enable modulename

    Enable all slots on the named module. Use the -slot argument to enable a specific slot.

    -fips [true | false]

    Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

    -force

    Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

    -jar JAR-file

    Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

    -list [modulename]

    Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

    -rawadd

    Add the module spec string to the secmod.db database.

    -rawlist

    Display the module specs for a specified module or for all loadable modules.

    -undefault modulename

    Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

    Arguments

    MODULE

    Give the security module to access.

    MODULESPEC

    Give the security module spec to load into the security database.

    -ciphers cipher-enable-list

    Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

    -dbdir [sql:]directory

    Specify the database directory in which to access or create security module database files.

    modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

    --dbprefix prefix

    Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -installdir root-installation-directory

    Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

    -libfile library-file

    Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

    -mechanisms mechanism-list

    Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

    The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

    modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

    -newpwfile new-password-file

    Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

    -nocertdb

    Do not open the certificate or key databases. This has several effects:

    • With the -create command, only a module security file is created; certificate and key databases are not created.

    • With the -jar command, signatures on the JAR file are not checked.

    • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

    -pwfile old-password-file

    Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

    -secmod secmodname

    Give the name of the security module database (like secmod.db) to load.

    -slot slotname

    Specify a particular slot to be enabled or disabled with the -enable or -disable options.

    -string CONFIG_STRING

    Pass a configuration string for the module being added to the database.

    -tempdir temporary-directory

    Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

    Usage and Examples

    Creating Database Files

    Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

    modutil -create -dbdir [sql:]directory

    Adding a Cryptographic Module

    Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

    modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list]

    For example: +

    Options

    -add modulename

    Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

    -changepw tokenname

    Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

    -chkfips

    Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

    -create

    Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

    -default modulename

    Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

    -delete modulename

    Delete the named module. The default NSS PKCS #11 module cannot be deleted.

    -disable modulename

    Disable all slots on the named module. Use the -slot argument to disable a specific slot.

    The internal NSS PKCS #11 module cannot be disabled.

    -enable modulename

    Enable all slots on the named module. Use the -slot argument to enable a specific slot.

    -fips [true | false]

    Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

    -force

    Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

    -jar JAR-file

    Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

    -list [modulename]

    Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

    -rawadd

    Add the module spec string to the secmod.db database.

    -rawlist

    Display the module specs for a specified module or for all loadable modules.

    -undefault modulename

    Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

    Arguments

    MODULE

    Give the security module to access.

    MODULESPEC

    Give the security module spec to load into the security database.

    -ciphers cipher-enable-list

    Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

    -dbdir [sql:]directory

    Specify the database directory in which to access or create security module database files.

    modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

    --dbprefix prefix

    Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -installdir root-installation-directory

    Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

    -libfile library-file

    Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

    -mechanisms mechanism-list

    Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

    The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

    modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

    -newpwfile new-password-file

    Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

    -nocertdb

    Do not open the certificate or key databases. This has several effects:

    • With the -create command, only a module security file is created; certificate and key databases are not created.

    • With the -jar command, signatures on the JAR file are not checked.

    • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

    -pwfile old-password-file

    Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

    -secmod secmodname

    Give the name of the security module database (like secmod.db) to load.

    -slot slotname

    Specify a particular slot to be enabled or disabled with the -enable or -disable options.

    -string CONFIG_STRING

    Pass a configuration string for the module being added to the database.

    -tempdir temporary-directory

    Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

    Usage and Examples

    Creating Database Files

    Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

    modutil -create -dbdir [sql:]directory

    Adding a Cryptographic Module

    Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

    modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list]

    For example: 

    modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
 
 Using database directory ... 
@@ -211,7 +211,8 @@ MD2:                   0x00000400
 RANDOM:                0x08000000
 FRIENDLY:              0x10000000
 OWN_PW_DEFAULTS:       0x20000000
-DISABLE:               0x40000000

    CipherEnableFlags specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the -cipher argument with the -add command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the CipherEnableFlags entry is omitted, the value defaults to 0x0.

    EquivalentPlatform specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.

    Per-File Keys

    Some keys have meaning only within the value list of an entry in a Files list.

    Each file requires a path key the identifies where the file is. Either RelativePath or AbsolutePath must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.

    RelativePath specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: %root% and %temp%. %root% is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The %temp% directory is created at the beginning of the installation and destroyed at the end. The purpose of %temp% is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.

    AbsolutePath specifies the destination directory of the file as an absolute path.

    Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.

    FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.

    user read:                0400
+DISABLE:               0x40000000

    CipherEnableFlags specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the -cipher argument with the -add command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the CipherEnableFlags entry is omitted, the value defaults to 0x0.

    EquivalentPlatform specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.

    Per-File Keys

    Some keys have meaning only within the value list of an entry in a Files list.

    Each file requires a path key the identifies where the file is. Either RelativePath or AbsolutePath must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.

    RelativePath specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: %root% and %temp%. %root% is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The %temp% directory is created at the beginning of the installation and destroyed at the end. The purpose of %temp% is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.

    AbsolutePath specifies the destination directory of the file as an absolute path.

    Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.

    FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.

    +user read:                0400
 user write:               0200
 user execute:             0100
 group read:               0040
@@ -219,7 +220,8 @@ group write:              0020
 group execute:            0010
 other read:               0004
 other write:              0002
-other execute:       0001

    Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.

    NSS Database Types

    NSS originally used BerkeleyDB databases to store security information. +other execute: 0001 +

    Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.

    NSS Database Types

    NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

    • cert8.db for certificates

    • @@ -236,7 +238,7 @@ BerkleyDB. These new databases provide more accessibility and performance:

    • pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory

    Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

    By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

    modutil -create -dbdir sql:/home/my/sharednssdb

    To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

    export NSS_DEFAULT_DB_TYPE="sql"

    This line can be set added to the ~/.bashrc file to make the change permanent.

    Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

    • +Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

      modutil -create -dbdir sql:/home/my/sharednssdb

      To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

      export NSS_DEFAULT_DB_TYPE="sql"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

      • https://wiki.mozilla.org/NSS_Shared_DB_Howto

      For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

      • https://wiki.mozilla.org/NSS_Shared_DB

    See Also

    certutil (1)

    pk12util (1)

    signtool (1)

    The NSS wiki has information on the new database design and how to configure applications to use it.

    • diff --git a/security/nss/doc/html/pk12util.html b/security/nss/doc/html/pk12util.html index 2663bcf4..fe516dd8 100644 --- a/security/nss/doc/html/pk12util.html +++ b/security/nss/doc/html/pk12util.html @@ -1,13 +1,9 @@ -PK12UTIL

      PK12UTIL

      Name

      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database

      Synopsis

      pk12util [-i p12File [-h tokenname] [-v] [common-options] ] [ - -l p12File [-h tokenname] [-r] [common-options] ] [ - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] ] [ - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - ]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

      Description

      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.

      Options and Arguments

      Options

      -i p12file

      Import keys and certificates from a PKCS#12 file into a security database.

      -l p12file

      List the keys and certificates in PKCS#12 file.

      -o p12file

      Export keys and certificates from the security database to a PKCS#12 file.

      Arguments

      -n certname

      Specify the nickname of the cert and private key to export.

      -d [sql:]directory

      Specify the database directory into which to import to or export from certificates and keys.

      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

      -P prefix

      Specify the prefix used on the certificate and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended.

      -h tokenname

      Specify the name of the token to import into or export from.

      -v

      Enable debug logging when importing.

      -k slotPasswordFile

      Specify the text file containing the slot's password.

      -K slotPassword

      Specify the slot's password.

      -w p12filePasswordFile

      Specify the text file containing the pkcs #12 file password.

      -W p12filePassword

      Specify the pkcs #12 file password.

      -c keyCipher

      Specify the key encryption algorithm.

      -C certCipher

      Specify the key cert (overall package) encryption algorithm.

      -m | --key-len keyLength

      Specify the desired length of the symmetric key to be used to encrypt the private key.

      -n | --cert-key-len certKeyLength

      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.

      -r

      Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.

      Return Codes

      • 0 - No error

      • 1 - User Cancelled

      • 2 - Usage error

      • 6 - NLS init error

      • 8 - Certificate DB open error

      • 9 - Key DB open error

      • 10 - File initialization error

      • 11 - Unicode conversion error

      • 12 - Temporary file creation error

      • 13 - PKCS11 get slot error

      • 14 - PKCS12 decoder start error

      • 15 - error read from import file

      • 16 - pkcs12 decode error

      • 17 - pkcs12 decoder verify error

      • 18 - pkcs12 decoder validate bags error

      • 19 - pkcs12 decoder import bags error

      • 20 - key db conversion version 3 to version 2 error

      • 21 - cert db conversion version 7 to version 5 error

      • 22 - cert and key dbs patch error

      • 23 - get default cert db error

      • 24 - find cert by nickname error

      • 25 - create export context error

      • 26 - PKCS12 add password itegrity error

      • 27 - cert and key Safes creation error

      • 28 - PKCS12 add cert and key error

      • 29 - PKCS12 encode error

      Examples

      Importing Keys and Certificates

      The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file (-i) and some way to specify the security database being accessed (either -d for a directory or -h for a token). - 

      pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example:

      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+PK12UTIL
      PK12UTIL
      Name
      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database
      Synopsis
      pk12util  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      STATUS
      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477
+    
      Description
      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.
      Options and Arguments
      Options
      -i p12file
      Import keys and certificates from a PKCS#12 file into a security database.
      -l p12file
      List the keys and certificates in PKCS#12 file.
      -o p12file
      Export keys and certificates from the security database to a PKCS#12 file.
      Arguments
      -c keyCipher
      Specify the key encryption algorithm.
      -C certCipher
      Specify the key cert (overall package) encryption algorithm.
      -d [sql:]directory
      Specify the database directory into which to import to or export from certificates and keys.
      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.
      -h tokenname
      Specify the name of the token to import into or export from.
      -k slotPasswordFile
      Specify the text file containing the slot's password.
      -K slotPassword
      Specify the slot's password.
      -m | --key-len  keyLength
      Specify the desired length of the symmetric key to be used to encrypt the private key.
      -n | --cert-key-len  certKeyLength
      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.
      -n certname
      Specify the nickname of the cert and private key to export.
      -P prefix
      Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.
      -r
      Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.
      -v 
      Enable debug logging when importing.
      -w p12filePasswordFile
      Specify the text file containing the pkcs #12 file password.
      -W p12filePassword
      Specify the pkcs #12 file password.
      Return Codes
      •  0 - No error
      •  1 - User Cancelled
      •  2 - Usage error
      •  6 - NLS init error
      •  8 - Certificate DB open error
      •  9 - Key DB open error
      •  10 - File initialization error
      •  11 - Unicode conversion error
      •  12 - Temporary file creation error
      •  13 - PKCS11 get slot error
      •  14 - PKCS12 decoder start error
      •  15 - error read from import file
      •  16 - pkcs12 decode error
      •  17 - pkcs12 decoder verify error
      •  18 - pkcs12 decoder validate bags error
      •  19 - pkcs12 decoder import bags error
      •  20 - key db conversion version 3 to version 2 error
      •  21 - cert db conversion version 7 to version 5 error
      •  22 - cert and key dbs patch error
      •  23 - get default cert db error
      •  24 - find cert by nickname error
      •  25 - create export context error
      •  26 - PKCS12 add password itegrity error
      •  27 - cert and key Safes creation error
      •  28 - PKCS12 add cert and key error
      •  29 - PKCS12 encode error
      Examples
      Importing Keys and Certificates
      The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file (-i) and some way to specify the security database being accessed (either -d for a directory or -h for a token).
+    
      
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    
      For example:
       
      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
 
 Enter a password which will be used to encrypt your keys.
 The password should be at least 8 characters long,
@@ -17,10 +13,10 @@ Enter new password:
 Re-enter password: 
 Enter password for PKCS12 file: 
 pk12util: PKCS12 IMPORT SUCCESSFUL
      Exporting Keys and Certificates
      Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database (-n) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
-    
      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example:
      # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+    
      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example:
      # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
 Enter password for PKCS12 file: 
 Re-enter password: 
      Listing Keys and Certificates
      The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file.
-    
      pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example, this prints the default ASCII output:
      # pk12util -l certs.p12
+    
      pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example, this prints the default ASCII output:
      # pk12util -l certs.p12
 
 Enter password for PKCS12 file: 
 Key(shrouded):
@@ -39,7 +35,7 @@ Certificate:
         Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C
             A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
             own,ST=Western Cape,C=ZA"
-....
      Alternatively, the -r prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate:
      # pk12util -l test.p12 -r
+    
      Alternatively, the -r prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate:
      pk12util -l test.p12 -r
 Enter password for PKCS12 file: 
 Key(shrouded):
     Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
@@ -51,7 +47,8 @@ Key(shrouded):
             Iteration Count: 1 (0x1)
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
 
-Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
      Password Encryption
      PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc for private key encryption. PKCS12 V2 PBE with SHA1 and 40 Bit RC4 is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.
      The private key is always protected with strong encryption by default.
      Several types of ciphers are supported.
      Symmetric CBC ciphers for PKCS#5 V2
      DES_CBC
      • RC2-CBC
      • RC5-CBCPad
      • DES-EDE3-CBC (the default for key encryption)
      • AES-128-CBC
      • AES-192-CBC
      • AES-256-CBC
      • CAMELLIA-128-CBC
      • CAMELLIA-192-CBC
      • CAMELLIA-256-CBC
      PKCS#12 PBE ciphers
      PKCS #12 PBE with Sha1 and 128 Bit RC4
      • PKCS #12 PBE with Sha1 and 40 Bit RC4
      • PKCS #12 PBE with Sha1 and Triple DES CBC
      • PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
      • PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC
      • PKCS12 V2 PBE with SHA1 and 128 Bit RC4
      • PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)
      • PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc
      • PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc
      • PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC
      • PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
      PKCS#5 PBE ciphers
      PKCS #5 Password Based Encryption with MD2 and DES CBC
      • PKCS #5 Password Based Encryption with MD5 and DES CBC
      • PKCS #5 Password Based Encryption with SHA1 and DES CBC
      With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation.
      NSS Database Types
      NSS originally used BerkeleyDB databases to store security information. 
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+

      Password Encryption

      PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc for private key encryption. PKCS12 V2 PBE with SHA1 and 40 Bit RC4 is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.

      The private key is always protected with strong encryption by default.

      Several types of ciphers are supported.

      Symmetric CBC ciphers for PKCS#5 V2

      • DES-CBC

      • RC2-CBC

      • RC5-CBCPad

      • DES-EDE3-CBC (the default for key encryption)

      • AES-128-CBC

      • AES-192-CBC

      • AES-256-CBC

      • CAMELLIA-128-CBC

      • CAMELLIA-192-CBC

      • CAMELLIA-256-CBC

      PKCS#12 PBE ciphers

      • PKCS #12 PBE with Sha1 and 128 Bit RC4

      • PKCS #12 PBE with Sha1 and 40 Bit RC4

      • PKCS #12 PBE with Sha1 and Triple DES CBC

      • PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC

      • PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC

      • PKCS12 V2 PBE with SHA1 and 128 Bit RC4

      • PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)

      • PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc

      • PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc

      • PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC

      • PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC

      PKCS#5 PBE ciphers

      • PKCS #5 Password Based Encryption with MD2 and DES CBC

      • PKCS #5 Password Based Encryption with MD5 and DES CBC

      • PKCS #5 Password Based Encryption with SHA1 and DES CBC

      With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation.

      NSS Database Types

      NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

      • cert8.db for certificates

      • diff --git a/security/nss/doc/html/pp.html b/security/nss/doc/html/pp.html index 5b2e2348..4407ef72 100644 --- a/security/nss/doc/html/pp.html +++ b/security/nss/doc/html/pp.html @@ -1,7 +1,7 @@ -PP

        PP

        Name

        pp — Prints certificates, keys, crls, and pkcs7 files

        Synopsis

        pp -t type [-a] [-i input] [-o output]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

        Description

        pp pretty-prints private and public key, certificate, certificate-request, +PP

        PP

        Name

        pp — Prints certificates, keys, crls, and pkcs7 files

        Synopsis

        pp -t type [-a] [-i input] [-o output]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

        Description

        pp pretty-prints private and public key, certificate, certificate-request, pkcs7 or crl files -

        Options

        -t type

        specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

        -a
        Input is in ascii encoded form (RFC1113)
        -i inputfile
        Define an input file to use (default is stdin)
        -u outputfile
        Define an output file to use (default is stdout)

        Additional Resources

        NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

        For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

        Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

        IRC: Freenode at #dogtag-pki

        Authors

        The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

        +

        Options

        -t type

        specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

        -a
        Input is in ascii encoded form (RFC1113)
        -i inputfile
        Define an input file to use (default is stdin)
        -u outputfile
        Define an output file to use (default is stdout)

        Additional Resources

        NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

        For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

        Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

        IRC: Freenode at #dogtag-pki

        Authors

        The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

        Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

        LICENSE

        Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

        diff --git a/security/nss/doc/html/signtool.html b/security/nss/doc/html/signtool.html index 1e33a471..84568e17 100644 --- a/security/nss/doc/html/signtool.html +++ b/security/nss/doc/html/signtool.html @@ -1,4 +1,4 @@ -signtool
        signtool

        Name

        signtool — Digitally sign objects and files.

        Synopsis

        signtool [-k keyName] [[-h]] [[-H]] [[-l]] [[-L]] [[-M]] [[-v]] [[-w]] [[-G nickname]] [[--keysize | -s size]] [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-i installer script] ] [[-m metafile] ] [[-x name] ] [[-f filename] ] [[-t|--token tokenname] ] [[-e extension] ] [[-o] ] [[-z] ] [[-X] ] [[--outfile] ] [[--verbose value] ] [[--norecurse] ] [[--leavearc] ] [[-j directory] ] [[-Z jarfile] ] [[-O] ] [[-p password] ] [directory-tree] [archive]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +signtool

        signtool

        Name

        signtool — Digitally sign objects and files.

        Synopsis

        signtool [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-e extension] ] [[-f filename] ] [[-i installer script] ] [[-h]] [[-H]] [[-v]] [[-w]] [[-G nickname]] [[-J]] [[-j directory] ] [-k keyName] [[--keysize | -s size]] [[-l]] [[-L]] [[-M]] [[-m metafile] ] [[--norecurse] ] [[-O] ] [[-o] ] [[--outfile] ] [[-p password] ] [[-t|--token tokenname] ] [[-z] ] [[-X] ] [[-x name] ] [[--verbose value] ] [[--leavearc] ] [[-Z jarfile] ] [directory-tree] [archive]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

        Description

        The Signing Tool, signtool, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:

        * Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files

        * Check whether the files have been tampered with since being signed

        If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files.

        An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.

        The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.

        For example, if you are a software developer, you should test your code to make sure it is virus-free before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.

        Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:

        * An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.

        * CA server software running on your corporate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.

        You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.

        When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.

        Options

        -b basename

        Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, -b signatures causes the files to be named signatures.rsa and signatures.sf. The default is signtool.

        -c#

        Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. @@ -11,9 +11,25 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include.

        -f commandfile

        Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques". -

        -i scriptname

        - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. -

        -j directory

        +

        -G nickname

        + Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. + +The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. + +Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. + +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. +

        -i scriptname

        +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. +

        -J

        +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. + +The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. + +If the -c# option is not used with the -J option, the default compression value is 6. + +Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. +

        -j directory

        Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.

        -k key ... directory

        Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write @@ -23,26 +39,10 @@ signtool -k MyCert -d . signdir You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. -

        -G nickname

        - Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. - -The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. - -Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. - -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241.

        -l

        Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. The -l option is available in Netscape Signing Tool 1.0 and later versions only. -

        -J

        - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. - -The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. - -If the -c# option is not used with the -J option, the default compression value is 6. - -Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.

        -L

        Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.

        --leavearc

        diff --git a/security/nss/doc/html/signver.html b/security/nss/doc/html/signver.html index 4e6573df..ade57de6 100644 --- a/security/nss/doc/html/signver.html +++ b/security/nss/doc/html/signver.html @@ -1,7 +1,7 @@ -SIGNVER

        SIGNVER

        Name

        signver — Verify a detached PKCS#7 signature for a file.

        Synopsis

        signtool -A | -V -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

        Description

        The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.

        Options

        -A

        Displays all of the information in the PKCS#7 signature.

        -V

        Verifies the digital signature.

        -d [sql:]directory

        Specify the database directory which contains the certificates and keys.

        signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

        -a

        Sets that the given signature file is in ASCII format.

        -i input_file

        Gives the input file for the object with signed data.

        -o output_file

        Gives the output file to which to write the results.

        -s signature_file

        Gives the input file for the digital signature.

        -v

        Enables verbose output.

        Extended Examples

        Verifying a Signature

        The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).

        signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb
+SIGNVER
        SIGNVER
        Name
        signver — Verify a detached PKCS#7 signature for a file.
        Synopsis
        signtool    -A  |   -V    -d directory  [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]
        STATUS
        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477
+    
        Description
        The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.
        Options
        -A
        Displays all of the information in the PKCS#7 signature.
        -V
        Verifies the digital signature.
        -d [sql:]directory
        Specify the database directory which contains the certificates and keys.
        signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.
        -a
        Sets that the given signature file is in ASCII format.
        -i input_file
        Gives the input file for the object with signed data.
        -o output_file
        Gives the output file to which to write the results.
        -s signature_file
        Gives the input file for the digital signature.
        -v
        Enables verbose output.
        Extended Examples
        Verifying a Signature
        The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).
        signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb
 
-signatureValid=yes
        Printing Signature Data
        
+signatureValid=yes

        Printing Signature Data

        The -A option prints all of the information contained in a signature file. Using the -o option prints the signature file information to the given output file rather than stdout. 

        signver -A -s signature_file -o output_file

        NSS Database Types

        NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

        • @@ -20,7 +20,7 @@ BerkleyDB. These new databases provide more accessibility and performance:

        • pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory

        Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

        By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

        # signver -A -s signature -d sql:/home/my/sharednssdb

        To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

        export NSS_DEFAULT_DB_TYPE="sql"

        This line can be set added to the ~/.bashrc file to make the change permanent.

        Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

        • +Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

          # signver -A -s signature -d sql:/home/my/sharednssdb

          To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

          export NSS_DEFAULT_DB_TYPE="sql"

          This line can be added to the ~/.bashrc file to make the change permanent for the user.

          Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

          • https://wiki.mozilla.org/NSS_Shared_DB_Howto

          For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

          • https://wiki.mozilla.org/NSS_Shared_DB

        See Also

        signtool (1)

        The NSS wiki has information on the new database design and how to configure applications to use it.

        • Setting up the shared NSS database

          https://wiki.mozilla.org/NSS_Shared_DB_Howto

        • diff --git a/security/nss/doc/html/ssltap.html b/security/nss/doc/html/ssltap.html index 61b701a2..e69b3758 100644 --- a/security/nss/doc/html/ssltap.html +++ b/security/nss/doc/html/ssltap.html @@ -1,18 +1,9 @@ -SSLTAP

          SSLTAP

          Name

          ssltap — Tap into SSL connections and display the data going by

          Synopsis

          libssltap [-vhfsxl] [-p port] [hostname:port]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

          Description

          The SSL Debugging Tool ssltap is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking

          Options

          -v

          Print a version string for the tool.

          -h

          -Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. -

          -f

          +SSLTAP

          SSLTAP

          Name

          ssltap — Tap into SSL connections and display the data going by

          Synopsis

          ssltap [-fhlsvx] [-p port] [hostname:port]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

          Description

          The SSL Debugging Tool ssltap is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking

          Options

          -f

          Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. -

          -s

          -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. -

          -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. -

          -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. -

          -x

          -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. -

          -l prefix

          +

          -h

          +Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. +

          -l prefix

          Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.

          -p port

          Change the default rendezvous port (1924) to another port.

          The following are well-known port numbers:

          * HTTP 80 @@ -30,7 +21,13 @@ Turn on looping; that is, continue to accept connections rather than stopping af * NNTP 119

          * NNTPS 563 (NNTP over SSL) -

          Usage and Examples

          +

          -s

          +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. +

          +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. +

          +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. +

          -v

          Print a version string for the tool.

          -x

          Turn on extra SSL hex dumps.

          Usage and Examples

          You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell: 

          $ ssltap www.netscape.com

          The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --> [ data ] Data sent from the server to the client is surrounded by the following symbols: diff --git a/security/nss/doc/html/vfychain.html b/security/nss/doc/html/vfychain.html index 49ee65f8..a360836f 100644 --- a/security/nss/doc/html/vfychain.html +++ b/security/nss/doc/html/vfychain.html @@ -1,4 +1,4 @@ -VFYCHAIN

          VFYCHAIN

          Name

          vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...

          Synopsis

          vfychain

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +VFYCHAIN

          VFYCHAIN

          Name

          vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...

          Synopsis

          vfychain

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

          Description

          The verification Tool, vfychain, verifies certificate chains. modutil can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

          The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.

          Options

          -a
          the following certfile is base64 encoded
          -b YYMMDDHHMMZ
          Validate date (default: now)
          -d directory
          database directory
          -f
          Enable cert fetching from AIA URL
          -o oid
          Set policy OID for cert validation(Format OID.1.2.3)
          -p

          Use PKIX Library to validate certificate by calling:

          * CERT_VerifyCertificate if specified once,

          * CERT_PKIXVerifyCert if specified twice and more.

          -r
          Following certfile is raw binary DER (default)
          -t
          Following cert is explicitly trusted (overrides db trust)
          -u usage

          0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, diff --git a/security/nss/doc/html/vfyserv.html b/security/nss/doc/html/vfyserv.html index 58e227ad..dec6dcb3 100644 --- a/security/nss/doc/html/vfyserv.html +++ b/security/nss/doc/html/vfyserv.html @@ -1,4 +1,4 @@ -VFYSERV

          VFYSERV

          Name

          vfyserv — TBD

          Synopsis

          vfyserv

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +VFYSERV

          VFYSERV

          Name

          vfyserv — TBD

          Synopsis

          vfyserv

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

          Description

          The vfyserv tool verifies a certificate chain

          Options

          Additional Resources

          For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

          Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

          IRC: Freenode at #dogtag-pki

          Authors

          The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

          Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

          LICENSE

          Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/doc/modutil.xml b/security/nss/doc/modutil.xml index cefd3f41..142aa69d 100644 --- a/security/nss/doc/modutil.xml +++ b/security/nss/doc/modutil.xml @@ -625,7 +625,8 @@ DISABLE: 0x40000000 Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file. FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR. -user read: 0400 + +user read: 0400 user write: 0200 user execute: 0100 group read: 0040 @@ -633,7 +634,8 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001 +other execute: 0001 + Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed. @@ -693,7 +695,7 @@ Using the SQLite databases must be manually specified by using the sql: To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: export NSS_DEFAULT_DB_TYPE="sql" -This line can be set added to the ~/.bashrc file to make the change permanent. +This line can be added to the ~/.bashrc file to make the change permanent for the user. Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 2dfa79df..1d7f247a 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 31 March 2014 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "31 March 2014" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -229,7 +229,8 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBsql: requests the newer database\fR +\fBsql:\fR +requests the newer database .RE .sp .RS 4 @@ -240,10 +241,13 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBdbm: requests the legacy database\fR +\fBdbm:\fR +requests the legacy database .RE .sp -If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default\&. +If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then +\fBdbm:\fR +is the default\&. .RE .PP \-e @@ -543,7 +547,7 @@ Set a site security officer password on a token\&. .PP \-1 | \-\-keyUsage keyword,keyword .RS 4 -Set a Netscape Certificate Type Extension in the certificate\&. There are several available keywords: +Set an X\&.509 V3 Certificate Type Extension in the certificate\&. There are several available keywords: .sp .RS 4 .ie n \{\ @@ -553,7 +557,7 @@ Set a Netscape Certificate Type Extension in the certificate\&. There are severa .sp -1 .IP \(bu 2.3 .\} -digital signature +digitalSignature .RE .sp .RS 4 @@ -661,7 +665,7 @@ X\&.509 certificate extensions are described in RFC 5280\&. .PP \-5 | \-\-nsCertType keyword,keyword .RS 4 -Add a Netscape certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: +Add an X\&.509 V3 certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/cmsutil.1 b/security/nss/doc/nroff/cmsutil.1 index 2093d679..9c0bb48e 100644 --- a/security/nss/doc/nroff/cmsutil.1 +++ b/security/nss/doc/nroff/cmsutil.1 @@ -2,12 +2,12 @@ .\" Title: CMSUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CMSUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,16 +50,16 @@ To run cmsutil, type the command cmsutil option [arguments] where option and arg .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows: .PP -\-D -.RS 4 -Decode a message\&. -.RE -.PP \-C .RS 4 Encrypt a message\&. .RE .PP +\-D +.RS 4 +Decode a message\&. +.RE +.PP \-E .RS 4 Envelope a message\&. @@ -247,11 +247,6 @@ cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\ .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/crlutil.1 b/security/nss/doc/nroff/crlutil.1 index 3e2c3ee3..866bdedb 100644 --- a/security/nss/doc/nroff/crlutil.1 +++ b/security/nss/doc/nroff/crlutil.1 @@ -2,12 +2,12 @@ .\" Title: CRLUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CRLUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -57,64 +57,55 @@ where options and arguments are combinations of the options and arguments listed .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the crlutil command are defined as follows: .PP -\-G -.RS 4 -Create new Certificate Revocation List(CRL)\&. -.RE -.PP \-D .RS 4 Delete Certificate Revocation List from cert database\&. .RE .PP -\-I -.RS 4 -Import a CRL to the cert database -.RE -.PP \-E .RS 4 Erase all CRLs of specified type from the cert database .RE .PP +\-G +.RS 4 +Create new Certificate Revocation List (CRL)\&. +.RE +.PP +\-I +.RS 4 +Import a CRL to the cert database +.RE +.PP \-L .RS 4 List existing CRL located in cert database file\&. .RE .PP -\-S -.RS 4 -Show contents of a CRL file which isn\*(Aqt stored in the database\&. -.RE -.PP \-M .RS 4 Modify existing CRL which can be located in cert db or in arbitrary file\&. If located in file it should be encoded in ASN\&.1 encode format\&. .RE .PP -\-G +\-S .RS 4 +Show contents of a CRL file which isn\*(Aqt stored in the database\&. .RE .PP \fBArguments\fR .PP -Option arguments modify an action and are lowercase\&. -.PP -\-B -.RS 4 -Bypass CA signature checks\&. -.RE -.PP -\-P dbprefix -.RS 4 -Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. -.RE +Option arguments modify an action\&. .PP \-a .RS 4 Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&. .RE .PP +\-B +.RS 4 +Bypass CA signature checks\&. +.RE +.PP \-c crl\-gen\-file .RS 4 Specify script file that will be used to control crl generation/modification\&. See crl\-cript\-file format below\&. If options \-M|\-G is used and \-c crl\-script\-file is not specified, crlutil will read script data from standard input\&. @@ -127,16 +118,16 @@ Specify the database directory containing the certificate and key database files The NSS database files must reside in the same directory\&. .RE .PP -\-i crl\-file -.RS 4 -Specify the file which contains the CRL to import or show\&. -.RE -.PP \-f password\-file .RS 4 Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&. .RE .PP +\-i crl\-file +.RS 4 +Specify the file which contains the CRL to import or show\&. +.RE +.PP \-l algorithm\-name .RS 4 Specify a specific signature algorithm\&. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512 @@ -152,6 +143,11 @@ Specify the nickname of a certificate or key to list, create, add to a database, Specify the output file name for new CRL\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&. .RE .PP +\-P dbprefix +.RS 4 +Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +.RE +.PP \-t crl\-type .RS 4 Specify type of CRL\&. possible types are: 0 \- SEC_KRL_TYPE, 1 \- SEC_CRL_TYPE\&. This option is obsolete @@ -369,11 +365,6 @@ crlutil \-G|\-M \-c crl\-gen\-file \-n nickname [\-i crl] [\-u url] [\-d keydir] .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/modutil.1 b/security/nss/doc/nroff/modutil.1 index 09cd45de..1ce9ab2c 100644 --- a/security/nss/doc/nroff/modutil.1 +++ b/security/nss/doc/nroff/modutil.1 @@ -1,13 +1,13 @@ '\" t .\" Title: MODUTIL .\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.77.1 -.\" Date: 15 February 2013 +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "MODUTIL" "1" "15 February 2013" "nss-tools" "NSS Security Tools" +.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -109,6 +109,8 @@ Delete the named module\&. The default NSS PKCS #11 module cannot be deleted\&. Disable all slots on the named module\&. Use the \fB\-slot\fR argument to disable a specific slot\&. +.sp +The internal NSS PKCS #11 module cannot be disabled\&. .RE .PP \-enable modulename @@ -1248,7 +1250,7 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001 +other execute: 0001 .fi .if n \{\ .RE @@ -1366,9 +1368,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp @@ -1436,12 +1438,12 @@ Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto IRC: Freenode at #dogtag\-pki .SH "AUTHORS" .PP -The NSS tools were written and maintained by developers with Netscape, Red Hat, and Sun\&. +The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. .PP Authors: Elio Maldonado , Deon Lackey \&. .SH "LICENSE" .PP -Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&. +Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. .SH "NOTES" .IP " 1." 4 Mozilla NSS bug 836477 diff --git a/security/nss/doc/nroff/pk12util.1 b/security/nss/doc/nroff/pk12util.1 index 55ae2e6f..c4fa972c 100644 --- a/security/nss/doc/nroff/pk12util.1 +++ b/security/nss/doc/nroff/pk12util.1 @@ -2,12 +2,12 @@ .\" Title: PK12UTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PK12UTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database .SH "SYNOPSIS" .HP \w'\fBpk12util\fR\ 'u -\fBpk12util\fR [\-i\ p12File\ [\-h\ tokenname]\ [\-v]\ [common\-options]] [\-l\ p12File\ [\-h\ tokenname]\ [\-r]\ [common\-options]] [\-o\ p12File\ \-n\ certname\ [\-c\ keyCipher]\ [\-C\ certCipher]\ [\-m|\-\-key_len\ keyLen]\ [\-n|\-\-cert_key_len\ certKeyLen]\ [common\-options]] [common\-options\ are:\ [\-d\ [sql:]directory]\ [\-P\ dbprefix]\ [\-k\ slotPasswordFile|\-K\ slotPassword]\ [\-w\ p12filePasswordFile|\-W\ p12filePassword]] +\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -61,9 +61,14 @@ Export keys and certificates from the security database to a PKCS#12 file\&. .PP \fBArguments\fR .PP -\-n certname +\-c keyCipher .RS 4 -Specify the nickname of the cert and private key to export\&. +Specify the key encryption algorithm\&. +.RE +.PP +\-C certCipher +.RS 4 +Specify the key cert (overall package) encryption algorithm\&. .RE .PP \-d [sql:]directory @@ -80,21 +85,11 @@ pkcs11\&.txt)\&. If the prefix is not used, then the tool assumes that the given databases are in the old format\&. .RE .PP -\-P prefix -.RS 4 -Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. -.RE -.PP \-h tokenname .RS 4 Specify the name of the token to import into or export from\&. .RE .PP -\-v -.RS 4 -Enable debug logging when importing\&. -.RE -.PP \-k slotPasswordFile .RS 4 Specify the text file containing the slot\*(Aqs password\&. @@ -105,26 +100,6 @@ Specify the text file containing the slot\*(Aqs password\&. Specify the slot\*(Aqs password\&. .RE .PP -\-w p12filePasswordFile -.RS 4 -Specify the text file containing the pkcs #12 file password\&. -.RE -.PP -\-W p12filePassword -.RS 4 -Specify the pkcs #12 file password\&. -.RE -.PP -\-c keyCipher -.RS 4 -Specify the key encryption algorithm\&. -.RE -.PP -\-C certCipher -.RS 4 -Specify the key cert (overall package) encryption algorithm\&. -.RE -.PP \-m | \-\-key\-len keyLength .RS 4 Specify the desired length of the symmetric key to be used to encrypt the private key\&. @@ -135,10 +110,35 @@ Specify the desired length of the symmetric key to be used to encrypt the privat Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&. .RE .PP +\-n certname +.RS 4 +Specify the nickname of the cert and private key to export\&. +.RE +.PP +\-P prefix +.RS 4 +Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +.RE +.PP \-r .RS 4 Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&. .RE +.PP +\-v +.RS 4 +Enable debug logging when importing\&. +.RE +.PP +\-w p12filePasswordFile +.RS 4 +Specify the text file containing the pkcs #12 file password\&. +.RE +.PP +\-W p12filePassword +.RS 4 +Specify the pkcs #12 file password\&. +.RE .SH "RETURN CODES" .sp .RS 4 @@ -437,18 +437,12 @@ for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and som for a directory or \fB\-h\fR for a token)\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: +.PP + .sp .if n \{\ .RS 4 @@ -474,16 +468,8 @@ pk12util: PKCS12 IMPORT SUCCESSFUL Using the \fBpk12util\fR command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: .sp @@ -506,16 +492,8 @@ The information in a file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the \&.p12 file\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example, this prints the default ASCII output: .sp @@ -542,7 +520,7 @@ Certificate: Issuer: "E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -\&.\&.\&.\&. + .fi .if n \{\ .RE @@ -561,7 +539,7 @@ file000N\&.der, incrementing the number for every certificate: .RS 4 .\} .nf -# pk12util \-l test\&.p12 \-r +pk12util \-l test\&.p12 \-r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID @@ -574,6 +552,7 @@ Key(shrouded): Certificate Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting Certificate Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID + .fi .if n \{\ .RE @@ -592,7 +571,17 @@ Several types of ciphers are supported\&. .PP Symmetric CBC ciphers for PKCS#5 V2 .RS 4 -DES_CBC +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +DES\-CBC +.RE .sp .RS 4 .ie n \{\ @@ -696,7 +685,17 @@ CAMELLIA\-256\-CBC .PP PKCS#12 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #12 PBE with Sha1 and 128 Bit RC4 +.RE .sp .RS 4 .ie n \{\ @@ -811,7 +810,17 @@ PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC .PP PKCS#5 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #5 Password Based Encryption with MD2 and DES CBC +.RE .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/pp.1 b/security/nss/doc/nroff/pp.1 index 6a8eb630..2c9aa5a6 100644 --- a/security/nss/doc/nroff/pp.1 +++ b/security/nss/doc/nroff/pp.1 @@ -2,12 +2,12 @@ .\" Title: PP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/signtool.1 b/security/nss/doc/nroff/signtool.1 index e78f77b5..3a91ce69 100644 --- a/security/nss/doc/nroff/signtool.1 +++ b/security/nss/doc/nroff/signtool.1 @@ -2,12 +2,12 @@ .\" Title: signtool .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNTOOL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ signtool \- Digitally sign objects and files\&. .SH "SYNOPSIS" .HP \w'\fBsigntool\fR\ 'u -\fBsigntool\fR [\-k\ keyName] [[\-h]] [[\-H]] [[\-l]] [[\-L]] [[\-M]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-\-keysize\ |\ \-s\ size]] [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-i\ installer\ script]] [[\-m\ metafile]] [[\-x\ name]] [[\-f\ filename]] [[\-t|\-\-token\ tokenname]] [[\-e\ extension]] [[\-o]] [[\-z]] [[\-X]] [[\-\-outfile]] [[\-\-verbose\ value]] [[\-\-norecurse]] [[\-\-leavearc]] [[\-j\ directory]] [[\-Z\ jarfile]] [[\-O]] [[\-p\ password]] [directory\-tree] [archive] +\fBsigntool\fR [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-e\ extension]] [[\-f\ filename]] [[\-i\ installer\ script]] [[\-h]] [[\-H]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-J]] [[\-j\ directory]] [\-k\ keyName] [[\-\-keysize\ |\ \-s\ size]] [[\-l]] [[\-L]] [[\-M]] [[\-m\ metafile]] [[\-\-norecurse]] [[\-O]] [[\-o]] [[\-\-outfile]] [[\-p\ password]] [[\-t|\-\-token\ tokenname]] [[\-z]] [[\-X]] [[\-x\ name]] [[\-\-verbose\ value]] [[\-\-leavearc]] [[\-Z\ jarfile]] [directory\-tree] [archive] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -91,11 +91,21 @@ Tells signtool to sign only files with the given extension; for example, use \-e Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format\&. All options and arguments can be expressed through this file\&. For more information about the syntax used with this file, see "Tips and Techniques"\&. .RE .PP +\-G nickname +.RS 4 +Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognized certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. +.RE +.PP \-i scriptname .RS 4 Specifies the name of an installer script for SmartUpdate\&. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature\&. For more details, see the description of \-m that follows\&. The \-i option provides a straightforward way to provide this information if you don\*(Aqt need to specify any metadata other than an installer script\&. .RE .PP +\-J +.RS 4 +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. +.RE +.PP \-j directory .RS 4 Specifies a special JavaScript directory\&. This option causes the specified directory to be signed and tags its entries as inline JavaScript\&. This special type of entry does not have to appear in the JAR file itself\&. Instead, it is located in the HTML page containing the inline scripts\&. When you use signtool \-v, these entries are displayed with the string NOT PRESENT\&. @@ -106,21 +116,11 @@ Specifies a special JavaScript directory\&. This option causes the specified dir Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory\&. The directory to sign is always specified as the last command\-line argument\&. Thus, it is possible to write signtool \-k MyCert \-d \&. signdir You may have trouble if the nickname contains a single quotation mark\&. To avoid problems, escape the quotation mark using the escape conventions for your platform\&. It\*(Aqs also possible to use the \-k option without signing any files or specifying a directory\&. For example, you can use it with the \-l option to get detailed information about a particular signing certificate\&. .RE .PP -\-G nickname -.RS 4 -Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognized certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. For more information about the use of the \-G option, see "Generating Test Object\-Signing Certificates""Generating Test Object\-Signing Certificates" on page 1241\&. -.RE -.PP \-l .RS 4 Lists signing certificates, including issuing CAs\&. If any of your certificates are expired or invalid, the list will so specify\&. This option can be used with the \-k option to list detailed information about a particular signing certificate\&. The \-l option is available in Netscape Signing Tool 1\&.0 and later versions only\&. .RE .PP -\-J -.RS 4 -Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. -.RE -.PP \-L .RS 4 Lists the certificates in your database\&. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool\&. diff --git a/security/nss/doc/nroff/signver.1 b/security/nss/doc/nroff/signver.1 index c327c8a7..ad92c11a 100644 --- a/security/nss/doc/nroff/signver.1 +++ b/security/nss/doc/nroff/signver.1 @@ -2,12 +2,12 @@ .\" Title: SIGNVER .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNVER" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -236,9 +236,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp diff --git a/security/nss/doc/nroff/ssltap.1 b/security/nss/doc/nroff/ssltap.1 index 950f20b8..69129ecb 100644 --- a/security/nss/doc/nroff/ssltap.1 +++ b/security/nss/doc/nroff/ssltap.1 @@ -2,12 +2,12 @@ .\" Title: SSLTAP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SSLTAP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -30,8 +30,8 @@ .SH "NAME" ssltap \- Tap into SSL connections and display the data going by .SH "SYNOPSIS" -.HP \w'\fBlibssltap\fR\ 'u -\fBlibssltap\fR [\-vhfsxl] [\-p\ port] [hostname:port] +.HP \w'\fBssltap\fR\ 'u +\fBssltap\fR [\-fhlsvx] [\-p\ port] [hostname:port] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -43,33 +43,14 @@ The SSL Debugging Tool is an SSL\-aware command\-line proxy\&. It watches TCP connections and displays the data going by\&. If a connection is SSL, the data display includes interpreted SSL records and handshaking .SH "OPTIONS" .PP -\-v -.RS 4 -Print a version string for the tool\&. -.RE -.PP -\-h -.RS 4 -Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. -.RE -.PP \-f .RS 4 Turn on fancy printing\&. Output is printed in colored HTML\&. Data sent from the client to the server is in blue; the server\*(Aqs reply is in red\&. When used with looping mode, the different connections are separated with horizontal lines\&. You can use this option to upload the output into a browser\&. .RE .PP -\-s +\-h .RS 4 -Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. -.sp -If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. -.sp -If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. -.RE -.PP -\-x -.RS 4 -Turn on hex/ASCII printing of undecoded data inside parsed SSL records\&. Used only with the \-s option\&. This option uses the same output format as the \-h option\&. +Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. .RE .PP \-l prefix @@ -99,6 +80,25 @@ The following are well\-known port numbers: .sp * NNTPS 563 (NNTP over SSL) .RE +.PP +\-s +.RS 4 +Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. +.sp +If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. +.sp +If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. +.RE +.PP +\-v +.RS 4 +Print a version string for the tool\&. +.RE +.PP +\-x +.RS 4 +Turn on extra SSL hex dumps\&. +.RE .SH "USAGE AND EXAMPLES" .PP You can use the SSL Debugging Tool to intercept any connection information\&. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful\&. For example, assume your development machine is called intercept\&. The simplest way to use the debugging tool is to execute the following command from a command shell: diff --git a/security/nss/doc/nroff/vfychain.1 b/security/nss/doc/nroff/vfychain.1 index 487b7f9a..d5e37e4d 100644 --- a/security/nss/doc/nroff/vfychain.1 +++ b/security/nss/doc/nroff/vfychain.1 @@ -2,12 +2,12 @@ .\" Title: VFYCHAIN .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYCHAIN" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/vfyserv.1 b/security/nss/doc/nroff/vfyserv.1 index f991ce23..ffe5f361 100644 --- a/security/nss/doc/nroff/vfyserv.1 +++ b/security/nss/doc/nroff/vfyserv.1 @@ -2,12 +2,12 @@ .\" Title: VFYSERV .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYSERV" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/pk12util.xml b/security/nss/doc/pk12util.xml index 590aec80..03ee356e 100644 --- a/security/nss/doc/pk12util.xml +++ b/security/nss/doc/pk12util.xml @@ -27,16 +27,14 @@ pk12util - -i p12File [-h tokenname] [-v] [common-options] - - -l p12File [-h tokenname] [-r] [common-options] - - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] - - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - + -i p12File|-l p12File|-o p12File + -d [sql:]directory + -h tokenname + -P dbprefix + -r + -v + -k slotPasswordFile|-K slotPassword + -w p12filePasswordFile|-W p12filePassword @@ -73,10 +71,14 @@ common-options are: Arguments - - -n certname - Specify the nickname of the cert and private key to export. + -c keyCipher + Specify the key encryption algorithm. + + + + -C certCipher + Specify the key cert (overall package) encryption algorithm. @@ -85,22 +87,11 @@ common-options are: pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format. - - -P prefix - Specify the prefix used on the certificate and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended. - - -h tokenname Specify the name of the token to import into or export from. - - -v - Enable debug logging when importing. - - -k slotPasswordFile Specify the text file containing the slot's password. @@ -111,26 +102,6 @@ common-options are: Specify the slot's password. - - -w p12filePasswordFile - Specify the text file containing the pkcs #12 file password. - - - - -W p12filePassword - Specify the pkcs #12 file password. - - - - -c keyCipher - Specify the key encryption algorithm. - - - - -C certCipher - Specify the key cert (overall package) encryption algorithm. - - -m | --key-len keyLength Specify the desired length of the symmetric key to be used to encrypt the private key. @@ -141,10 +112,37 @@ common-options are: Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data. + + -n certname + Specify the nickname of the cert and private key to export. + + + + -P prefix + Specify the prefix used on the certificate and key databases. This option is provided as a special case. + Changing the names of the certificate and key databases is not recommended. + + -r Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file. + + + -v + Enable debug logging when importing. + + + + -w p12filePasswordFile + Specify the text file containing the pkcs #12 file password. + + + + -W p12filePassword + Specify the pkcs #12 file password. + + @@ -237,9 +235,12 @@ common-options are: Importing Keys and Certificates The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file () and some way to specify the security database being accessed (either for a directory or for a token). -pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + + pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + For example: -# pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb + + # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, @@ -253,18 +254,18 @@ pk12util: PKCS12 IMPORT SUCCESSFUL Exporting Keys and Certificates Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database () and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. -pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] For example: -# pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb + # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb Enter password for PKCS12 file: Re-enter password: Listing Keys and Certificates The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file. -pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] For example, this prints the default ASCII output: -# pk12util -l certs.p12 + # pk12util -l certs.p12 Enter password for PKCS12 file: Key(shrouded): @@ -283,9 +284,9 @@ Certificate: Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -.... + Alternatively, the prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate: -# pk12util -l test.p12 -r + pk12util -l test.p12 -r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID @@ -297,7 +298,8 @@ Key(shrouded): Iteration Count: 1 (0x1) Certificate Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting -Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID +Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + @@ -309,86 +311,48 @@ Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L Symmetric CBC ciphers for PKCS#5 V2 - DES_CBC - - - RC2-CBC - - - RC5-CBCPad - - - DES-EDE3-CBC (the default for key encryption) - - - AES-128-CBC - - - AES-192-CBC - - - AES-256-CBC - - - CAMELLIA-128-CBC - - - CAMELLIA-192-CBC - - - CAMELLIA-256-CBC - - + + + DES-CBC + RC2-CBC + RC5-CBCPad + DES-EDE3-CBC (the default for key encryption) + AES-128-CBC + AES-192-CBC + AES-256-CBC + CAMELLIA-128-CBC + CAMELLIA-192-CBC + CAMELLIA-256-CBC + + PKCS#12 PBE ciphers - PKCS #12 PBE with Sha1 and 128 Bit RC4 - - - PKCS #12 PBE with Sha1 and 40 Bit RC4 - - - PKCS #12 PBE with Sha1 and Triple DES CBC - - - PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC - - - PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC - - - PKCS12 V2 PBE with SHA1 and 128 Bit RC4 - - - PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode) - - - PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc - - - PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc - - - PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC - - - PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC - - + + + PKCS #12 PBE with Sha1 and 128 Bit RC4 + PKCS #12 PBE with Sha1 and 40 Bit RC4 + PKCS #12 PBE with Sha1 and Triple DES CBC + PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC + PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC + PKCS12 V2 PBE with SHA1 and 128 Bit RC4 + PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode) + PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc + PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc + PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC + PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC + + - - - PKCS#5 PBE ciphers - PKCS #5 Password Based Encryption with MD2 and DES CBC - - - PKCS #5 Password Based Encryption with MD5 and DES CBC - - - PKCS #5 Password Based Encryption with SHA1 and DES CBC - - + PKCS#5 PBE ciphers + + + PKCS #5 Password Based Encryption with MD2 and DES CBC + PKCS #5 Password Based Encryption with MD5 and DES CBC + PKCS #5 Password Based Encryption with SHA1 and DES CBC + + With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation. diff --git a/security/nss/doc/signtool.xml b/security/nss/doc/signtool.xml index 9f9da687..3a6c2080 100644 --- a/security/nss/doc/signtool.xml +++ b/security/nss/doc/signtool.xml @@ -27,36 +27,37 @@ signtool - -k keyName - [-h] - [-H] - [-l] - [-L] - [-M] - [-v] - [-w] - [-G nickname] - [--keysize | -s size] [-b basename] [-c Compression Level] [-d cert-dir] - [-i installer script] - [-m metafile] - [-x name] - [-f filename] - [-t|--token tokenname] [-e extension] + [-f filename] + [-i installer script] + [-h] + [-H] + [-v] + [-w] + [-G nickname] + [-J] + [-j directory] + -k keyName + [--keysize | -s size] + [-l] + [-L] + [-M] + [-m metafile] + [--norecurse] + [-O] [-o] + [--outfile] + [-p password] + [-t|--token tokenname] [-z] [-X] - [--outfile] + [-x name] [--verbose value] - [--norecurse] [--leavearc] - [-j directory] [-Z jarfile] - [-O] - [-p password] directory-tree archive @@ -97,7 +98,7 @@ -c# - + Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6. @@ -123,11 +124,37 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques". + + -G nickname + + Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. + +The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. + +Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. + +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. + + -i scriptname - - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. - + +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. + + + + -J + + +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. + +The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. + +If the -c# option is not used with the -J option, the default compression value is 6. + +Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. + + -j directory @@ -145,18 +172,6 @@ signtool -k MyCert -d . signdir You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. - - - - -G nickname - - Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. - -The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. - -Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. - -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241. @@ -165,18 +180,6 @@ The -G option is available in Netscape Signing Tool 1.0 and later versions only. Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. The -l option is available in Netscape Signing Tool 1.0 and later versions only. - - - - -J - - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. - -The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. - -If the -c# option is not used with the -J option, the default compression value is 6. - -Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. diff --git a/security/nss/doc/signver.xml b/security/nss/doc/signver.xml index 7c598d82..e645e919 100644 --- a/security/nss/doc/signver.xml +++ b/security/nss/doc/signver.xml @@ -163,7 +163,7 @@ Using the SQLite databases must be manually specified by using the sql: To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: export NSS_DEFAULT_DB_TYPE="sql" -This line can be set added to the ~/.bashrc file to make the change permanent. +This line can be added to the ~/.bashrc file to make the change permanent for the user. Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: diff --git a/security/nss/doc/ssltap.xml b/security/nss/doc/ssltap.xml index e66a493e..32b9e2f5 100644 --- a/security/nss/doc/ssltap.xml +++ b/security/nss/doc/ssltap.xml @@ -26,8 +26,8 @@ - libssltap - -vhfsxl + ssltap + -fhlsvx -p port hostname:port @@ -48,8 +48,10 @@ Options - -v - Print a version string for the tool. + -f + +Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. + -h @@ -57,34 +59,6 @@ Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. - - -f - -Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. - - - -s - - -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. - - -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. - - -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. - - - - - -x - - -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. - - - -l prefix @@ -124,6 +98,28 @@ Turn on looping; that is, continue to accept connections rather than stopping af + + -s + + +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. + + +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. + + +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. + + + + + -v + Print a version string for the tool. + + + -x + Turn on extra SSL hex dumps. + diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index edb95af4..ea1621bc 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -28,12 +28,12 @@ static const NameToKind name2kinds[] = { * (See: http://www.iana.org/assignments/ldap-parameters) */ /* RFC 3280, 4630 MUST SUPPORT */ - { "CN", 64, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, + { "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, { "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE, SEC_ASN1_DS}, - { "O", 64, SEC_OID_AVA_ORGANIZATION_NAME, + { "O", 128, SEC_OID_AVA_ORGANIZATION_NAME, SEC_ASN1_DS}, - { "OU", 64, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, + { "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_ASN1_DS}, { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING}, { "C", 2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING}, @@ -377,7 +377,7 @@ ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr) char sep = 0; char tagBuf[32]; - char valBuf[384]; + char valBuf[1024]; PORT_Assert(arena); if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) || @@ -889,7 +889,7 @@ get_hex_string(SECItem *data) static SECStatus AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) { -#define TMPBUF_LEN 384 +#define TMPBUF_LEN 2048 const NameToKind *pn2k = name2kinds; SECItem *avaValue = NULL; char *unknownTag = NULL; diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index 41e0b91c..d0d53c30 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -7,16 +7,16 @@ /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ /* old usage, to keep old programs compiling */ /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index de9e1f87..1b0cc970 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -137,6 +137,39 @@ const SEC_ASN1Template CERT_GeneralNamesTemplate[] = { }; +static struct { + CERTGeneralNameType type; + char *name; +} typesArray[] = { + { certOtherName, "other" }, + { certRFC822Name, "email" }, + { certRFC822Name, "rfc822" }, + { certDNSName, "dns" }, + { certX400Address, "x400" }, + { certX400Address, "x400addr" }, + { certDirectoryName, "directory" }, + { certDirectoryName, "dn" }, + { certEDIPartyName, "edi" }, + { certEDIPartyName, "ediparty" }, + { certURI, "uri" }, + { certIPAddress, "ip" }, + { certIPAddress, "ipaddr" }, + { certRegisterID, "registerid" } +}; + +CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string) +{ + int types_count = sizeof(typesArray)/sizeof(typesArray[0]); + int i; + + for (i=0; i < types_count; i++) { + if (PORT_Strcasecmp(string, typesArray[i].name) == 0) { + return typesArray[i].type; + } + } + return 0; +} CERTGeneralName * CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type) @@ -1578,9 +1611,9 @@ getNameExtensionsBuiltIn(CERTCertificate *cert, "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" "\x76\x2E\x66\x72"; - const SECItem anssi_subject = {0, (char *) rawANSSISubject, + const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject, sizeof(rawANSSISubject)-1}; - const SECItem permitFranceGovNC = {0, (char *) constraintFranceGov, + const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov, sizeof(constraintFranceGov)-1}; if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h index 091c82c1..1d94376d 100644 --- a/security/nss/lib/certdb/genname.h +++ b/security/nss/lib/certdb/genname.h @@ -26,6 +26,9 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName); extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name); +extern CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string); + extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena, SECItem *dest); diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 370c1b3b..ba43e70f 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96 -#define NSS_BUILTINS_LIBRARY_VERSION "1.96" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98 +#define NSS_BUILTINS_LIBRARY_VERSION "1.98" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h index b16c9134..6661b664 100644 --- a/security/nss/lib/cryptohi/cryptohi.h +++ b/security/nss/lib/cryptohi/cryptohi.h @@ -56,7 +56,7 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len); /* ** Create a new signature context used for signing a data stream. -** "alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5) +** "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION) ** "privKey" the private key to use */ extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey); diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index b93ace4f..2ea337b3 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -37,7 +37,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key) * PKCS #7 algTag if we were just going to change here you might * ask. Well the answer is for some cards we may have to do the * hashing on card. It may not support CKM_RSA_PKCS sign algorithm, - * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5. + * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS. */ /* we have a private key, not a public key, so don't pass it in */ rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg); diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 2a51501b..ec6a7698 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -664,7 +664,7 @@ $(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 # symbolic names to registers, for example, # .set Htbl, %rdi # So we can't use Clang's integrated assembler with intel-gcm.s. -ifneq (,$(findstring clang,$(AS))) +ifneq (,$(findstring clang,$(shell $(AS) --version))) $(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as endif endif diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 2e88d769..8324714d 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, /* ** Perform a check of private key parameters for consistency. */ -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); /* ** Given only minimal private key parameters, fill in the rest of the diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 3c08f893..5eb50de9 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -214,7 +214,7 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, } SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) return SECFailure; diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index bda18a69..65cfd76d 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -229,7 +229,7 @@ struct FREEBLVectorStr { unsigned char *output, const unsigned char *input); - SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key); + SECStatus (* p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key); void (* p_BL_Cleanup)(void); diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 8a9a1121..cc7d4fee 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, return rsa_PrivateKeyOp(key, output, input, PR_TRUE); } -static SECStatus -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) -{ - int len; - mp_err err = MP_OKAY; - memset(buffer->data, 0, buffer->len); - len = mp_unsigned_octet_size(mpval); - if (len <= 0) return SECFailure; - if ((unsigned int)len <= buffer->len) { - /* The new value is no longer than the old buffer, so use it */ - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - buffer->len = len; - } else if (arena) { - /* The new value is longer, but working within an arena */ - (void)SECITEM_AllocItem(arena, buffer, len); - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - } else { - /* The new value is longer, no arena, can't handle this key */ - return SECFailure; - } - return (err == MP_OKAY) ? SECSuccess : SECFailure; -} - SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; mp_err err = MP_OKAY; @@ -1406,6 +1381,17 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) CHECK_MPI_OK( mp_init(&d_q) ); CHECK_MPI_OK( mp_init(&qInv) ); CHECK_MPI_OK( mp_init(&res) ); + + if (!key->modulus.data || !key->prime1.data || !key->prime2.data || + !key->publicExponent.data || !key->privateExponent.data || + !key->exponent1.data || !key->exponent2.data || + !key->coefficient.data) { + /* call RSA_PopulatePrivateKey first, if the application wishes to + * recover these parameters */ + err = MP_BADARG; + goto cleanup; + } + SECITEM_TO_MPINT(key->modulus, &n); SECITEM_TO_MPINT(key->prime1, &p); SECITEM_TO_MPINT(key->prime2, &q); @@ -1414,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) SECITEM_TO_MPINT(key->exponent1, &d_p); SECITEM_TO_MPINT(key->exponent2, &d_q); SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ + /* p > q */ if (mp_cmp(&p, &q) <= 0) { - /* mind the p's and q's (and d_p's and d_q's) */ - SECItem tmp; - mp_exch(&p, &q); - mp_exch(&d_p,&d_q); - tmp = key->prime1; - key->prime1 = key->prime2; - key->prime2 = tmp; - tmp = key->exponent1; - key->exponent1 = key->exponent2; - key->exponent2 = tmp; + rv = SECFailure; + goto cleanup; } #define VERIFY_MPI_EQUAL(m1, m2) \ if (mp_cmp(m1, m2) != 0) { \ @@ -1437,9 +1415,6 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) rv = SECFailure; \ goto cleanup; \ } - /* - * The following errors cannot be recovered from. - */ /* n == p * q */ CHECK_MPI_OK( mp_mul(&p, &q, &res) ); VERIFY_MPI_EQUAL(&res, &n); @@ -1457,28 +1432,16 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) /* d*e == 1 mod q-1 */ CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) ); VERIFY_MPI_EQUAL_1(&res); - /* - * The following errors can be recovered from. - */ /* d_p == d mod p-1 */ CHECK_MPI_OK( mp_mod(&d, &psub1, &res) ); - if (mp_cmp(&d_p, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) ); - } + VERIFY_MPI_EQUAL(&res, &d_p); /* d_q == d mod q-1 */ CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) ); - if (mp_cmp(&d_q, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) ); - } + VERIFY_MPI_EQUAL(&res, &d_q); /* q * q**-1 == 1 mod p */ CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) ); - if (mp_cmp_d(&res, 1) != 0) { - /* compute the correct value */ - CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) ); - CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) ); - } + VERIFY_MPI_EQUAL_1(&res); + cleanup: mp_clear(&n); mp_clear(&p); diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c index d06b4e00..fa3c8a0d 100644 --- a/security/nss/lib/jar/jarver.c +++ b/security/nss/lib/jar/jarver.c @@ -14,13 +14,8 @@ #include "certdb.h" #include "certt.h" #include "secpkcs7.h" - -/*#include "cdbhdl.h" */ #include "secder.h" -/* from certdb.h */ -#define CERTDB_USER (1<<6) - #define SZ 512 static int diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fdb1cd08..6f6b6708 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1053,3 +1053,12 @@ SECMOD_InternaltoPubMechFlags; ;+ local: ;+ *; ;+}; +;+NSS_3.16.2 { # NSS 3.16.2 release +;+ global: +CERT_AddExtensionByOID; +CERT_GetGeneralNameTypeFromString; +PK11_PubEncrypt; +PK11_PrivDecrypt; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index c293db34..4d3d1f5e 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,11 +33,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.15.5" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.16.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 15 -#define NSS_VPATCH 5 -#define NSS_VBUILD 0 +#define NSS_VMINOR 16 +#define NSS_VPATCH 2 +#define NSS_VBUILD 1 #define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 39168b96..3f3edb11 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, * CERTCertificate, and finish */ nssPKIObject_AddInstance(&c->object, certobj); + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and + * replace 'c' by a different value. So we add a reference to 'c' to + * prevent 'c' from being destroyed. */ + nssCertificate_AddRef(c); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); + /* XXX should we pass the original value of 'c' to + * STAN_ForceCERTCertificateUpdate? */ (void)STAN_ForceCERTCertificateUpdate(c); + nssCertificate_Destroy(c); SECITEM_FreeItem(keyID,PR_TRUE); return SECSuccess; loser: diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index e1e764b1..6700180a 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -55,6 +55,11 @@ static const CK_C_INITIALIZE_ARGS secmodLockFunctions = { CKF_OS_LOCKING_OK ,NULL }; +static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = { + NULL, NULL, NULL, NULL, + CKF_LIBRARY_CANT_CREATE_OS_THREADS + ,NULL +}; static PRBool loadSingleThreadedModules = PR_TRUE; static PRBool enforceAlreadyInitializedError = PR_TRUE; @@ -209,12 +214,18 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, return SECFailure; } - if (mod->isThreadSafe == PR_FALSE) { - pInitArgs = NULL; - } else if (mod->libraryParams == NULL) { - pInitArgs = (void *) &secmodLockFunctions; + if (mod->libraryParams == NULL) { + if (mod->isThreadSafe) { + pInitArgs = (void *) &secmodLockFunctions; + } else { + pInitArgs = NULL; + } } else { - moduleArgs = secmodLockFunctions; + if (mod->isThreadSafe) { + moduleArgs = secmodLockFunctions; + } else { + moduleArgs = secmodNoLockArgs; + } moduleArgs.LibraryParameters = (void *) mod->libraryParams; pInitArgs = &moduleArgs; } @@ -251,18 +262,30 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, } } if (crv != CKR_OK) { - if (pInitArgs == NULL || + if (!mod->isThreadSafe || crv == CKR_NETSCAPE_CERTDB_FAILED || crv == CKR_NETSCAPE_KEYDB_FAILED) { PORT_SetError(PK11_MapError(crv)); return SECFailure; } + /* If we had attempted to init a single threaded module "with" + * parameters and it failed, should we retry "without" parameters? + * (currently we don't retry in this scenario) */ + if (!loadSingleThreadedModules) { PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11); return SECFailure; } + /* If we arrive here, the module failed a ThreadSafe init. */ mod->isThreadSafe = PR_FALSE; - crv = PK11_GETTAB(mod)->C_Initialize(NULL); + if (!mod->libraryParams) { + pInitArgs = NULL; + } else { + moduleArgs = secmodNoLockArgs; + moduleArgs.LibraryParameters = (void *) mod->libraryParams; + pInitArgs = &moduleArgs; + } + crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs); if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) && (!enforceAlreadyInitializedError)) { *alreadyLoaded = PR_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 84268ab4..70802948 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -914,17 +914,11 @@ PK11_Encrypt(PK11SymKey *symKey, return SECSuccess; } -/* - * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use - * RSA keys, or they'll fail. We do the checks up front. If anyone comes - * up with a meaning for rawdecrypt for any other public key operation, - * then we need to move this check into some of PK11_PubDecrypt callers, - * (namely SSL 2.0). - */ static SECStatus -pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen, CK_MECHANISM_PTR mech) +pk11_PrivDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen, + CK_MECHANISM_PTR mech) { PK11SlotInfo *slot = key->pkcs11Slot; CK_ULONG out = maxLen; @@ -960,11 +954,12 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, * do C_Login with CKU_CONTEXT_SPECIFIC * between C_DecryptInit and C_Decrypt * ... But see note above about servers */ - if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { + if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE); } - crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out); + crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen, + data, &out); if (haslock) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); *outLen = out; @@ -976,41 +971,37 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, } SECStatus -PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } SECStatus -PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } static SECStatus -pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, - CK_MECHANISM_PTR mech, void *wincx) +pk11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + CK_MECHANISM_PTR mech, void *wincx) { PK11SlotInfo *slot; CK_OBJECT_HANDLE id; - CK_ULONG out; + CK_ULONG len = maxLen; PRBool owner = PR_TRUE; CK_SESSION_HANDLE session; CK_RV crv; - if (!key || key->keyType != rsaKey) { - PORT_SetError( SEC_ERROR_BAD_KEY ); - return SECFailure; - } - out = SECKEY_PublicKeyStrength(key); - slot = PK11_GetBestSlotWithAttributes(mech->mechanism,CKF_ENCRYPT,0,wincx); if (slot == NULL) { PORT_SetError( SEC_ERROR_NO_MODULE ); @@ -1035,10 +1026,12 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, PORT_SetError( PK11_MapError(crv) ); return SECFailure; } - crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out); + crv = PK11_GETTAB(slot)->C_Encrypt(session,(unsigned char *)data,dataLen, + out,&len); if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); PK11_FreeSlot(slot); + *outLen = len; if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); return SECFailure; @@ -1047,19 +1040,69 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, } SECStatus -PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); } SECStatus -PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); +} + +SECStatus +PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PrivDecryptRaw(key, out, outLen, maxLen, enc, encLen, &mech); +} + +SECStatus +PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + void *wincx) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PubEncryptRaw(key, out, outLen, maxLen, data, dataLen, &mech, + wincx); } SECKEYPrivateKey * diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index ce9769a4..f0bf2c88 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -520,18 +520,38 @@ SECStatus PK11_Encrypt(PK11SymKey *symKey, const unsigned char *data, unsigned int dataLen); /* note: despite the name, this function takes a private key. */ -SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); #define PK11_PrivDecryptRaw PK11_PubDecryptRaw /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); -SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); + +SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned int encLen); +SECStatus PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned int dataLen, + void *wincx); SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, SECItem *nickname, diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index fbe6c319..00a0a746 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -1372,7 +1372,7 @@ lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *templ, { LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; @@ -1434,7 +1434,7 @@ lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class, { PRBool match = PR_TRUE; LGObjectCache *obj = lg_NewObjectCache(sdb, dbKey, class); - int i; + unsigned int i; if (obj == NULL) { return PR_FALSE; @@ -1758,7 +1758,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; PRBool writePrivate = PR_FALSE; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 1b9600f0..88e46d6e 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -18,7 +18,7 @@ const CK_ATTRIBUTE * lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count ) { - int i; + unsigned int i; for (i=0; i < count; i++) { if (templ[i].type == type) { diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index d3c757d1..58fe27af 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -4598,9 +4598,12 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, } return (SECSuccess); - -loser: +loser: + if (handle->dbMon) { + PZ_DestroyMonitor(handle->dbMon); + handle->dbMon = NULL; + } PORT_SetError(SEC_ERROR_BAD_DATABASE); return(SECFailure); } diff --git a/security/nss/lib/softoken/legacydb/pcertt.h b/security/nss/lib/softoken/legacydb/pcertt.h index b4c91285..fd5e17ca 100644 --- a/security/nss/lib/softoken/legacydb/pcertt.h +++ b/security/nss/lib/softoken/legacydb/pcertt.h @@ -397,18 +397,18 @@ typedef union { #define DB_CERT_ENTRY_HEADER_LEN 10 /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ -#define CERTDB_MUST_VERIFY (1<<10) /* explicitly don't trust this cert */ -#define CERTDB_TRUSTED_UNKNOWN (1<<11) /* accept trust from another source */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ +#define CERTDB_MUST_VERIFY (1u<<10) /* explicitly don't trust this cert */ +#define CERTDB_TRUSTED_UNKNOWN (1u<<11) /* accept trust from another source */ /* bits not affected by the CKO_NETSCAPE_TRUST object */ #define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | \ diff --git a/security/nss/lib/softoken/manifest.mn.orig b/security/nss/lib/softoken/manifest.mn.orig deleted file mode 100644 index ed52b3d9..00000000 --- a/security/nss/lib/softoken/manifest.mn.orig +++ /dev/null @@ -1,63 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../.. - -MODULE = nss -DIRS = legacydb - -LIBRARY_NAME = softokn -LIBRARY_VERSION = 3 -MAPFILE = $(OBJDIR)/softokn.def - -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" - -SQLITE_INCLUDE_DIR=$(DIST)/include/sqlite3 -ifdef SQLITE_INCLUDE_DIR -INCLUDES += -I$(SQLITE_INCLUDE_DIR) -endif - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - lgglue.h \ - lowkeyi.h \ - lowkeyti.h \ - pkcs11ni.h \ - softoken.h \ - softoknt.h \ - softkver.h \ - sdb.h \ - sftkdbt.h \ - $(NULL) - -CSRCS = \ - ecdecode.c \ - fipsaudt.c \ - fipstest.c \ - fipstokn.c \ - lgglue.c \ - lowkey.c \ - lowpbe.c \ - padbuf.c \ - pkcs11.c \ - pkcs11c.c \ - pkcs11u.c \ - sdb.c \ - sftkdb.c \ - sftkhmac.c \ - sftkpars.c \ - sftkpwd.c \ - softkver.c \ - tlsprf.c \ - jpakesftk.c \ - $(NULL) - -ifdef SQLITE_UNSAFE_THREADS -DEFINES += -DSQLITE_UNSAFE_THREADS -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index d1dd73af..6fa4e4ec 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -266,6 +266,8 @@ static const struct mechanismList mechanisms[] = { CKF_DUZ_IT_ALL}, PR_TRUE}, {CKM_RSA_PKCS_PSS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, + {CKM_RSA_PKCS_OAEP, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_EN_DE_WR_UN}, PR_TRUE}, #ifdef SFTK_RSA9796_SUPPORTED {CKM_RSA_9796, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_DUZ_IT_ALL}, PR_TRUE}, @@ -987,7 +989,7 @@ static NSSLOWKEYPrivateKey * sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp); static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object); +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded); /* * check the consistancy and initialize a Private Key Object @@ -1003,12 +1005,14 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE CK_BBOOL derive = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; PRBool createObjectInfo = PR_TRUE; + PRBool fillPrivateKey = PR_FALSE; int missing_rsa_mod_component = 0; int missing_rsa_exp_component = 0; int missing_rsa_crt_component = 0; - + SECItem mod; CK_RV crv; + SECStatus rv; switch (key_type) { case CKK_RSA: @@ -1043,19 +1047,19 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE int have_exp = 2- missing_rsa_exp_component; int have_component = 5- (missing_rsa_exp_component+missing_rsa_mod_component); - SECStatus rv; if ((have_exp == 0) || (have_component < 3)) { /* nope, not enough to reconstruct the private key */ return CKR_TEMPLATE_INCOMPLETE; } - /*fill in the missing parameters */ - rv = sftk_fillRSAPrivateKey(object); - if (rv != SECSuccess) { - return CKR_TEMPLATE_INCOMPLETE; - } + fillPrivateKey = PR_TRUE; } - + /*verify the parameters for consistency*/ + rv = sftk_verifyRSAPrivateKey(object, fillPrivateKey); + if (rv != SECSuccess) { + return CKR_TEMPLATE_INCOMPLETE; + } + /* make sure Netscape DB attribute is set correctly */ crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); if (crv != CKR_OK) return crv; @@ -1149,7 +1153,6 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE if (sftk_isTrue(object,CKA_TOKEN)) { SFTKSlot *slot = session->slot; SFTKDBHandle *keyHandle = sftk_getKeyDB(slot); - CK_RV crv; if (keyHandle == NULL) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1940,10 +1943,11 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) } /* - * we have a partial rsa private key, fill in the rest + * If a partial RSA private key is present, fill in the rest if necessary, + * and then verify the parameters are well-formed */ static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object) +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) { RSAPrivateKey tmpKey = { 0 }; SFTKAttribute *modulus = NULL; @@ -1951,6 +1955,9 @@ sftk_fillRSAPrivateKey(SFTKObject *object) SFTKAttribute *prime2 = NULL; SFTKAttribute *privateExponent = NULL; SFTKAttribute *publicExponent = NULL; + SFTKAttribute *exponent1 = NULL; + SFTKAttribute *exponent2 = NULL; + SFTKAttribute *coefficient = NULL; SECStatus rv; CK_RV crv; @@ -1981,44 +1988,82 @@ sftk_fillRSAPrivateKey(SFTKObject *object) if (publicExponent) { tmpKey.publicExponent.data = publicExponent->attrib.pValue; tmpKey.publicExponent.len = publicExponent->attrib.ulValueLen; - } + } + exponent1 = sftk_FindAttribute(object, CKA_EXPONENT_1); + if (exponent1) { + tmpKey.exponent1.data = exponent1->attrib.pValue; + tmpKey.exponent1.len = exponent1->attrib.ulValueLen; + } + exponent2 = sftk_FindAttribute(object, CKA_EXPONENT_2); + if (exponent2) { + tmpKey.exponent2.data = exponent2->attrib.pValue; + tmpKey.exponent2.len = exponent2->attrib.ulValueLen; + } + coefficient = sftk_FindAttribute(object, CKA_COEFFICIENT); + if (coefficient) { + tmpKey.coefficient.data = coefficient->attrib.pValue; + tmpKey.coefficient.len = coefficient->attrib.ulValueLen; + } - /* - * populate requires one exponent plus 2 other components to work. - * we expected our caller to check that first. If that didn't happen, - * populate will simply return an error here. - */ - rv = RSA_PopulatePrivateKey(&tmpKey); + if (fillIfNeeded) { + /* + * populate requires one exponent plus 2 other components to work. + * we expected our caller to check that first. If that didn't happen, + * populate will simply return an error here. + */ + rv = RSA_PopulatePrivateKey(&tmpKey); + if (rv != SECSuccess) { + goto loser; + } + } + rv = RSA_PrivateKeyCheck(&tmpKey); if (rv != SECSuccess) { goto loser; } - /* now that we have a fully populated key, set all our attribute values */ rv = SECFailure; - crv = sftk_forceAttribute(object,CKA_MODULUS, - sftk_item_expand(&tmpKey.modulus)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PUBLIC_EXPONENT, - sftk_item_expand(&tmpKey.publicExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIVATE_EXPONENT, - sftk_item_expand(&tmpKey.privateExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_1, - sftk_item_expand(&tmpKey.prime1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_2, - sftk_item_expand(&tmpKey.prime2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_1, - sftk_item_expand(&tmpKey.exponent1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_2, - sftk_item_expand(&tmpKey.exponent2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_COEFFICIENT, - sftk_item_expand(&tmpKey.coefficient)); - if (crv != CKR_OK) goto loser; + if (!modulus || modulus->attrib.pValue != tmpKey.modulus.data) { + crv = sftk_forceAttribute(object,CKA_MODULUS, + sftk_item_expand(&tmpKey.modulus)); + if (crv != CKR_OK) goto loser; + } + if (!publicExponent || + publicExponent->attrib.pValue != tmpKey.publicExponent.data) { + crv = sftk_forceAttribute(object, CKA_PUBLIC_EXPONENT, + sftk_item_expand(&tmpKey.publicExponent)); + if (crv != CKR_OK) goto loser; + } + if (!privateExponent || + privateExponent->attrib.pValue != tmpKey.privateExponent.data) { + crv = sftk_forceAttribute(object, CKA_PRIVATE_EXPONENT, + sftk_item_expand(&tmpKey.privateExponent)); + if (crv != CKR_OK) goto loser; + } + if (!prime1 || prime1->attrib.pValue != tmpKey.prime1.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_1, + sftk_item_expand(&tmpKey.prime1)); + if (crv != CKR_OK) goto loser; + } + if (!prime2 || prime2->attrib.pValue != tmpKey.prime2.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_2, + sftk_item_expand(&tmpKey.prime2)); + if (crv != CKR_OK) goto loser; + } + if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_1, + sftk_item_expand(&tmpKey.exponent1)); + if (crv != CKR_OK) goto loser; + } + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_2, + sftk_item_expand(&tmpKey.exponent2)); + if (crv != CKR_OK) goto loser; + } + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { + crv = sftk_forceAttribute(object, CKA_COEFFICIENT, + sftk_item_expand(&tmpKey.coefficient)); + if (crv != CKR_OK) goto loser; + } rv = SECSuccess; /* we're done (one way or the other), clean up all our stuff */ @@ -2041,15 +2086,18 @@ loser: if (publicExponent) { sftk_FreeAttribute(publicExponent); } + if (exponent1) { + sftk_FreeAttribute(exponent1); + } + if (exponent2) { + sftk_FreeAttribute(exponent2); + } + if (coefficient) { + sftk_FreeAttribute(coefficient); + } return rv; } - - - - - - /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * sftk_GetPrivKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp) @@ -3128,9 +3176,6 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) if (slot == NULL) return CKR_SLOT_ID_INVALID; - pInfo->firmwareVersion.major = 0; - pInfo->firmwareVersion.minor = 0; - PORT_Memcpy(pInfo->manufacturerID,manufacturerID, sizeof(pInfo->manufacturerID)); PORT_Memcpy(pInfo->slotDescription,slot->slotDescription, @@ -3157,6 +3202,8 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */ pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR; pInfo->hardwareVersion.minor = SOFTOKEN_VMINOR; + pInfo->firmwareVersion.major = SOFTOKEN_VPATCH; + pInfo->firmwareVersion.minor = SOFTOKEN_VBUILD; return CKR_OK; } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index f5934ff6..8f50882a 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -302,6 +302,46 @@ GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) } } +/* + * Returns true if "params" contains a valid set of PSS parameters + */ +static PRBool +sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL || + GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) { + return PR_FALSE; + } + return PR_TRUE; +} + +/* + * Returns true if "params" contains a valid set of OAEP parameters + */ +static PRBool +sftk_ValidateOaepParams(const CK_RSA_PKCS_OAEP_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which + * state: + * If the parameter is empty, pSourceData must be NULL and + * ulSourceDataLen must be zero. + */ + if (params->source != CKZ_DATA_SPECIFIED || + (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) || + (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) || + (params->ulSourceDataLen == 0 && params->pSourceData != NULL) || + (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) { + return PR_FALSE; + } + return PR_TRUE; +} + /* * return a context based on the SFTKContext type. */ @@ -588,11 +628,6 @@ sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, NULL, 0, @@ -617,11 +652,6 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, @@ -710,19 +740,18 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = sftk_Null; break; -/* XXX: Disabled until unit tests land. case CKM_RSA_PKCS_OAEP: if (key_type != CKK_RSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } - context->multi = PR_FALSE; - context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS) || + !sftk_ValidateOaepParams((CK_RSA_PKCS_OAEP_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } - /\* XXX: Need Parameter validation here *\/ + context->multi = PR_FALSE; + context->rsa = PR_TRUE; if (isEncrypt) { SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); if (info == NULL) { @@ -758,7 +787,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = (SFTKDestroy) sftk_Space; break; -*/ case CKM_RC2_CBC_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -2386,7 +2414,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } @@ -3023,7 +3052,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 0faf73be..8fed46d2 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.15.5" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.16.2.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 15 -#define SOFTOKEN_VPATCH 5 -#define SOFTOKEN_VBUILD 0 +#define SOFTOKEN_VMINOR 16 +#define SOFTOKEN_VPATCH 2 +#define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index c14d5d83..bbe2bd9b 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -412,3 +412,9 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127), ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128), "Incorrect signature algorithm specified in a digitally-signed element.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129), +"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), +"The server supports no protocols that the client advertises in the ALPN extension.") diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 704415cf..4e384619 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -51,16 +51,21 @@ static const ssl3CipherSuite nonDTLSSuites[] = { * * TLS DTLS * 1.1 (0302) 1.0 (feff) + * 1.2 (0303) 1.2 (fefd) */ SSL3ProtocolVersion dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv) { - /* Anything other than TLS 1.1 is an error, so return - * the invalid version ffff. */ - if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1) - return 0xffff; + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) { + return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + } + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) { + return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; + } - return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + /* Anything other than TLS 1.1 or 1.2 is an error, so return + * the invalid version 0xffff. */ + return 0xffff; } /* Map known DTLS versions to known TLS versions. @@ -71,14 +76,18 @@ SSL3ProtocolVersion dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv) { if (MSB(dtlsv) == 0xff) { - return 0; + return 0; } - if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) - return SSL_LIBRARY_VERSION_TLS_1_1; + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_1; + } + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_2; + } /* Return a fictional higher version than we know of */ - return SSL_LIBRARY_VERSION_TLS_1_1 + 1; + return SSL_LIBRARY_VERSION_TLS_1_2 + 1; } /* On this socket, Disable non-DTLS cipher suites in the argument's list */ @@ -88,9 +97,9 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -101,17 +110,17 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) */ static DTLSQueuedMessage * dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type, - const unsigned char *data, PRUint32 len) + const unsigned char *data, PRUint32 len) { DTLSQueuedMessage *msg = NULL; msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage)); if (!msg) - return NULL; + return NULL; msg->data = PORT_Alloc(len); if (!msg->data) { - PORT_Free(msg); + PORT_Free(msg); return NULL; } PORT_Memcpy(msg->data, data, len); @@ -132,7 +141,7 @@ static void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg) { if (!msg) - return; + return; PORT_ZFree(msg->data, msg->len); PORT_Free(msg); @@ -151,9 +160,9 @@ dtls_FreeHandshakeMessages(PRCList *list) PRCList *cur_p; while (!PR_CLIST_IS_EMPTY(list)) { - cur_p = PR_LIST_TAIL(list); - PR_REMOVE_LINK(cur_p); - dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); + cur_p = PR_LIST_TAIL(list); + PR_REMOVE_LINK(cur_p); + dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); } } @@ -204,18 +213,18 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Parse the header */ - type = buf.buf[0]; + type = buf.buf[0]; message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3]; message_seq = (buf.buf[4] << 8) | buf.buf[5]; fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8]; fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11]; - -#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ - if (message_length > MAX_HANDSHAKE_MSG_LEN) { - (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); - return SECFailure; - } + +#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ + if (message_length > MAX_HANDSHAKE_MSG_LEN) { + (void)ssl3_DecodeError(ss); + PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + return SECFailure; + } #undef MAX_HANDSHAKE_MSG_LEN buf.buf += 12; @@ -229,7 +238,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Sanity check the packet contents */ - if ((fragment_length + fragment_offset) > message_length) { + if ((fragment_length + fragment_offset) > message_length) { PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); rv = SECFailure; break; @@ -245,8 +254,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This is the common case for short messages */ if ((message_seq == ss->ssl3.hs.recvMessageSeq) - && (fragment_offset == 0) - && (fragment_length == message_length)) { + && (fragment_offset == 0) + && (fragment_length == message_length)) { /* Complete next message. Process immediately */ ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; @@ -254,14 +263,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* At this point we are advancing our state machine, so * we can free our last flight of messages */ dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - ss->ssl3.hs.recvdHighWater = -1; - dtls_CancelTimer(ss); + ss->ssl3.hs.recvdHighWater = -1; + dtls_CancelTimer(ss); - /* Reset the timer to the initial value if the retry counter - * is 0, per Sec. 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* Reset the timer to the initial value if the retry counter + * is 0, per Sec. 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len); if (rv == SECFailure) { @@ -269,68 +278,68 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) break; } } else { - if (message_seq < ss->ssl3.hs.recvMessageSeq) { - /* Case 3: we do an immediate retransmit if we're - * in a waiting state*/ - if (ss->ssl3.hs.rtTimerCb == NULL) { - /* Ignore */ - } else if (ss->ssl3.hs.rtTimerCb == - dtls_RetransmitTimerExpiredCb) { - SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", - SSL_GETPID(), ss->fd)); - /* Check to see if we retransmitted recently. If so, - * suppress the triggered retransmit. This avoids - * retransmit wars after packet loss. - * This is not in RFC 5346 but should be - */ - if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - (ss->ssl3.hs.rtTimeoutMs / 4)) { - SSL_TRC(30, - ("%d: SSL3[%d]: Shortcutting retransmit timer", + if (message_seq < ss->ssl3.hs.recvMessageSeq) { + /* Case 3: we do an immediate retransmit if we're + * in a waiting state*/ + if (ss->ssl3.hs.rtTimerCb == NULL) { + /* Ignore */ + } else if (ss->ssl3.hs.rtTimerCb == + dtls_RetransmitTimerExpiredCb) { + SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", + SSL_GETPID(), ss->fd)); + /* Check to see if we retransmitted recently. If so, + * suppress the triggered retransmit. This avoids + * retransmit wars after packet loss. + * This is not in RFC 5346 but should be + */ + if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > + (ss->ssl3.hs.rtTimeoutMs / 4)) { + SSL_TRC(30, + ("%d: SSL3[%d]: Shortcutting retransmit timer", SSL_GETPID(), ss->fd)); - /* Cancel the timer and call the CB, - * which re-arms the timer */ - dtls_CancelTimer(ss); - dtls_RetransmitTimerExpiredCb(ss); - rv = SECSuccess; - break; - } else { - SSL_TRC(30, - ("%d: SSL3[%d]: We just retransmitted. Ignoring.", + /* Cancel the timer and call the CB, + * which re-arms the timer */ + dtls_CancelTimer(ss); + dtls_RetransmitTimerExpiredCb(ss); + rv = SECSuccess; + break; + } else { + SSL_TRC(30, + ("%d: SSL3[%d]: We just retransmitted. Ignoring.", SSL_GETPID(), ss->fd)); - rv = SECSuccess; - break; - } - } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { - /* Retransmit the messages and re-arm the timer - * Note that we are not backing off the timer here. - * The spec isn't clear and my reasoning is that this - * may be a re-ordered packet rather than slowness, - * so let's be aggressive. */ - dtls_CancelTimer(ss); - rv = dtls_TransmitMessageFlight(ss); - if (rv == SECSuccess) { - rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); - } - if (rv != SECSuccess) - return rv; - break; - } - } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { - /* Case 2 + rv = SECSuccess; + break; + } + } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { + /* Retransmit the messages and re-arm the timer + * Note that we are not backing off the timer here. + * The spec isn't clear and my reasoning is that this + * may be a re-ordered packet rather than slowness, + * so let's be aggressive. */ + dtls_CancelTimer(ss); + rv = dtls_TransmitMessageFlight(ss); + if (rv == SECSuccess) { + rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); + } + if (rv != SECSuccess) + return rv; + break; + } + } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { + /* Case 2 * - * Ignore this message. This means we don't handle out of - * order complete messages that well, but we're still - * compliant and this probably does not happen often + * Ignore this message. This means we don't handle out of + * order complete messages that well, but we're still + * compliant and this probably does not happen often * - * XXX OK for now. Maybe do something smarter at some point? - */ - } else { - /* Case 1 + * XXX OK for now. Maybe do something smarter at some point? + */ + } else { + /* Case 1 * - * Buffer the fragment for reassembly - */ + * Buffer the fragment for reassembly + */ /* Make room for the message */ if (ss->ssl3.hs.recvdHighWater == -1) { PRUint32 map_length = OFFSET_BYTE(message_length) + 1; @@ -347,8 +356,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Reset the reassembly map */ ss->ssl3.hs.recvdHighWater = 0; PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0, - ss->ssl3.hs.recvdFragments.space); - ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; + ss->ssl3.hs.recvdFragments.space); + ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; } @@ -381,7 +390,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * case of adjacent fragments received in sequence */ if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { - /* Either this is the adjacent fragment or an overlapping + /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + fragment_length; @@ -397,9 +406,9 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Now figure out the new high water mark if appropriate */ for (offset = ss->ssl3.hs.recvdHighWater; offset < ss->ssl3.hs.msg_len; offset++) { - /* Note that this loop is not efficient, since it counts - * bit by bit. If we have a lot of out-of-order packets, - * we should optimize this */ + /* Note that this loop is not efficient, since it counts + * bit by bit. If we have a lot of out-of-order packets, + * we should optimize this */ if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] & OFFSET_MASK(offset)) { ss->ssl3.hs.recvdHighWater++; @@ -418,25 +427,25 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (rv == SECFailure) break; /* Skip rest of record */ - /* At this point we are advancing our state machine, so - * we can free our last flight of messages */ - dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - dtls_CancelTimer(ss); + /* At this point we are advancing our state machine, so + * we can free our last flight of messages */ + dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); + dtls_CancelTimer(ss); - /* If there have been no retries this time, reset the - * timer value to the default per Section 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* If there have been no retries this time, reset the + * timer value to the default per Section 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } } } } - buf.buf += fragment_length; + buf.buf += fragment_length; buf.len -= fragment_length; } - origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ + origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ /* XXX OK for now. In future handle rv == SECWouldBlock safely in order * to deal with asynchronous certificate verification */ @@ -461,10 +470,10 @@ SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn); if (!msg) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + rv = SECFailure; } else { - PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); + PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); } return rv; @@ -490,7 +499,7 @@ dtls_StageHandshakeMessage(sslSocket *ss) /* This function is sometimes called when no data is actually to * be staged, so just return SECSuccess. */ if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) - return rv; + return rv; rv = dtls_QueueMessage(ss, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len); @@ -522,11 +531,11 @@ dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) rv = dtls_TransmitMessageFlight(ss); if (rv != SECSuccess) return rv; - - if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { - ss->ssl3.hs.rtRetries = 0; - rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); - } + + if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { + ss->ssl3.hs.rtRetries = 0; + rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); + } } return rv; @@ -546,22 +555,22 @@ dtls_RetransmitTimerExpiredCb(sslSocket *ss) ss->ssl3.hs.rtRetries++; if (!(ss->ssl3.hs.rtRetries % 3)) { - /* If one of the messages was potentially greater than > MTU, - * then downgrade. Do this every time we have retransmitted a - * message twice, per RFC 6347 Sec. 4.1.1 */ - dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); + /* If one of the messages was potentially greater than > MTU, + * then downgrade. Do this every time we have retransmitted a + * message twice, per RFC 6347 Sec. 4.1.1 */ + dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); } - + rv = dtls_TransmitMessageFlight(ss); if (rv == SECSuccess) { - /* Re-arm the timer */ - rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); + /* Re-arm the timer */ + rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); } if (rv == SECFailure) { - /* XXX OK for now. In future maybe signal the stack that we couldn't - * transmit. For now, let the read handle any real network errors */ + /* XXX OK for now. In future maybe signal the stack that we couldn't + * transmit. For now, let the read handle any real network errors */ } } @@ -591,87 +600,87 @@ dtls_TransmitMessageFlight(sslSocket *ss) */ PORT_Assert(!ss->pendingBuf.len); for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight); - msg_p != &ss->ssl3.hs.lastMessageFlight; - msg_p = PR_NEXT_LINK(msg_p)) { + msg_p != &ss->ssl3.hs.lastMessageFlight; + msg_p = PR_NEXT_LINK(msg_p)) { DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p; /* The logic here is: * - * 1. If this is a message that will not fit into the remaining - * space, then flush. - * 2. If the message will now fit into the remaining space, + * 1. If this is a message that will not fit into the remaining + * space, then flush. + * 2. If the message will now fit into the remaining space, * encrypt, buffer, and loop. * 3. If the message will not fit, then fragment. * - * At the end of the function, flush. + * At the end of the function, flush. */ if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) { - /* The message will not fit into the remaining space, so flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + /* The message will not fit into the remaining space, so flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; room_left = ss->ssl3.mtu; - } + } if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) { /* The message will fit, so encrypt and then continue with the - * next packet */ + * next packet */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, - msg->data, msg->len, - ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + msg->data, msg->len, + ssl_SEND_FLAG_FORCE_INTO_BUFFER | + ssl_SEND_FLAG_USE_EPOCH); if (sent != msg->len) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } break; - } + } room_left = ss->ssl3.mtu - ss->pendingBuf.len; } else { /* The message will not fit, so fragment. * - * XXX OK for now. Arrange to coalesce the last fragment - * of this message with the next message if possible. - * That would be more efficient. - */ + * XXX OK for now. Arrange to coalesce the last fragment + * of this message with the next message if possible. + * That would be more efficient. + */ PRUint32 fragment_offset = 0; unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest * plausible MTU */ - /* Assert that we have already flushed */ - PORT_Assert(room_left == ss->ssl3.mtu); + /* Assert that we have already flushed */ + PORT_Assert(room_left == ss->ssl3.mtu); /* Case 3: We now need to fragment this message * DTLS only supports fragmenting handshaking messages */ PORT_Assert(msg->type == content_handshake); - /* The headers consume 12 bytes so the smalles possible - * message (i.e., an empty one) is 12 bytes - */ - PORT_Assert(msg->len >= 12); + /* The headers consume 12 bytes so the smalles possible + * message (i.e., an empty one) is 12 bytes + */ + PORT_Assert(msg->len >= 12); while ((fragment_offset + 12) < msg->len) { PRUint32 fragment_len; const unsigned char *content = msg->data + 12; PRUint32 content_len = msg->len - 12; - /* The reason we use 8 here is that that's the length of - * the new DTLS data that we add to the header */ + /* The reason we use 8 here is that that's the length of + * the new DTLS data that we add to the header */ fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); - PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); - /* Make totally sure that we are within the buffer. - * Note that the only way that fragment len could get - * adjusted here is if + PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); + /* Make totally sure that we are within the buffer. + * Note that the only way that fragment len could get + * adjusted here is if * - * (a) we are in release mode so the PORT_Assert is compiled out - * (b) either the MTU table is inconsistent with DTLS_MAX_MTU - * or ss->ssl3.mtu has become corrupt. - */ - fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); + * (a) we are in release mode so the PORT_Assert is compiled out + * (b) either the MTU table is inconsistent with DTLS_MAX_MTU + * or ss->ssl3.mtu has become corrupt. + */ + fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); /* Construct an appropriate-sized fragment */ /* Type, length, sequence */ @@ -691,25 +700,25 @@ dtls_TransmitMessageFlight(sslSocket *ss) fragment_len); /* - * Send the record. We do this in two stages - * 1. Encrypt - */ + * Send the record. We do this in two stages + * 1. Encrypt + */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, fragment, fragment_len + 12, ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + ssl_SEND_FLAG_USE_EPOCH); if (sent != (fragment_len + 12)) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } - break; - } - - /* 2. Flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } + break; + } + + /* 2. Flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; fragment_offset += fragment_len; } @@ -718,7 +727,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* Finally, we need to flush */ if (rv == SECSuccess) - rv = dtls_SendSavedWriteData(ss); + rv = dtls_SendSavedWriteData(ss); /* Give up the locks */ ssl_ReleaseSpecReadLock(ss); @@ -740,19 +749,19 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) sent = ssl_SendSavedWriteData(ss); if (sent < 0) - return SECFailure; + return SECFailure; /* We should always have complete writes b/c datagram sockets * don't really block */ if (ss->pendingBuf.len > 0) { - ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); + return SECFailure; } /* Update the largest message sent so we can adjust the MTU * estimate if necessary */ if (sent > ss->ssl3.hs.maxMessageSent) - ss->ssl3.hs.maxMessageSent = sent; + ss->ssl3.hs.maxMessageSent = sent; return SECSuccess; } @@ -767,16 +776,16 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) SECStatus dtls_CompressMACEncryptRecord(sslSocket * ss, DTLSEpoch epoch, - PRBool use_epoch, + PRBool use_epoch, SSL3ContentType type, - const SSL3Opaque * pIn, - PRUint32 contentLen, - sslBuffer * wrBuf) + const SSL3Opaque * pIn, + PRUint32 contentLen, + sslBuffer * wrBuf) { SECStatus rv = SECFailure; ssl3CipherSpec * cwSpec; - ssl_GetSpecReadLock(ss); /********************************/ + ssl_GetSpecReadLock(ss); /********************************/ /* The reason for this switch-hitting code is that we might have * a flight of records spanning an epoch boundary, e.g., @@ -789,23 +798,23 @@ dtls_CompressMACEncryptRecord(sslSocket * ss, * about which epoch to use is carried with the record. */ if (use_epoch) { - if (ss->ssl3.cwSpec->epoch == epoch) - cwSpec = ss->ssl3.cwSpec; - else if (ss->ssl3.pwSpec->epoch == epoch) - cwSpec = ss->ssl3.pwSpec; - else - cwSpec = NULL; + if (ss->ssl3.cwSpec->epoch == epoch) + cwSpec = ss->ssl3.cwSpec; + else if (ss->ssl3.pwSpec->epoch == epoch) + cwSpec = ss->ssl3.pwSpec; + else + cwSpec = NULL; } else { - cwSpec = ss->ssl3.cwSpec; + cwSpec = ss->ssl3.cwSpec; } if (cwSpec) { rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE, - PR_FALSE, type, pIn, contentLen, - wrBuf); + PR_FALSE, type, pIn, contentLen, + wrBuf); } else { PR_NOT_REACHED("Couldn't find a cipher spec matching epoch"); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } ssl_ReleaseSpecReadLock(ss); /************************************/ @@ -838,9 +847,9 @@ SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb) { if (backoff) { - ss->ssl3.hs.rtTimeoutMs *= 2; - if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) - ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; + ss->ssl3.hs.rtTimeoutMs *= 2; + if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) + ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; } return dtls_StartTimer(ss, cb); @@ -868,18 +877,18 @@ void dtls_CheckTimer(sslSocket *ss) { if (!ss->ssl3.hs.rtTimerCb) - return; + return; if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { - /* Timer has expired */ - DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; - - /* Cancel the timer so that we can call the CB safely */ - dtls_CancelTimer(ss); + PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { + /* Timer has expired */ + DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; - /* Now call the CB */ - cb(ss); + /* Cancel the timer so that we can call the CB safely */ + dtls_CancelTimer(ss); + + /* Now call the CB */ + cb(ss); } } @@ -928,17 +937,17 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) int i; if (advertised == 0) { - ss->ssl3.mtu = COMMON_MTU_VALUES[0]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; + ss->ssl3.mtu = COMMON_MTU_VALUES[0]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; } - + for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) { - if (COMMON_MTU_VALUES[i] <= advertised) { - ss->ssl3.mtu = COMMON_MTU_VALUES[i]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; - } + if (COMMON_MTU_VALUES[i] <= advertised) { + ss->ssl3.mtu = COMMON_MTU_VALUES[i]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; + } } /* Fallback */ @@ -953,57 +962,57 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) { - int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; + int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; SECStatus rv; PRInt32 temp; SECItem cookie = {siBuffer, NULL, 0}; SSL3AlertDescription desc = illegal_parameter; SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); if (ss->ssl3.hs.ws != wait_server_hello) { errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST; - desc = unexpected_message; - goto alert_loser; + desc = unexpected_message; + goto alert_loser; } /* The version */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } - if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { - /* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */ - goto alert_loser; + if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE && + temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + goto alert_loser; } /* The cookie */ rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } if (cookie.len > DTLS_COOKIE_BYTES) { - desc = decode_error; - goto alert_loser; /* malformed. */ + desc = decode_error; + goto alert_loser; /* malformed. */ } PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len); ss->ssl3.hs.cookieLen = cookie.len; - ssl_GetXmitBufLock(ss); /*******************************/ + ssl_GetXmitBufLock(ss); /*******************************/ /* Now re-send the client hello */ rv = ssl3_SendClientHello(ss, PR_TRUE); - ssl_ReleaseXmitBufLock(ss); /*******************************/ + ssl_ReleaseXmitBufLock(ss); /*******************************/ if (rv == SECSuccess) - return rv; + return rv; alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); @@ -1042,14 +1051,14 @@ dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq) /* Out of range to the left */ if (seq < records->left) { - return -1; + return -1; } /* Out of range to the right; since we advance the window on * receipt, that means that this packet has not been received * yet */ if (seq > records->right) - return 0; + return 0; offset = seq % DTLS_RECVD_RECORDS_WINDOW; @@ -1066,34 +1075,34 @@ dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq) PRUint64 offset; if (seq < records->left) - return; + return; if (seq > records->right) { - PRUint64 new_left; - PRUint64 new_right; - PRUint64 right; + PRUint64 new_left; + PRUint64 new_right; + PRUint64 right; - /* Slide to the right; this is the tricky part + /* Slide to the right; this is the tricky part * - * 1. new_top is set to have room for seq, on the - * next byte boundary by setting the right 8 - * bits of seq + * 1. new_top is set to have room for seq, on the + * next byte boundary by setting the right 8 + * bits of seq * 2. new_left is set to compensate. * 3. Zero all bits between top and new_top. Since * this is a ring, this zeroes everything as-yet - * unseen. Because we always operate on byte - * boundaries, we can zero one byte at a time - */ - new_right = seq | 0x07; - new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; + * unseen. Because we always operate on byte + * boundaries, we can zero one byte at a time + */ + new_right = seq | 0x07; + new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; - for (right = records->right + 8; right <= new_right; right += 8) { - offset = right % DTLS_RECVD_RECORDS_WINDOW; - records->data[offset / 8] = 0; - } + for (right = records->right + 8; right <= new_right; right += 8) { + offset = right % DTLS_RECVD_RECORDS_WINDOW; + records->data[offset / 8] = 0; + } - records->right = new_right; - records->left = new_left; + records->right = new_right; + records->left = new_left; } offset = seq % DTLS_RECVD_RECORDS_WINDOW; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index d5a707fb..01164e5e 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -633,6 +633,7 @@ ssl3_CipherSuiteAllowedForVersionRange( * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented */ return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_AES_256_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: @@ -645,6 +646,31 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; + + /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and + * point formats.*/ + case TLS_ECDH_ECDSA_WITH_NULL_SHA: + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_NULL_SHA: + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDH_RSA_WITH_NULL_SHA: + case TLS_ECDH_RSA_WITH_RC4_128_SHA: + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_RSA_WITH_NULL_SHA: + case TLS_ECDHE_RSA_WITH_RC4_128_SHA: + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0; + default: return PR_TRUE; } @@ -3471,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) SSL_GETPID(), ss->fd)); if (ws != wait_change_cipher) { + if (IS_DTLS(ss)) { + /* Ignore this because it's out of order. */ + SSL_TRC(3, ("%d: SSL3[%d]: discard out of order " + "DTLS change_cipher_spec", + SSL_GETPID(), ss->fd)); + buf->len = 0; + return SECSuccess; + } (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER); return SECFailure; @@ -5171,7 +5205,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } return rv; /* err set by ssl3_AppendHandshake* */ @@ -8614,7 +8648,7 @@ ssl3_SendServerHello(sslSocket *ss) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { return rv; /* err set by AppendHandshake. */ } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 37743a64..e8ee5901 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -10,7 +10,7 @@ #include "nss.h" #include "cert.h" #include "ssl.h" -#include "cryptohi.h" /* for DSAU_ stuff */ +#include "cryptohi.h" /* for DSAU_ stuff */ #include "keyhi.h" #include "secder.h" #include "secitem.h" @@ -34,7 +34,7 @@ #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ - (x)->pValue=(v); (x)->ulValueLen = (l); + (x)->pValue=(v); (x)->ulValueLen = (l); #endif #define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \ @@ -56,61 +56,61 @@ static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve); * ECC-TLS IETF draft. */ static const SECOidTag ecName2OIDTag[] = { - 0, - SEC_OID_SECG_EC_SECT163K1, /* 1 */ - SEC_OID_SECG_EC_SECT163R1, /* 2 */ - SEC_OID_SECG_EC_SECT163R2, /* 3 */ - SEC_OID_SECG_EC_SECT193R1, /* 4 */ - SEC_OID_SECG_EC_SECT193R2, /* 5 */ - SEC_OID_SECG_EC_SECT233K1, /* 6 */ - SEC_OID_SECG_EC_SECT233R1, /* 7 */ - SEC_OID_SECG_EC_SECT239K1, /* 8 */ - SEC_OID_SECG_EC_SECT283K1, /* 9 */ - SEC_OID_SECG_EC_SECT283R1, /* 10 */ - SEC_OID_SECG_EC_SECT409K1, /* 11 */ - SEC_OID_SECG_EC_SECT409R1, /* 12 */ - SEC_OID_SECG_EC_SECT571K1, /* 13 */ - SEC_OID_SECG_EC_SECT571R1, /* 14 */ - SEC_OID_SECG_EC_SECP160K1, /* 15 */ - SEC_OID_SECG_EC_SECP160R1, /* 16 */ - SEC_OID_SECG_EC_SECP160R2, /* 17 */ - SEC_OID_SECG_EC_SECP192K1, /* 18 */ - SEC_OID_SECG_EC_SECP192R1, /* 19 */ - SEC_OID_SECG_EC_SECP224K1, /* 20 */ - SEC_OID_SECG_EC_SECP224R1, /* 21 */ - SEC_OID_SECG_EC_SECP256K1, /* 22 */ - SEC_OID_SECG_EC_SECP256R1, /* 23 */ - SEC_OID_SECG_EC_SECP384R1, /* 24 */ - SEC_OID_SECG_EC_SECP521R1, /* 25 */ + 0, + SEC_OID_SECG_EC_SECT163K1, /* 1 */ + SEC_OID_SECG_EC_SECT163R1, /* 2 */ + SEC_OID_SECG_EC_SECT163R2, /* 3 */ + SEC_OID_SECG_EC_SECT193R1, /* 4 */ + SEC_OID_SECG_EC_SECT193R2, /* 5 */ + SEC_OID_SECG_EC_SECT233K1, /* 6 */ + SEC_OID_SECG_EC_SECT233R1, /* 7 */ + SEC_OID_SECG_EC_SECT239K1, /* 8 */ + SEC_OID_SECG_EC_SECT283K1, /* 9 */ + SEC_OID_SECG_EC_SECT283R1, /* 10 */ + SEC_OID_SECG_EC_SECT409K1, /* 11 */ + SEC_OID_SECG_EC_SECT409R1, /* 12 */ + SEC_OID_SECG_EC_SECT571K1, /* 13 */ + SEC_OID_SECG_EC_SECT571R1, /* 14 */ + SEC_OID_SECG_EC_SECP160K1, /* 15 */ + SEC_OID_SECG_EC_SECP160R1, /* 16 */ + SEC_OID_SECG_EC_SECP160R2, /* 17 */ + SEC_OID_SECG_EC_SECP192K1, /* 18 */ + SEC_OID_SECG_EC_SECP192R1, /* 19 */ + SEC_OID_SECG_EC_SECP224K1, /* 20 */ + SEC_OID_SECG_EC_SECP224R1, /* 21 */ + SEC_OID_SECG_EC_SECP256K1, /* 22 */ + SEC_OID_SECG_EC_SECP256R1, /* 23 */ + SEC_OID_SECG_EC_SECP384R1, /* 24 */ + SEC_OID_SECG_EC_SECP521R1, /* 25 */ }; static const PRUint16 curve2bits[] = { - 0, /* ec_noName = 0, */ - 163, /* ec_sect163k1 = 1, */ - 163, /* ec_sect163r1 = 2, */ - 163, /* ec_sect163r2 = 3, */ - 193, /* ec_sect193r1 = 4, */ - 193, /* ec_sect193r2 = 5, */ - 233, /* ec_sect233k1 = 6, */ - 233, /* ec_sect233r1 = 7, */ - 239, /* ec_sect239k1 = 8, */ - 283, /* ec_sect283k1 = 9, */ - 283, /* ec_sect283r1 = 10, */ - 409, /* ec_sect409k1 = 11, */ - 409, /* ec_sect409r1 = 12, */ - 571, /* ec_sect571k1 = 13, */ - 571, /* ec_sect571r1 = 14, */ - 160, /* ec_secp160k1 = 15, */ - 160, /* ec_secp160r1 = 16, */ - 160, /* ec_secp160r2 = 17, */ - 192, /* ec_secp192k1 = 18, */ - 192, /* ec_secp192r1 = 19, */ - 224, /* ec_secp224k1 = 20, */ - 224, /* ec_secp224r1 = 21, */ - 256, /* ec_secp256k1 = 22, */ - 256, /* ec_secp256r1 = 23, */ - 384, /* ec_secp384r1 = 24, */ - 521, /* ec_secp521r1 = 25, */ + 0, /* ec_noName = 0, */ + 163, /* ec_sect163k1 = 1, */ + 163, /* ec_sect163r1 = 2, */ + 163, /* ec_sect163r2 = 3, */ + 193, /* ec_sect193r1 = 4, */ + 193, /* ec_sect193r2 = 5, */ + 233, /* ec_sect233k1 = 6, */ + 233, /* ec_sect233r1 = 7, */ + 239, /* ec_sect239k1 = 8, */ + 283, /* ec_sect283k1 = 9, */ + 283, /* ec_sect283r1 = 10, */ + 409, /* ec_sect409k1 = 11, */ + 409, /* ec_sect409r1 = 12, */ + 571, /* ec_sect571k1 = 13, */ + 571, /* ec_sect571r1 = 14, */ + 160, /* ec_secp160k1 = 15, */ + 160, /* ec_secp160r1 = 16, */ + 160, /* ec_secp160r2 = 17, */ + 192, /* ec_secp192k1 = 18, */ + 192, /* ec_secp192r1 = 19, */ + 224, /* ec_secp224k1 = 20, */ + 224, /* ec_secp224r1 = 21, */ + 256, /* ec_secp256k1 = 22, */ + 256, /* ec_secp256r1 = 23, */ + 384, /* ec_secp384r1 = 24, */ + 521, /* ec_secp521r1 = 25, */ 65535 /* ec_pastLastName */ }; @@ -120,31 +120,31 @@ typedef struct Bits2CurveStr { } Bits2Curve; static const Bits2Curve bits2curve [] = { - { 192, ec_secp192r1 /* = 19, fast */ }, - { 160, ec_secp160r2 /* = 17, fast */ }, - { 160, ec_secp160k1 /* = 15, */ }, - { 160, ec_secp160r1 /* = 16, */ }, - { 163, ec_sect163k1 /* = 1, */ }, - { 163, ec_sect163r1 /* = 2, */ }, - { 163, ec_sect163r2 /* = 3, */ }, - { 192, ec_secp192k1 /* = 18, */ }, - { 193, ec_sect193r1 /* = 4, */ }, - { 193, ec_sect193r2 /* = 5, */ }, - { 224, ec_secp224r1 /* = 21, fast */ }, - { 224, ec_secp224k1 /* = 20, */ }, - { 233, ec_sect233k1 /* = 6, */ }, - { 233, ec_sect233r1 /* = 7, */ }, - { 239, ec_sect239k1 /* = 8, */ }, - { 256, ec_secp256r1 /* = 23, fast */ }, - { 256, ec_secp256k1 /* = 22, */ }, - { 283, ec_sect283k1 /* = 9, */ }, - { 283, ec_sect283r1 /* = 10, */ }, - { 384, ec_secp384r1 /* = 24, fast */ }, - { 409, ec_sect409k1 /* = 11, */ }, - { 409, ec_sect409r1 /* = 12, */ }, - { 521, ec_secp521r1 /* = 25, fast */ }, - { 571, ec_sect571k1 /* = 13, */ }, - { 571, ec_sect571r1 /* = 14, */ }, + { 192, ec_secp192r1 /* = 19, fast */ }, + { 160, ec_secp160r2 /* = 17, fast */ }, + { 160, ec_secp160k1 /* = 15, */ }, + { 160, ec_secp160r1 /* = 16, */ }, + { 163, ec_sect163k1 /* = 1, */ }, + { 163, ec_sect163r1 /* = 2, */ }, + { 163, ec_sect163r2 /* = 3, */ }, + { 192, ec_secp192k1 /* = 18, */ }, + { 193, ec_sect193r1 /* = 4, */ }, + { 193, ec_sect193r2 /* = 5, */ }, + { 224, ec_secp224r1 /* = 21, fast */ }, + { 224, ec_secp224k1 /* = 20, */ }, + { 233, ec_sect233k1 /* = 6, */ }, + { 233, ec_sect233r1 /* = 7, */ }, + { 239, ec_sect239k1 /* = 8, */ }, + { 256, ec_secp256r1 /* = 23, fast */ }, + { 256, ec_secp256k1 /* = 22, */ }, + { 283, ec_sect283k1 /* = 9, */ }, + { 283, ec_sect283r1 /* = 10, */ }, + { 384, ec_secp384r1 /* = 24, fast */ }, + { 409, ec_sect409k1 /* = 11, */ }, + { 409, ec_sect409r1 /* = 12, */ }, + { 521, ec_secp521r1 /* = 25, fast */ }, + { 571, ec_sect571k1 /* = 13, */ }, + { 571, ec_sect571r1 /* = 14, */ }, { 65535, ec_noName } }; @@ -157,21 +157,21 @@ typedef struct ECDHEKeyPairStr { /* arrays of ECDHE KeyPairs */ static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName]; -SECStatus +SECStatus ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) { SECOidData *oidData = NULL; if ((curve <= ec_noName) || (curve >= ec_pastLastName) || - ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { + ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; + return SECFailure; } SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)); - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in + * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; @@ -181,14 +181,14 @@ ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) return SECSuccess; } -static ECName +static ECName params2ecName(SECKEYECParams * params) { SECItem oid = { siBuffer, NULL, 0}; SECOidData *oidData = NULL; ECName i; - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing a named curve. Here, we strip away everything * before the actual OID and use the OID to look up a named curve. @@ -198,8 +198,8 @@ params2ecName(SECKEYECParams * params) oid.data = params->data + 2; if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName; for (i = ec_noName + 1; i < ec_pastLastName; i++) { - if (ecName2OIDTag[i] == oidData->offset) - return i; + if (ecName2OIDTag[i] == oidData->offset) + return i; } return ec_noName; @@ -208,13 +208,13 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, - SECItem ec_params, SECItem server_ecpoint, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) + SECItem ec_params, SECItem server_ecpoint, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; unsigned int bufLen; /* * XXX For now, we only support named curves (the appropriate @@ -226,37 +226,37 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len; if (bufLen <= sizeof buf) { - hashBuf = buf; + hashBuf = buf; } else { - hashBuf = PORT_Alloc(bufLen); - if (!hashBuf) { - return SECFailure; - } + hashBuf = PORT_Alloc(bufLen); + if (!hashBuf) { + return SECFailure; + } } - memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); - pBuf = hashBuf + SSL3_RANDOM_LENGTH; + memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); + pBuf = hashBuf + SSL3_RANDOM_LENGTH; memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH); - pBuf += SSL3_RANDOM_LENGTH; + pBuf += SSL3_RANDOM_LENGTH; memcpy(pBuf, ec_params.data, ec_params.len); - pBuf += ec_params.len; + pBuf += ec_params.len; pBuf[0] = (PRUint8)(server_ecpoint.len); pBuf += 1; memcpy(pBuf, server_ecpoint.data, server_ecpoint.len); - pBuf += server_ecpoint.len; + pBuf += server_ecpoint.len; PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen); rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes, - bypassPKCS11); + bypassPKCS11); PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen)); PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result", - hashes->u.s.md5, MD5_LENGTH)); + hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result", - hashes->u.s.sha, SHA1_LENGTH)); + hashes->u.s.sha, SHA1_LENGTH)); if (hashBuf != buf) - PORT_Free(hashBuf); + PORT_Free(hashBuf); return rv; } @@ -265,12 +265,12 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) { - PK11SymKey * pms = NULL; - SECStatus rv = SECFailure; + PK11SymKey * pms = NULL; + SECStatus rv = SECFailure; PRBool isTLS, isTLS12; - CK_MECHANISM_TYPE target; - SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ - SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ + CK_MECHANISM_TYPE target; + SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ + SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); @@ -280,39 +280,39 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) /* Generate ephemeral EC keypair */ if (svrPubKey->keyType != ecKey) { - PORT_SetError(SEC_ERROR_BAD_KEY); - goto loser; + PORT_SetError(SEC_ERROR_BAD_KEY); + goto loser; } /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */ - privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, - &pubKey, ss->pkcs11PinArg); + privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, + &pubKey, ss->pkcs11PinArg); if (!privKey || !pubKey) { - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - rv = SECFailure; - goto loser; + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + rv = SECFailure; + goto loser; } PRINT_BUF(50, (ss, "ECDH public value:", - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len)); + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - SSL3AlertDescription desc = illegal_parameter; - (void)SSL3_SendAlert(ss, alert_fatal, desc); - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + SSL3AlertDescription desc = illegal_parameter; + (void)SSL3_SendAlert(ss, alert_fatal, desc); + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } SECKEY_DestroyPrivateKey(privKey); @@ -322,24 +322,24 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) PK11_FreeSymKey(pms); pms = NULL; if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, - pubKey->u.ec.publicValue.len + 1); + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, + pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_AppendHandshakeVariable(ss, - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len, 1); + rv = ssl3_AppendHandshakeVariable(ss, + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len, 1); SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } rv = SECSuccess; @@ -357,59 +357,59 @@ loser: */ SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, - PRUint32 length, + PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey) { PK11SymKey * pms; SECStatus rv; SECKEYPublicKey clntPubKey; - CK_MECHANISM_TYPE target; + CK_MECHANISM_TYPE target; PRBool isTLS, isTLS12; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); clntPubKey.keyType = ecKey; - clntPubKey.u.ec.DEREncodedParams.len = - srvrPubKey->u.ec.DEREncodedParams.len; - clntPubKey.u.ec.DEREncodedParams.data = - srvrPubKey->u.ec.DEREncodedParams.data; + clntPubKey.u.ec.DEREncodedParams.len = + srvrPubKey->u.ec.DEREncodedParams.len; + clntPubKey.u.ec.DEREncodedParams.data = + srvrPubKey->u.ec.DEREncodedParams.data; - rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, - 1, &b, &length); + rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, + 1, &b, &length); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* XXX Who sets the error code?? */ + SEND_ALERT + return SECFailure; /* XXX Who sets the error code?? */ } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - /* last gasp. */ - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - return SECFailure; + /* last gasp. */ + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + return SECFailure; } rv = ssl3_InitPendingCipherSpec(ss, pms); PK11_FreeSymKey(pms); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ + SEND_ALERT + return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } return SECSuccess; } @@ -418,13 +418,13 @@ ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits) { int i; - + for ( i = 0; bits2curve[i].curve != ec_noName; i++) { - if (bits2curve[i].bits < requiredECCbits) - continue; - if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { - return bits2curve[i].curve; - } + if (bits2curve[i].bits < requiredECCbits) + continue; + if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { + return bits2curve[i].curve; + } } PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; @@ -442,24 +442,24 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) int requiredECCbits = ss->sec.secretKeyBits * 2; if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) { - svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); - if (svrPublicKey) - ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); - if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); - return ec_noName; - } - signatureKeyStrength = curve2bits[ ec_curve ]; + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); + if (svrPublicKey) + ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); + if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { + PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + return ec_noName; + } + signatureKeyStrength = curve2bits[ ec_curve ]; } else { /* RSA is our signing cert */ int serverKeyStrengthInBits; - + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa); if (!svrPublicKey) { PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; } - + /* currently strength in bytes */ serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len; if (svrPublicKey->u.rsa.modulus.data[0] == 0) { @@ -467,28 +467,28 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) } /* convert to strength in bits */ serverKeyStrengthInBits *= BPB; - + signatureKeyStrength = - SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); + SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); } - if ( requiredECCbits > signatureKeyStrength ) + if ( requiredECCbits > signatureKeyStrength ) requiredECCbits = signatureKeyStrength; return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves, - requiredECCbits); + requiredECCbits); } /* function to clear out the lists */ -static SECStatus +static SECStatus ssl3_ShutdownECDHECurves(void *appData, void *nssData) { int i; ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0]; for (i=0; i < ec_pastLastName; i++, keyPair++) { - if (keyPair->pair) { - ssl3_FreeKeyPair(keyPair->pair); - } + if (keyPair->pair) { + ssl3_FreeKeyPair(keyPair->pair); + } } memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs); return SECSuccess; @@ -500,18 +500,18 @@ ssl3_ECRegister(void) SECStatus rv; rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs); if (rv != SECSuccess) { - gECDHEKeyPairs[ec_noName].error = PORT_GetError(); + gECDHEKeyPairs[ec_noName].error = PORT_GetError(); } return (PRStatus)rv; } /* CallOnce function, called once for each named curve. */ -static PRStatus +static PRStatus ssl3_CreateECDHEphemeralKeyPair(void * arg) { SECKEYPrivateKey * privKey = NULL; SECKEYPublicKey * pubKey = NULL; - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; ECName ec_curve = (ECName)arg; SECKEYECParams ecParams = { siBuffer, NULL, 0 }; @@ -519,23 +519,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) /* ok, no one has generated a global key for this curve yet, do so */ if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) { - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } - privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); + privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); SECITEM_FreeItem(&ecParams, PR_FALSE); if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) { - if (privKey) { - SECKEY_DestroyPrivateKey(privKey); - } - if (pubKey) { - SECKEY_DestroyPublicKey(pubKey); - } - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + if (privKey) { + SECKEY_DestroyPrivateKey(privKey); + } + if (pubKey) { + SECKEY_DestroyPublicKey(pubKey); + } + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } gECDHEKeyPairs[ec_curve].pair = keyPair; @@ -554,30 +554,30 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve) { - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; /* if there's no global key for this curve, make one. */ if (gECDHEKeyPairs[ec_curve].pair == NULL) { - PRStatus status; + PRStatus status; - status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); + status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_noName].error); - return SECFailure; - } - status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, - ssl3_CreateECDHEphemeralKeyPair, - (void *)ec_curve); + PORT_SetError(gECDHEKeyPairs[ec_noName].error); + return SECFailure; + } + status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, + ssl3_CreateECDHEphemeralKeyPair, + (void *)ec_curve); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_curve].error); - return SECFailure; - } + PORT_SetError(gECDHEKeyPairs[ec_curve].error); + return SECFailure; + } } keyPair = gECDHEKeyPairs[ec_curve].pair; PORT_Assert(keyPair != NULL); - if (!keyPair) - return SECFailure; + if (!keyPair) + return SECFailure; ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair); return SECSuccess; @@ -612,55 +612,55 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ec_params.data = paramBuf; rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the curve is not a named curve */ - if ((ec_params.data[0] != ec_type_named) || - (ec_params.data[1] != 0) || - !supportedCurve(ec_params.data[2])) { - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - desc = handshake_failure; - goto alert_loser; + if ((ec_params.data[0] != ec_type_named) || + (ec_params.data[1] != 0) || + !supportedCurve(ec_params.data[2])) { + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + desc = handshake_failure; + goto alert_loser; } rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the ec point uses compressed representation */ if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; - desc = handshake_failure; - goto alert_loser; + errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; + desc = handshake_failure; + goto alert_loser; } if (isTLS12) { - rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, - &sigAndHash); - if (rv != SECSuccess) { - goto loser; /* malformed or unsupported. */ - } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); - if (rv != SECSuccess) { - goto loser; - } + rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, + &sigAndHash); + if (rv != SECSuccess) { + goto loser; /* malformed or unsupported. */ + } + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + &sigAndHash, ss->sec.peerCert); + if (rv != SECSuccess) { + goto loser; + } } rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } if (length != 0) { - if (isTLS) - desc = decode_error; - goto alert_loser; /* malformed. */ + if (isTLS) + desc = decode_error; + goto alert_loser; /* malformed. */ } - PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, - ec_params.len)); + PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, + ec_params.len)); PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len)); /* failures after this point are not malformed handshakes. */ @@ -671,51 +671,51 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * check to make sure the hash is signed by right guy */ rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature, - isTLS, ss->pkcs11PinArg); + isTLS, ss->pkcs11PinArg); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - goto no_memory; + goto no_memory; } ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { - goto no_memory; + goto no_memory; } peerKey->arena = arena; peerKey->keyType = ecKey; /* set up EC parameters in peerKey */ - if (ssl3_ECName2Params(arena, ec_params.data[2], - &peerKey->u.ec.DEREncodedParams) != SECSuccess) { - /* we should never get here since we already - * checked that we are dealing with a supported curve - */ - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - goto alert_loser; + if (ssl3_ECName2Params(arena, ec_params.data[2], + &peerKey->u.ec.DEREncodedParams) != SECSuccess) { + /* we should never get here since we already + * checked that we are dealing with a supported curve + */ + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + goto alert_loser; } /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { - PORT_FreeArena(arena, PR_FALSE); - goto no_memory; + PORT_FreeArena(arena, PR_FALSE); + goto no_memory; } peerKey->pkcs11Slot = NULL; peerKey->pkcs11ID = CK_INVALID_HANDLE; @@ -731,7 +731,7 @@ loser: PORT_SetError( errCode ); return SECFailure; -no_memory: /* no-memory error has already been set. */ +no_memory: /* no-memory error has already been set. */ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -757,104 +757,104 @@ ssl3_SendECDHServerKeyExchange( /* Generate ephemeral ECDH key pair and send the public key */ curve = ssl3_GetCurveNameForServerSocket(ss); if (curve == ec_noName) { - goto loser; + goto loser; } rv = ssl3_CreateECDHEphemeralKeys(ss, curve); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + goto loser; /* err set by AppendHandshake. */ + } ecdhePub = ss->ephemeralECDHKeyPair->pubKey; PORT_Assert(ecdhePub != NULL); if (!ecdhePub) { - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - return SECFailure; - } - + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + return SECFailure; + } + ec_params.len = sizeof paramBuf; ec_params.data = paramBuf; curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams); if (curve != ec_noName) { - ec_params.data[0] = ec_type_named; - ec_params.data[1] = 0x00; - ec_params.data[2] = curve; + ec_params.data[0] = ec_type_named; + ec_params.data[1] = 0x00; + ec_params.data[2] = curve; } else { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - goto loser; - } + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + goto loser; + } rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg, - ec_params, - ecdhePub->u.ec.publicValue, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + ec_params, + ecdhePub->u.ec.publicValue, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* XXX SSLKEAType isn't really a good choice for + /* XXX SSLKEAType isn't really a good choice for * indexing certificates but that's all we have * for now. */ if (kea_def->kea == kea_ecdhe_rsa) - certIndex = kt_rsa; + certIndex = kt_rsa; else /* kea_def->kea == kea_ecdhe_ecdsa */ - certIndex = kt_ecdh; + certIndex = kt_ecdh; - rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, - &signed_hash, isTLS); + rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, + &signed_hash, isTLS); if (rv != SECSuccess) { - goto loser; /* ssl3_SignHashes has set err. */ + goto loser; /* ssl3_SignHashes has set err. */ } if (signed_hash.data == NULL) { - /* how can this happen and rv == SECSuccess ?? */ - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + /* how can this happen and rv == SECSuccess ?? */ + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } - length = ec_params.len + - 1 + ecdhePub->u.ec.publicValue.len + - (isTLS12 ? 2 : 0) + 2 + signed_hash.len; + length = ec_params.len + + 1 + ecdhePub->u.ec.publicValue.len + + (isTLS12 ? 2 : 0) + 2 + signed_hash.len; rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data, - ecdhePub->u.ec.publicValue.len, 1); + ecdhePub->u.ec.publicValue.len, 1); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } if (isTLS12) { - rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); - if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } } rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, - signed_hash.len, 2); + signed_hash.len, 2); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } PORT_Free(signed_hash.data); return SECSuccess; loser: - if (signed_hash.data != NULL) - PORT_Free(signed_hash.data); + if (signed_hash.data != NULL) + PORT_Free(signed_hash.data); return SECFailure; } @@ -948,11 +948,11 @@ SECStatus ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) { if (!suite) - suite = ecSuites; + suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -967,41 +967,41 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss) svrCert = ss->serverCerts[kt_rsa].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); + ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); } svrCert = ss->serverCerts[kt_ecdh].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdh_suites); - ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); + ssl3_DisableECCSuites(ss, ecdh_suites); + ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); } else { - SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); + SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); - switch (sigTag) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: - ssl3_DisableECCSuites(ss, ecdh_rsa_suites); - break; - default: - ssl3_DisableECCSuites(ss, ecdh_suites); - break; - } + switch (sigTag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); + break; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + ssl3_DisableECCSuites(ss, ecdh_rsa_suites); + break; + default: + ssl3_DisableECCSuites(ss, ecdh_suites); + break; + } } } @@ -1016,18 +1016,18 @@ ssl3_IsECCEnabled(sslSocket * ss) /* make sure we can do ECC */ slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg); if (!slot) { - return PR_FALSE; + return PR_FALSE; } PK11_FreeSlot(slot); /* make sure an ECC cipher is enabled */ for (suite = ecSuites; *suite; ++suite) { - PRBool enabled = PR_FALSE; - SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); + PRBool enabled = PR_FALSE; + SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); - PORT_Assert(rv == SECSuccess); /* else is coding error */ - if (rv == SECSuccess && enabled) - return PR_TRUE; + PORT_Assert(rv == SECSuccess); /* else is coding error */ + if (rv == SECSuccess && enabled) + return PR_TRUE; } return PR_FALSE; } @@ -1035,7 +1035,7 @@ ssl3_IsECCEnabled(sslSocket * ss) #define BE(n) 0, n /* Prefabricated TLS client hello extension, Elliptic Curves List, - * offers only 3 curves, the Suite B curves, 23-25 + * offers only 3 curves, the Suite B curves, 23-25 */ static const PRUint8 suiteBECList[12] = { BE(10), /* Extension type */ @@ -1051,9 +1051,9 @@ static const PRUint8 tlsECList[56] = { BE(10), /* Extension type */ BE(52), /* octets that follow (25 pairs + 1 length pair) */ BE(50), /* octets that follow (25 pairs) */ - BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), - BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), - BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), + BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), + BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), + BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), BE(24), BE(25) }; @@ -1076,12 +1076,12 @@ ssl3_SuiteBOnly(sslSocket *ss) /* See if we can support small curves (like 163). If not, assume we can * only support Suite-B curves (P-256, P-384, P-521). */ PK11SlotInfo *slot = - PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, - ss ? ss->pkcs11PinArg : NULL); + PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, + ss ? ss->pkcs11PinArg : NULL); if (!slot) { - /* nope, presume we can only do suite B */ - return PR_TRUE; + /* nope, presume we can only do suite B */ + return PR_TRUE; } /* we can, presume we can do all curves */ PK11_FreeSlot(slot); @@ -1093,33 +1093,33 @@ ssl3_SuiteBOnly(sslSocket *ss) */ PRInt32 ssl3_SendSupportedCurvesXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 ecListSize = 0; const PRUint8 *ecList = NULL; if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (ssl3_SuiteBOnly(ss)) { - ecListSize = sizeof suiteBECList; - ecList = suiteBECList; + ecListSize = sizeof suiteBECList; + ecList = suiteBECList; } else { - ecListSize = sizeof tlsECList; - ecList = tlsECList; + ecListSize = sizeof tlsECList; + ecList = tlsECList; } - + if (append && maxBytes >= ecListSize) { - SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_elliptic_curves_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_elliptic_curves_xtn; + } } return ecListSize; } @@ -1128,7 +1128,7 @@ PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss) { if (ssl3_SuiteBOnly(ss)) { - return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; + return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; } return SSL3_ALL_SUPPORTED_CURVES_MASK; } @@ -1138,21 +1138,21 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss) */ PRInt32 ssl3_SendSupportedPointFormatsXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (append && maxBytes >= (sizeof ecPtFmt)) { - SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_ec_point_formats_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_ec_point_formats_xtn; + } } return (sizeof ecPtFmt); } @@ -1168,17 +1168,17 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } for (i = data->len; --i > 0; ) { - if (data->data[i] == 0) { - /* indicate that we should send a reply */ - SECStatus rv; - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - &ssl3_SendSupportedPointFormatsXtn); - return rv; - } + if (data->data[i] == 0) { + /* indicate that we should send a reply */ + SECStatus rv; + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + &ssl3_SendSupportedPointFormatsXtn); + return rv; + } } loser: /* evil client doesn't support uncompressed */ @@ -1192,14 +1192,14 @@ loser: ss->serverCerts[type].serverKeyPair->pubKey : NULL) /* Extract the TLS curve name for the public key in our EC server cert. */ -ECName ssl3_GetSvrCertCurveName(sslSocket *ss) +ECName ssl3_GetSvrCertCurveName(sslSocket *ss) { - SECKEYPublicKey *srvPublicKey; - ECName ec_curve = ec_noName; + SECKEYPublicKey *srvPublicKey; + ECName ec_curve = ec_noName; srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh); if (srvPublicKey) { - ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); + ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); } return ec_curve; } @@ -1216,37 +1216,37 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint16 svrCertCurveName; if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + goto loser; /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (curve_name > ec_noName && curve_name < ec_pastLastName) { - peerCurves |= (1U << curve_name); - } + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name > ec_noName && curve_name < ec_pastLastName) { + peerCurves |= (1U << curve_name); + } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + goto loser; } - /* if our ECC cert doesn't use one of these supported curves, - * disable ECC cipher suites that require an ECC cert. + /* if our ECC cert doesn't use one of these supported curves, + * disable ECC cipher suites that require an ECC cert. */ svrCertCurveName = ssl3_GetSvrCertCurveName(ss); if (svrCertCurveName != ec_noName && (mutualCurves & (1U << svrCertCurveName)) != 0) { - return SECSuccess; + return SECSuccess; } /* Our EC cert doesn't contain a mutually supported curve. - * Disable all ECC cipher suites that require an EC cert + * Disable all ECC cipher suites that require an EC cert */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 607171c4..1d1f39cc 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -48,18 +48,22 @@ static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key, #endif static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); -static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, +static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); -static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); + PRUint16 ex_type, SECItem *data); +static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data); static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); + PRUint32 maxBytes); +static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, @@ -87,7 +91,7 @@ static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; PORT_Memcpy(item->data, buf, bytes); item->data += bytes; @@ -109,13 +113,13 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) switch (lenSize) { case 4: - *p++ = (PRUint8) (num >> 24); + *p++ = (PRUint8) (num >> 24); case 3: - *p++ = (PRUint8) (num >> 16); + *p++ = (PRUint8) (num >> 16); case 2: - *p++ = (PRUint8) (num >> 8); + *p++ = (PRUint8) (num >> 8); case 1: - *p = (PRUint8) num; + *p = (PRUint8) num; } rv = ssl3_AppendToItem(item, &b[0], lenSize); return rv; @@ -124,15 +128,15 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData) { if (session_ticket_enc_key_pkcs11) { - PK11_FreeSymKey(session_ticket_enc_key_pkcs11); - session_ticket_enc_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_enc_key_pkcs11); + session_ticket_enc_key_pkcs11 = NULL; } if (session_ticket_mac_key_pkcs11) { - PK11_FreeSymKey(session_ticket_mac_key_pkcs11); - session_ticket_mac_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_mac_key_pkcs11); + session_ticket_mac_key_pkcs11 = NULL; } PORT_Memset(&generate_session_keys_once, 0, - sizeof(generate_session_keys_once)); + sizeof(generate_session_keys_once)); return SECSuccess; } @@ -146,22 +150,22 @@ ssl3_GenerateSessionTicketKeysPKCS11(void *data) SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey; if (svrPrivKey == NULL || svrPubKey == NULL) { - SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", - SSL_GETPID(), ss->fd)); - goto loser; + SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", + SSL_GETPID(), ss->fd)); + goto loser; } /* Get a copy of the session keys from shared memory. */ PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey, - ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) - return PR_FAILURE; + ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], + &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) + return PR_FAILURE; rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL); if (rv != SECSuccess) - goto loser; + goto loser; return PR_SUCCESS; @@ -175,12 +179,12 @@ ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key, PK11SymKey **mac_key) { if (PR_CallOnceWithArg(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) + return SECFailure; if (session_ticket_enc_key_pkcs11 == NULL || - session_ticket_mac_key_pkcs11 == NULL) - return SECFailure; + session_ticket_mac_key_pkcs11 == NULL) + return SECFailure; *aes_key = session_ticket_enc_key_pkcs11; *mac_key = session_ticket_mac_key_pkcs11; @@ -192,11 +196,11 @@ static PRStatus ssl3_GenerateSessionTicketKeys(void) { PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - session_ticket_enc_key, session_ticket_mac_key)) - return PR_FAILURE; + session_ticket_enc_key, session_ticket_mac_key)) + return PR_FAILURE; session_ticket_keys_initialized = PR_TRUE; return PR_SUCCESS; @@ -208,11 +212,11 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, PRUint32 *mac_key_length) { if (PR_CallOnce(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) + return SECFailure; if (!session_ticket_keys_initialized) - return SECFailure; + return SECFailure; *aes_key = session_ticket_enc_key; *aes_key_length = sizeof(session_ticket_enc_key); @@ -237,6 +241,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, + { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, @@ -268,7 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { * The server's table of hello senders is dynamic, in the socket struct, * and sender functions are registered there. */ -static const +static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, @@ -285,7 +290,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { /* any extra entries will appear as { 0, NULL } */ }; -static const +static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } /* any extra entries will appear as { 0, NULL } */ @@ -296,8 +301,8 @@ arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { int i; for (i = 0; i < len; i++) { - if (ex_type == array[i]) - return PR_TRUE; + if (ex_type == array[i]) + return PR_TRUE; } return PR_FALSE; } @@ -306,14 +311,14 @@ PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->negotiated, - xtnData->numNegotiated, ex_type); + xtnData->numNegotiated, ex_type); } static PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->advertised, - xtnData->numAdvertised, ex_type); + xtnData->numAdvertised, ex_type); } /* Format an SNI extension, using the name from the socket's URL, @@ -326,11 +331,11 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, { SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { PRUint32 len; PRNetAddr netAddr; - + /* must have a hostname */ if (!ss->url || !ss->url[0]) return 0; @@ -342,10 +347,10 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, len = PORT_Strlen(ss->url); if (append && maxBytes >= len + 9) { /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); + rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); if (rv != SECSuccess) return -1; /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); if (rv != SECSuccess) return -1; /* length of server_name_list */ rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2); @@ -358,8 +363,8 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_server_name_xtn; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_server_name_xtn; } } return len + 9; @@ -401,7 +406,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECSuccess; } /* length of server_name_list */ - listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (listLenBytes == 0 || listLenBytes != data->len) { return SECFailure; } @@ -412,7 +417,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRInt32 type; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); if (!ldata.len) { return SECFailure; } @@ -440,7 +445,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRBool nametypePresent = PR_FALSE; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { if (names[j].type == type) { @@ -472,16 +477,16 @@ loser: PORT_Free(names); return SECFailure; } - + /* Called by both clients and servers. * Clients sends a filled in session ticket if one is available, and otherwise * sends an empty ticket. Servers always send empty tickets. */ PRInt32 ssl3_SendSessionTicketXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; NewSessionTicket *session_ticket = NULL; @@ -489,7 +494,7 @@ ssl3_SendSessionTicketXtn( /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return 0; + return 0; /* Empty extension length = extension_type (2-bytes) + * length(extension_data) (2-bytes) @@ -501,53 +506,53 @@ ssl3_SendSessionTicketXtn( * the extension always respond with an empty extension. */ if (!ss->sec.isServer) { - /* The caller must be holding sid->u.ssl3.lock for reading. We cannot - * just acquire and release the lock within this function because the - * caller will call this function twice, and we need the inputs to be - * consistent between the two calls. Note that currently the caller - * will only be holding the lock when we are the client and when we're - * attempting to resume an existing session. - */ + /* The caller must be holding sid->u.ssl3.lock for reading. We cannot + * just acquire and release the lock within this function because the + * caller will call this function twice, and we need the inputs to be + * consistent between the two calls. Note that currently the caller + * will only be holding the lock when we are the client and when we're + * attempting to resume an existing session. + */ - session_ticket = &sid->u.ssl3.locked.sessionTicket; - if (session_ticket->ticket.data) { - if (ss->xtnData.ticketTimestampVerified) { - extension_length += session_ticket->ticket.len; - } else if (!append && - (session_ticket->ticket_lifetime_hint == 0 || - (session_ticket->ticket_lifetime_hint + - session_ticket->received_timestamp > ssl_Time()))) { - extension_length += session_ticket->ticket.len; - ss->xtnData.ticketTimestampVerified = PR_TRUE; - } - } + session_ticket = &sid->u.ssl3.locked.sessionTicket; + if (session_ticket->ticket.data) { + if (ss->xtnData.ticketTimestampVerified) { + extension_length += session_ticket->ticket.len; + } else if (!append && + (session_ticket->ticket_lifetime_hint == 0 || + (session_ticket->ticket_lifetime_hint + + session_ticket->received_timestamp > ssl_Time()))) { + extension_length += session_ticket->ticket.len; + ss->xtnData.ticketTimestampVerified = PR_TRUE; + } + } } if (append && maxBytes >= extension_length) { - SECStatus rv; - /* extension_type */ + SECStatus rv; + /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); if (rv != SECSuccess) - goto loser; - if (session_ticket && session_ticket->ticket.data && - ss->xtnData.ticketTimestampVerified) { - rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, - session_ticket->ticket.len, 2); - ss->xtnData.ticketTimestampVerified = PR_FALSE; - ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; - } else { - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - } + goto loser; + if (session_ticket && session_ticket->ticket.data && + ss->xtnData.ticketTimestampVerified) { + rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, + session_ticket->ticket.len, 2); + ss->xtnData.ticketTimestampVerified = PR_FALSE; + ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; + } else { + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + } if (rv != SECSuccess) - goto loser; + goto loser; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_session_ticket_xtn; - } + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_session_ticket_xtn; + } } else if (maxBytes < extension_length) { - PORT_Assert(0); + PORT_Assert(0); return 0; } return extension_length; @@ -559,12 +564,13 @@ ssl3_SendSessionTicketXtn( /* handle an incoming Next Protocol Negotiation extension. */ static SECStatus -ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) { if (ss->firstHsDone || data->len != 0) { - /* Clients MUST send an empty NPN extension, if any. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + /* Clients MUST send an empty NPN extension, if any. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -585,71 +591,57 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) unsigned int offset = 0; while (offset < length) { - unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; - /* Reject embedded nulls to protect against buggy applications that - * store protocol identifiers in null-terminated strings. - */ - if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - offset = newOffset; + unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; + /* Reject embedded nulls to protect against buggy applications that + * store protocol identifiers in null-terminated strings. + */ + if (newOffset > length || data[offset] == 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + offset = newOffset; } if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } return SECSuccess; } +/* protocol selection handler for ALPN (server side) and NPN (client side) */ static SECStatus -ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) +ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; unsigned char resultBuffer[255]; SECItem result = { siBuffer, resultBuffer, 0 }; - PORT_Assert(!ss->firstHsDone); - - if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { - /* If the server negotiated ALPN then it has already told us what - * protocol to use, so it doesn't make sense for us to try to negotiate - * a different one by sending the NPN handshake message. However, if - * we've negotiated NPN then we're required to send the NPN handshake - * message. Thus, these two extensions cannot both be negotiated on the - * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) - return rv; - - /* ss->nextProtoCallback cannot normally be NULL if we negotiated the - * extension. However, It is possible that an application erroneously - * cleared the callback between the time we sent the ClientHello and now. - */ - PORT_Assert(ss->nextProtoCallback != NULL); - if (!ss->nextProtoCallback) { - /* XXX Use a better error code. This is an application error, not an - * NSS bug. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } + return rv; + PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); + result.data, &result.len, sizeof resultBuffer); if (rv != SECSuccess) - return rv; + return rv; /* If the callback wrote more than allowed to |result| it has corrupted our * stack. */ if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + if (ex_type == ssl_app_layer_protocol_xtn && + ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { + /* The callback might say OK, but then it's picked a default. + * That's OK for NPN, but not ALPN. */ + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); + (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -658,6 +650,78 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } +/* handle an incoming ALPN extension at the server */ +static SECStatus +ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) +{ + int count; + SECStatus rv; + + /* We expressly don't want to allow ALPN on renegotiation, + * despite it being permitted by the spec. */ + if (ss->firstHsDone || data->len == 0) { + /* Clients MUST send a non-empty ALPN extension. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + + /* unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello */ + count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (count < 0) { + return SECFailure; /* fatal alert was sent */ + } + if (count != data->len) { + return ssl3_DecodeError(ss); + } + + if (!ss->nextProtoCallback) { + /* we're not configured for it */ + return SECSuccess; + } + + rv = ssl3_SelectAppProtocol(ss, ex_type, data); + if (rv != SECSuccess) { + return rv; + } + + /* prepare to send back a response, if we negotiated */ + if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { + return ssl3_RegisterServerHelloExtensionSender( + ss, ex_type, ssl3_ServerSendAppProtoXtn); + } + return SECSuccess; +} + +static SECStatus +ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data) +{ + PORT_Assert(!ss->firstHsDone); + + if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { + /* If the server negotiated ALPN then it has already told us what + * protocol to use, so it doesn't make sense for us to try to negotiate + * a different one by sending the NPN handshake message. However, if + * we've negotiated NPN then we're required to send the NPN handshake + * message. Thus, these two extensions cannot both be negotiated on the + * same connection. */ + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + /* We should only get this call if we sent the extension, so + * ss->nextProtoCallback needs to be non-NULL. However, it is possible + * that an application erroneously cleared the callback between the time + * we sent the ClientHello and now. */ + if (!ss->nextProtoCallback) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + return SECFailure; + } + + return ssl3_SelectAppProtocol(ss, ex_type, data); +} + static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { @@ -666,8 +730,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; } /* The extension data from the server has the following format: @@ -675,15 +739,15 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * uint8 len; * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); + ((PRUint16) d[1]); if (name_list_len != data->len - 2 || d[2] != data->len - 3) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } protocol_name.data = data->data + 3; @@ -697,29 +761,29 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, - PRUint32 maxBytes) + PRUint32 maxBytes) { PRInt32 extension_length; /* Renegotiations do not send this extension. */ if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) { - return 0; + return 0; } extension_length = 4; if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_next_proto_nego_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_next_proto_nego_xtn; } else if (maxBytes < extension_length) { - return 0; + return 0; } return extension_length; @@ -736,66 +800,108 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) /* Renegotiations do not send this extension. */ if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) { - return 0; + return 0; } extension_length = 2 /* extension type */ + 2 /* extension length */ + - 2 /* protocol name list length */ + - ss->opt.nextProtoNego.len; + 2 /* protocol name list length */ + + ss->opt.nextProtoNego.len; if (append && maxBytes >= extension_length) { - /* NPN requires that the client's fallback protocol is first in the - * list. However, ALPN sends protocols in preference order. So we - * allocate a buffer and move the first protocol to the end of the - * list. */ - SECStatus rv; - const unsigned int len = ss->opt.nextProtoNego.len; + /* NPN requires that the client's fallback protocol is first in the + * list. However, ALPN sends protocols in preference order. So we + * allocate a buffer and move the first protocol to the end of the + * list. */ + SECStatus rv; + const unsigned int len = ss->opt.nextProtoNego.len; - alpn_protos = PORT_Alloc(len); - if (alpn_protos == NULL) { - return SECFailure; - } - if (len > 0) { - /* Each protocol string is prefixed with a single byte length. */ - unsigned int i = ss->opt.nextProtoNego.data[0] + 1; - if (i <= len) { - memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); - memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); - } else { - /* This seems to be invalid data so we'll send as-is. */ - memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); - } - } + alpn_protos = PORT_Alloc(len); + if (alpn_protos == NULL) { + return SECFailure; + } + if (len > 0) { + /* Each protocol string is prefixed with a single byte length. */ + unsigned int i = ss->opt.nextProtoNego.data[0] + 1; + if (i <= len) { + memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); + memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); + } else { + /* This seems to be invalid data so we'll send as-is. */ + memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); + } + } - rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); - if (rv != SECSuccess) { - goto loser; - } - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) { - goto loser; - } - rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2); - PORT_Free(alpn_protos); - alpn_protos = NULL; - if (rv != SECSuccess) { - goto loser; - } - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_app_layer_protocol_xtn; + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2); + PORT_Free(alpn_protos); + alpn_protos = NULL; + if (rv != SECSuccess) { + goto loser; + } + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_app_layer_protocol_xtn; } else if (maxBytes < extension_length) { - return 0; + return 0; } return extension_length; loser: if (alpn_protos) { - PORT_Free(alpn_protos); + PORT_Free(alpn_protos); } return -1; } +static PRInt32 +ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +{ + PRInt32 extension_length; + + /* we're in over our heads if any of these fail */ + PORT_Assert(ss->opt.enableALPN); + PORT_Assert(ss->ssl3.nextProto.data); + PORT_Assert(ss->ssl3.nextProto.len > 0); + PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED); + PORT_Assert(!ss->firstHsDone); + + extension_length = 2 /* extension type */ + 2 /* extension length */ + + 2 /* protocol name list */ + 1 /* name length */ + + ss->ssl3.nextProto.len; + + if (append && maxBytes >= extension_length) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data, + ss->ssl3.nextProto.len, 1); + if (rv != SECSuccess) { + return -1; + } + } else if (maxBytes < extension_length) { + return 0; + } + + return extension_length; +} + static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) @@ -812,9 +918,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, static PRInt32 ssl3_ServerSendStatusRequestXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; SECStatus rv; @@ -822,29 +928,29 @@ ssl3_ServerSendStatusRequestXtn( PRBool haveStatus = PR_FALSE; for (i = kt_null; i < kt_kea_size; i++) { - /* TODO: This is a temporary workaround. - * The correct code needs to see if we have an OCSP response for - * the server certificate being used, rather than if we have any - * OCSP response. See also ssl3_SendCertificateStatus. - */ - if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { - haveStatus = PR_TRUE; - break; - } + /* TODO: This is a temporary workaround. + * The correct code needs to see if we have an OCSP response for + * the server certificate being used, rather than if we have any + * OCSP response. See also ssl3_SendCertificateStatus. + */ + if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { + haveStatus = PR_TRUE; + break; + } } if (!haveStatus) - return 0; + return 0; extension_length = 2 + 2; if (append && maxBytes >= extension_length) { - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); - if (rv != SECSuccess) - return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - return -1; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); + if (rv != SECSuccess) + return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + return -1; } return extension_length; @@ -954,14 +1060,14 @@ ssl3_SendNewSessionTicket(sslSocket *ss) * must be >= 0 */ SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT; cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ? - 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; + 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; /* Get IV and encryption keys */ ivItem.data = iv; @@ -971,47 +1077,47 @@ ssl3_SendNewSessionTicket(sslSocket *ss) #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); } if (rv != SECSuccess) goto loser; if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) { - /* The master secret is available unwrapped. */ - ms_item.data = ss->ssl3.pwSpec->msItem.data; - ms_item.len = ss->ssl3.pwSpec->msItem.len; - ms_is_wrapped = PR_FALSE; + /* The master secret is available unwrapped. */ + ms_item.data = ss->ssl3.pwSpec->msItem.data; + ms_item.len = ss->ssl3.pwSpec->msItem.len; + ms_is_wrapped = PR_FALSE; } else { - /* Extract the master secret wrapped. */ - sslSessionID sid; - PORT_Memset(&sid, 0, sizeof(sslSessionID)); + /* Extract the master secret wrapped. */ + sslSessionID sid; + PORT_Memset(&sid, 0, sizeof(sslSessionID)); - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { - effectiveExchKeyType = kt_rsa; - } else { - effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; - } + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + effectiveExchKeyType = kt_rsa; + } else { + effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; + } - rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, - effectiveExchKeyType); - if (rv == SECSuccess) { - if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) - goto loser; - memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, - sid.u.ssl3.keys.wrapped_master_secret_len); - ms_item.data = wrapped_ms; - ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; - msWrapMech = sid.u.ssl3.masterWrapMech; - } else { - /* TODO: else send an empty ticket. */ - goto loser; - } - ms_is_wrapped = PR_TRUE; + rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, + effectiveExchKeyType); + if (rv == SECSuccess) { + if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) + goto loser; + memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, + sid.u.ssl3.keys.wrapped_master_secret_len); + ms_item.data = wrapped_ms; + ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; + msWrapMech = sid.u.ssl3.masterWrapMech; + } else { + /* TODO: else send an empty ticket. */ + goto loser; + } + ms_is_wrapped = PR_TRUE; } /* Prep to send negotiated name */ srvName = &ss->ssl3.pwSpec->srvVirtName; @@ -1019,55 +1125,55 @@ ssl3_SendNewSessionTicket(sslSocket *ss) srvNameLen = 2 + srvName->len; /* len bytes + name len */ } - ciphertext_length = - sizeof(PRUint16) /* ticket_version */ - + sizeof(SSL3ProtocolVersion) /* ssl_version */ - + sizeof(ssl3CipherSuite) /* ciphersuite */ - + 1 /* compression */ - + 10 /* cipher spec parameters */ - + 1 /* SessionTicket.ms_is_wrapped */ - + 1 /* effectiveExchKeyType */ - + 4 /* msWrapMech */ - + 2 /* master_secret.length */ - + ms_item.len /* master_secret */ - + 1 /* client_auth_type */ - + cert_length /* cert */ + ciphertext_length = + sizeof(PRUint16) /* ticket_version */ + + sizeof(SSL3ProtocolVersion) /* ssl_version */ + + sizeof(ssl3CipherSuite) /* ciphersuite */ + + 1 /* compression */ + + 10 /* cipher spec parameters */ + + 1 /* SessionTicket.ms_is_wrapped */ + + 1 /* effectiveExchKeyType */ + + 4 /* msWrapMech */ + + 2 /* master_secret.length */ + + ms_item.len /* master_secret */ + + 1 /* client_auth_type */ + + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ - + sizeof(ticket.ticket_lifetime_hint); + + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - - (ciphertext_length % AES_BLOCK_SIZE); + (ciphertext_length % AES_BLOCK_SIZE); ciphertext_length += padding_length; message_length = - sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ - + 2 /* length field for NewSessionTicket.ticket */ - + SESS_TICKET_KEY_NAME_LEN /* key_name */ - + AES_BLOCK_SIZE /* iv */ - + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ - + ciphertext_length /* encrypted_state */ - + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ + sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ + + 2 /* length field for NewSessionTicket.ticket */ + + SESS_TICKET_KEY_NAME_LEN /* key_name */ + + AES_BLOCK_SIZE /* iv */ + + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ + + ciphertext_length /* encrypted_state */ + + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL) - goto loser; + goto loser; plaintext = plaintext_item; /* ticket_version */ rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION, - sizeof(PRUint16)); + sizeof(PRUint16)); if (rv != SECSuccess) goto loser; /* ssl_version */ rv = ssl3_AppendNumberToItem(&plaintext, ss->version, - sizeof(SSL3ProtocolVersion)); + sizeof(SSL3ProtocolVersion)); if (rv != SECSuccess) goto loser; /* ciphersuite */ - rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, - sizeof(ssl3CipherSuite)); + rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, + sizeof(ssl3CipherSuite)); if (rv != SECSuccess) goto loser; - + /* compression */ rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1); if (rv != SECSuccess) goto loser; @@ -1096,24 +1202,24 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* client_identity */ if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) { - rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendNumberToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.len, 3); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.data, - ss->sec.ci.sid->peerCert->derCert.len); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.len, 3); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.data, + ss->sec.ci.sid->peerCert->derCert.len); + if (rv != SECSuccess) goto loser; } else { - rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); + if (rv != SECSuccess) goto loser; } /* timestamp */ now = ssl_Time(); rv = ssl3_AppendNumberToItem(&plaintext, now, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; if (srvNameLen) { @@ -1134,39 +1240,39 @@ ssl3_SendNewSessionTicket(sslSocket *ss) PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) - plaintext.data[i] = (unsigned char)padding_length; + plaintext.data[i] = (unsigned char)padding_length; if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) { - rv = SECFailure; - goto loser; + rv = SECFailure; + goto loser; } /* Generate encrypted portion of ticket. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, - NSS_AES_CBC, 1, AES_BLOCK_SIZE); - if (rv != SECSuccess) goto loser; + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, + NSS_AES_CBC, 1, AES_BLOCK_SIZE); + if (rv != SECSuccess) goto loser; - rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, - ciphertext.len, plaintext_item.data, - plaintext_item.len); - if (rv != SECSuccess) goto loser; - } else + rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, + ciphertext.len, plaintext_item.data, + plaintext_item.len); + if (rv != SECSuccess) goto loser; + } else #endif { - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_ENCRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) - goto loser; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_ENCRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) + goto loser; - rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, - (int *)&ciphertext.len, ciphertext.len, - plaintext_item.data, plaintext_item.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, + (int *)&ciphertext.len, ciphertext.len, + plaintext_item.data, plaintext_item.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Convert ciphertext length to network order. */ @@ -1176,40 +1282,40 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* Compute MAC. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - mac_key_length, PR_FALSE) != SECSuccess) - goto loser; + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + mac_key_length, PR_FALSE) != SECSuccess) + goto loser; - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); - HMAC_Update(hmac_ctx, iv, sizeof(iv)); - HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); - HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); - HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)); - } else + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); + HMAC_Update(hmac_ctx, iv, sizeof(iv)); + HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); + HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); + HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)); + } else #endif { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) - goto loser; + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) + goto loser; - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, - SESS_TICKET_KEY_NAME_LEN); - rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); - rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); - rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, + SESS_TICKET_KEY_NAME_LEN); + rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); + rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); + rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Serialize the handshake message. */ @@ -1217,11 +1323,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, - message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); + message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN); @@ -1238,9 +1344,9 @@ ssl3_SendNewSessionTicket(sslSocket *ss) loser: if (plaintext_item.data) - SECITEM_FreeItem(&plaintext_item, PR_FALSE); + SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) - SECITEM_FreeItem(&ciphertext, PR_FALSE); + SECITEM_FreeItem(&ciphertext, PR_FALSE); return rv; } @@ -1253,7 +1359,7 @@ ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { if (data->len != 0) - return SECFailure; + return SECFailure; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1272,7 +1378,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return SECSuccess; + return SECSuccess; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1282,302 +1388,302 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, * instead of terminating the current connection. */ if (data->len == 0) { - ss->xtnData.emptySessionTicket = PR_TRUE; + ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; - SECItem extension_data; - EncryptedSessionTicket enc_session_ticket; - unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; - unsigned int computed_mac_length; + int i; + SECItem extension_data; + EncryptedSessionTicket enc_session_ticket; + unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; + unsigned int computed_mac_length; #ifndef NO_PKCS11_BYPASS - const SECHashObject *hashObj; - const unsigned char *aes_key; - const unsigned char *mac_key; - PRUint32 aes_key_length; - PRUint32 mac_key_length; - PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; - HMACContext *hmac_ctx; - PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; - AESContext *aes_ctx; + const SECHashObject *hashObj; + const unsigned char *aes_key; + const unsigned char *mac_key; + PRUint32 aes_key_length; + PRUint32 mac_key_length; + PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; + HMACContext *hmac_ctx; + PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; + AESContext *aes_ctx; #endif - PK11SymKey *aes_key_pkcs11; - PK11SymKey *mac_key_pkcs11; - PK11Context *hmac_ctx_pkcs11; - CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *aes_ctx_pkcs11; - CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; - unsigned char * padding; - PRUint32 padding_length; - unsigned char *buffer; - unsigned int buffer_len; - PRInt32 temp; - SECItem cert_item; + PK11SymKey *aes_key_pkcs11; + PK11SymKey *mac_key_pkcs11; + PK11Context *hmac_ctx_pkcs11; + CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; + PK11Context *aes_ctx_pkcs11; + CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; + unsigned char * padding; + PRUint32 padding_length; + unsigned char *buffer; + unsigned int buffer_len; + PRInt32 temp; + SECItem cert_item; PRInt8 nameType = TLS_STE_NO_SERVER_NAME; - /* Turn off stateless session resumption if the client sends a - * SessionTicket extension, even if the extension turns out to be - * malformed (ss->sec.ci.sid is non-NULL when doing session - * renegotiation.) - */ - if (ss->sec.ci.sid != NULL) { - if (ss->sec.uncache) - ss->sec.uncache(ss->sec.ci.sid); - ssl_FreeSID(ss->sec.ci.sid); - ss->sec.ci.sid = NULL; - } + /* Turn off stateless session resumption if the client sends a + * SessionTicket extension, even if the extension turns out to be + * malformed (ss->sec.ci.sid is non-NULL when doing session + * renegotiation.) + */ + if (ss->sec.ci.sid != NULL) { + if (ss->sec.uncache) + ss->sec.uncache(ss->sec.ci.sid); + ssl_FreeSID(ss->sec.ci.sid); + ss->sec.ci.sid = NULL; + } - extension_data.data = data->data; /* Keep a copy for future use. */ - extension_data.len = data->len; + extension_data.data = data->data; /* Keep a copy for future use. */ + extension_data.len = data->len; - if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) + != SECSuccess) + return SECFailure; - /* Get session ticket keys. */ + /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + if (ss->opt.bypassPKCS11) { + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif - { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); - } - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", - SSL_GETPID(), ss->fd)); - goto loser; - } + { + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); + } + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", + SSL_GETPID(), ss->fd)); + goto loser; + } - /* If the ticket sent by the client was generated under a key different - * from the one we have, bypass ticket processing. - */ - if (PORT_Memcmp(enc_session_ticket.key_name, key_name, - SESS_TICKET_KEY_NAME_LEN) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + /* If the ticket sent by the client was generated under a key different + * from the one we have, bypass ticket processing. + */ + if (PORT_Memcmp(enc_session_ticket.key_name, key_name, + SESS_TICKET_KEY_NAME_LEN) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - /* Verify the MAC on the ticket. MAC verification may also - * fail if the MAC key has been recently refreshed. - */ + /* Verify the MAC on the ticket. MAC verification may also + * fail if the MAC key has been recently refreshed. + */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) - goto no_ticket; - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)) != SECSuccess) - goto no_ticket; - } else + if (ss->opt.bypassPKCS11) { + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) + goto no_ticket; + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)) != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", - SSL_GETPID(), ss->fd, PORT_GetError())); - goto no_ticket; - } else { - SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", - SSL_GETPID(), ss->fd)); - } - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (rv != SECSuccess) { - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - goto no_ticket; - } - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } - if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, - computed_mac_length) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + { + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", + SSL_GETPID(), ss->fd, PORT_GetError())); + goto no_ticket; + } else { + SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", + SSL_GETPID(), ss->fd)); + } + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (rv != SECSuccess) { + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + goto no_ticket; + } + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } + if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, + computed_mac_length) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - /* We ignore key_name for now. - * This is ok as MAC verification succeeded. - */ + /* We ignore key_name for now. + * This is ok as MAC verification succeeded. + */ - /* Decrypt the ticket. */ + /* Decrypt the ticket. */ - /* Plaintext is shorter than the ciphertext due to padding. */ - decrypted_state = SECITEM_AllocItem(NULL, NULL, - enc_session_ticket.encrypted_state.len); + /* Plaintext is shorter than the ciphertext due to padding. */ + decrypted_state = SECITEM_AllocItem(NULL, NULL, + enc_session_ticket.encrypted_state.len); #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, - sizeof(session_ticket_enc_key), enc_session_ticket.iv, - NSS_AES_CBC, 0,AES_BLOCK_SIZE); - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + if (ss->opt.bypassPKCS11) { + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, + sizeof(session_ticket_enc_key), enc_session_ticket.iv, + NSS_AES_CBC, 0,AES_BLOCK_SIZE); + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - rv = AES_Decrypt(aes_ctx, decrypted_state->data, - &decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - if (rv != SECSuccess) - goto no_ticket; - } else + rv = AES_Decrypt(aes_ctx, decrypted_state->data, + &decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + if (rv != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem ivItem; - ivItem.data = enc_session_ticket.iv; - ivItem.len = AES_BLOCK_SIZE; - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_DECRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + { + SECItem ivItem; + ivItem.data = enc_session_ticket.iv; + ivItem.len = AES_BLOCK_SIZE; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_DECRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, - (int *)&decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } + rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, + (int *)&decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } - /* Check padding. */ - padding_length = - (PRUint32)decrypted_state->data[decrypted_state->len - 1]; - if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) - goto no_ticket; + /* Check padding. */ + padding_length = + (PRUint32)decrypted_state->data[decrypted_state->len - 1]; + if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) + goto no_ticket; - padding = &decrypted_state->data[decrypted_state->len - padding_length]; - for (i = 0; i < padding_length; i++, padding++) { - if (padding_length != (PRUint32)*padding) - goto no_ticket; - } + padding = &decrypted_state->data[decrypted_state->len - padding_length]; + for (i = 0; i < padding_length; i++, padding++) { + if (padding_length != (PRUint32)*padding) + goto no_ticket; + } - /* Deserialize session state. */ - buffer = decrypted_state->data; - buffer_len = decrypted_state->len; + /* Deserialize session state. */ + buffer = decrypted_state->data; + buffer_len = decrypted_state->len; - parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); - if (parsed_session_ticket == NULL) { - rv = SECFailure; - goto loser; - } + parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); + if (parsed_session_ticket == NULL) { + rv = SECFailure; + goto loser; + } - /* Read ticket_version (which is ignored for now.) */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; + /* Read ticket_version (which is ignored for now.) */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; - /* Read SSLVersion. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; + /* Read SSLVersion. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; - /* Read cipher_suite. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; + /* Read cipher_suite. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; - /* Read compression_method. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; + /* Read compression_method. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; - /* Read cipher spec parameters. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authAlgorithm = (SSLSignType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authKeyBits = (PRUint32)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaType = (SSLKEAType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaKeyBits = (PRUint32)temp; + /* Read cipher spec parameters. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authAlgorithm = (SSLSignType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authKeyBits = (PRUint32)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaType = (SSLKEAType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaKeyBits = (PRUint32)temp; - /* Read wrapped master_secret. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_is_wrapped = (PRBool)temp; + /* Read wrapped master_secret. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_is_wrapped = (PRBool)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_length = (PRUint16)temp; - if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ - parsed_session_ticket->ms_length > - sizeof(parsed_session_ticket->master_secret)) - goto no_ticket; - - /* Allow for the wrapped master secret to be longer. */ - if (buffer_len < parsed_session_ticket->ms_length) - goto no_ticket; - PORT_Memcpy(parsed_session_ticket->master_secret, buffer, - parsed_session_ticket->ms_length); - buffer += parsed_session_ticket->ms_length; - buffer_len -= parsed_session_ticket->ms_length; + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_length = (PRUint16)temp; + if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ + parsed_session_ticket->ms_length > + sizeof(parsed_session_ticket->master_secret)) + goto no_ticket; - /* Read client_identity */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->client_identity.client_auth_type = - (ClientAuthenticationType)temp; - switch(parsed_session_ticket->client_identity.client_auth_type) { + /* Allow for the wrapped master secret to be longer. */ + if (buffer_len < parsed_session_ticket->ms_length) + goto no_ticket; + PORT_Memcpy(parsed_session_ticket->master_secret, buffer, + parsed_session_ticket->ms_length); + buffer += parsed_session_ticket->ms_length; + buffer_len -= parsed_session_ticket->ms_length; + + /* Read client_identity */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->client_identity.client_auth_type = + (ClientAuthenticationType)temp; + switch(parsed_session_ticket->client_identity.client_auth_type) { case CLIENT_AUTH_ANONYMOUS: - break; + break; case CLIENT_AUTH_CERTIFICATE: - rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, - &buffer, &buffer_len); - if (rv != SECSuccess) goto no_ticket; - rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, - &cert_item); - if (rv != SECSuccess) goto no_ticket; - break; + rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, + &buffer, &buffer_len); + if (rv != SECSuccess) goto no_ticket; + rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, + &cert_item); + if (rv != SECSuccess) goto no_ticket; + break; default: - goto no_ticket; - } - /* Read timestamp. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->timestamp = (PRUint32)temp; + goto no_ticket; + } + /* Read timestamp. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->timestamp = (PRUint32)temp; /* Read server name */ nameType = - ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); if (nameType != TLS_STE_NO_SERVER_NAME) { SECItem name_item; rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer, @@ -1589,99 +1695,99 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } - /* Done parsing. Check that all bytes have been consumed. */ - if (buffer_len != padding_length) - goto no_ticket; + /* Done parsing. Check that all bytes have been consumed. */ + if (buffer_len != padding_length) + goto no_ticket; - /* Use the ticket if it has not expired, otherwise free the allocated - * memory since the ticket is of no use. - */ - if (parsed_session_ticket->timestamp != 0 && - parsed_session_ticket->timestamp + - TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { + /* Use the ticket if it has not expired, otherwise free the allocated + * memory since the ticket is of no use. + */ + if (parsed_session_ticket->timestamp != 0 && + parsed_session_ticket->timestamp + + TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { - sid = ssl3_NewSessionID(ss, PR_TRUE); - if (sid == NULL) { - rv = SECFailure; - goto loser; - } + sid = ssl3_NewSessionID(ss, PR_TRUE); + if (sid == NULL) { + rv = SECFailure; + goto loser; + } - /* Copy over parameters. */ - sid->version = parsed_session_ticket->ssl_version; - sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; - sid->u.ssl3.compression = parsed_session_ticket->compression_method; - sid->authAlgorithm = parsed_session_ticket->authAlgorithm; - sid->authKeyBits = parsed_session_ticket->authKeyBits; - sid->keaType = parsed_session_ticket->keaType; - sid->keaKeyBits = parsed_session_ticket->keaKeyBits; + /* Copy over parameters. */ + sid->version = parsed_session_ticket->ssl_version; + sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; + sid->u.ssl3.compression = parsed_session_ticket->compression_method; + sid->authAlgorithm = parsed_session_ticket->authAlgorithm; + sid->authKeyBits = parsed_session_ticket->authKeyBits; + sid->keaType = parsed_session_ticket->keaType; + sid->keaKeyBits = parsed_session_ticket->keaKeyBits; - /* Copy master secret. */ + /* Copy master secret. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11 && - parsed_session_ticket->ms_is_wrapped) - goto no_ticket; + if (ss->opt.bypassPKCS11 && + parsed_session_ticket->ms_is_wrapped) + goto no_ticket; #endif - if (parsed_session_ticket->ms_length > - sizeof(sid->u.ssl3.keys.wrapped_master_secret)) - goto no_ticket; - PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, - parsed_session_ticket->master_secret, - parsed_session_ticket->ms_length); - sid->u.ssl3.keys.wrapped_master_secret_len = - parsed_session_ticket->ms_length; - sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; - sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; - sid->u.ssl3.keys.msIsWrapped = - parsed_session_ticket->ms_is_wrapped; - sid->u.ssl3.masterValid = PR_TRUE; - sid->u.ssl3.keys.resumable = PR_TRUE; + if (parsed_session_ticket->ms_length > + sizeof(sid->u.ssl3.keys.wrapped_master_secret)) + goto no_ticket; + PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, + parsed_session_ticket->master_secret, + parsed_session_ticket->ms_length); + sid->u.ssl3.keys.wrapped_master_secret_len = + parsed_session_ticket->ms_length; + sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; + sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; + sid->u.ssl3.keys.msIsWrapped = + parsed_session_ticket->ms_is_wrapped; + sid->u.ssl3.masterValid = PR_TRUE; + sid->u.ssl3.keys.resumable = PR_TRUE; - /* Copy over client cert from session ticket if there is one. */ - if (parsed_session_ticket->peer_cert.data != NULL) { - if (sid->peerCert != NULL) - CERT_DestroyCertificate(sid->peerCert); - sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, - &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); - if (sid->peerCert == NULL) { - rv = SECFailure; - goto loser; - } - } - if (parsed_session_ticket->srvName.data != NULL) { + /* Copy over client cert from session ticket if there is one. */ + if (parsed_session_ticket->peer_cert.data != NULL) { + if (sid->peerCert != NULL) + CERT_DestroyCertificate(sid->peerCert); + sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, + &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); + if (sid->peerCert == NULL) { + rv = SECFailure; + goto loser; + } + } + if (parsed_session_ticket->srvName.data != NULL) { sid->u.ssl3.srvName = parsed_session_ticket->srvName; } - ss->statelessResume = PR_TRUE; - ss->sec.ci.sid = sid; - } + ss->statelessResume = PR_TRUE; + ss->sec.ci.sid = sid; + } } if (0) { no_ticket: - SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", - SSL_GETPID(), ss->fd)); - ssl3stats = SSL_GetStatistics(); - SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); + SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", + SSL_GETPID(), ss->fd)); + ssl3stats = SSL_GetStatistics(); + SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); } rv = SECSuccess; loser: - /* ss->sec.ci.sid == sid if it did NOT come here via goto statement - * in that case do not free sid - */ - if (sid && (ss->sec.ci.sid != sid)) { - ssl_FreeSID(sid); - sid = NULL; - } + /* ss->sec.ci.sid == sid if it did NOT come here via goto statement + * in that case do not free sid + */ + if (sid && (ss->sec.ci.sid != sid)) { + ssl_FreeSID(sid); + sid = NULL; + } if (decrypted_state != NULL) { - SECITEM_FreeItem(decrypted_state, PR_TRUE); - decrypted_state = NULL; + SECITEM_FreeItem(decrypted_state, PR_TRUE); + decrypted_state = NULL; } if (parsed_session_ticket != NULL) { - if (parsed_session_ticket->peer_cert.data) { - SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); - } - PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); + if (parsed_session_ticket->peer_cert.data) { + SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); + } + PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); } return rv; @@ -1692,11 +1798,11 @@ loser: * cannot be freed. The caller is expected to call this function * on a shallow copy of the structure. */ -static SECStatus +static SECStatus ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; *buf = item->data; item->data += bytes; @@ -1709,30 +1815,30 @@ ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data, EncryptedSessionTicket *enc_session_ticket) { if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name, - SESS_TICKET_KEY_NAME_LEN) != SECSuccess) - return SECFailure; + SESS_TICKET_KEY_NAME_LEN) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv, - AES_BLOCK_SIZE) != SECSuccess) - return SECFailure; + AES_BLOCK_SIZE) != SECSuccess) + return SECFailure; if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state, - 2, &data->data, &data->len) != SECSuccess) - return SECFailure; + 2, &data->data, &data->len) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac, - TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) - return SECFailure; + TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) + return SECFailure; if (data->len != 0) /* Make sure that we have consumed all bytes. */ - return SECFailure; + return SECFailure; return SECSuccess; } /* go through hello extensions in buffer "b". - * For each one, find the extension handler in the table, and - * if present, invoke that handler. + * For each one, find the extension handler in the table, and + * if present, invoke that handler. * Servers ignore any extensions with unknown extension types. * Clients reject any extensions with unadvertised extension types. */ -SECStatus +SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) { const ssl3HelloExtensionHandler * handlers; @@ -1746,68 +1852,68 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) } while (*length) { - const ssl3HelloExtensionHandler * handler; - SECStatus rv; - PRInt32 extension_type; - SECItem extension_data; + const ssl3HelloExtensionHandler * handler; + SECStatus rv; + PRInt32 extension_type; + SECItem extension_data; - /* Get the extension's type field */ - extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); - if (extension_type < 0) /* failure to decode extension_type */ - return SECFailure; /* alert already sent */ + /* Get the extension's type field */ + extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); + if (extension_type < 0) /* failure to decode extension_type */ + return SECFailure; /* alert already sent */ - /* get the data for this extension, so we can pass it or skip it. */ - rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); - if (rv != SECSuccess) - return rv; + /* get the data for this extension, so we can pass it or skip it. */ + rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); + if (rv != SECSuccess) + return rv; - /* Check whether the server sent an extension which was not advertised - * in the ClientHello. - */ - if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + /* Check whether the server sent an extension which was not advertised + * in the ClientHello. + */ + if (!ss->sec.isServer && + !ssl3_ClientExtensionAdvertised(ss, extension_type)) + return SECFailure; /* TODO: send unsupported_extension alert */ - /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) - return SECFailure; + /* Check whether an extension has been sent multiple times. */ + if (ssl3_ExtensionNegotiated(ss, extension_type)) + return SECFailure; - /* find extension_type in table of Hello Extension Handlers */ - for (handler = handlers; handler->ex_type >= 0; handler++) { - /* if found, call this handler */ - if (handler->ex_type == extension_type) { - rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, - &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; - } - } + /* find extension_type in table of Hello Extension Handlers */ + for (handler = handlers; handler->ex_type >= 0; handler++) { + /* if found, call this handler */ + if (handler->ex_type == extension_type) { + rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, + &extension_data); + /* Ignore this result */ + /* Treat all bad extensions as unrecognized types. */ + break; + } + } } return SECSuccess; } /* Add a callback function to the table of senders of server hello extensions. */ -SECStatus +SECStatus ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, - ssl3HelloExtensionSenderFunc cb) + ssl3HelloExtensionSenderFunc cb) { int i; ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0]; for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { if (!sender->ex_sender) { - sender->ex_type = ex_type; - sender->ex_sender = cb; - return SECSuccess; - } - /* detect duplicate senders */ - PORT_Assert(sender->ex_type != ex_type); - if (sender->ex_type == ex_type) { - /* duplicate */ - break; - } + sender->ex_type = ex_type; + sender->ex_sender = cb; + return SECSuccess; + } + /* detect duplicate senders */ + PORT_Assert(sender->ex_type != ex_type); + if (sender->ex_type == ex_type) { + /* duplicate */ + break; + } } PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -1823,18 +1929,18 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, int i; if (!sender) { - sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? + sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? &clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0]; } for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { - if (sender->ex_sender) { - PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); - if (extLen < 0) - return -1; - maxBytes -= extLen; - total_exten_len += extLen; - } + if (sender->ex_sender) { + PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); + if (extLen < 0) + return -1; + maxBytes -= extLen; + total_exten_len += extLen; + } } return total_exten_len; } @@ -1847,48 +1953,48 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, * Verify Data (TLS): 12 bytes (client) or 24 bytes (server) * Verify Data (SSL): 36 bytes (client) or 72 bytes (server) */ -static PRInt32 +static PRInt32 ssl3_SendRenegotiationInfoXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 len, needed; /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send - * both the SCSV and the empty RI, so when we send SCSV in + * both the SCSV and the empty RI, so when we send SCSV in * the initial handshake, we don't also send RI. */ if (!ss || ss->ssl3.hs.sendingSCSV) - return 0; - len = !ss->firstHsDone ? 0 : - (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 - : ss->ssl3.hs.finishedBytes); + return 0; + len = !ss->firstHsDone ? 0 : + (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 + : ss->ssl3.hs.finishedBytes); needed = 5 + len; if (append && maxBytes >= needed) { - SECStatus rv; - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); - if (rv != SECSuccess) return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); - if (rv != SECSuccess) return -1; - /* verify_Data from previous Finished message(s) */ - rv = ssl3_AppendHandshakeVariable(ss, - ss->ssl3.hs.finishedMsgs.data, len, 1); - if (rv != SECSuccess) return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_renegotiation_info_xtn; - } + SECStatus rv; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); + if (rv != SECSuccess) return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); + if (rv != SECSuccess) return -1; + /* verify_Data from previous Finished message(s) */ + rv = ssl3_AppendHandshakeVariable(ss, + ss->ssl3.hs.finishedMsgs.data, len, 1); + if (rv != SECSuccess) return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_renegotiation_info_xtn; + } } return needed; } static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) + SECItem *data) { SECStatus rv = SECSuccess; @@ -1897,7 +2003,7 @@ ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, PORT_Assert(ss->sec.isServer); /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_ServerSendStatusRequestXtn); + ssl3_ServerSendStatusRequestXtn); return rv; } @@ -1909,25 +2015,25 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 len = 0; if (ss->firstHsDone) { - len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes - : ss->ssl3.hs.finishedBytes * 2; + len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes + : ss->ssl3.hs.finishedBytes * 2; } if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); - return SECFailure; + data->data[0] != len || (len && + NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len))) { + /* Can we do this here? Or, must we arrange for the caller to do it? */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + return SECFailure; } /* remember that we got this extension and it was correct. */ ss->peerRequestedProtection = 1; ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; if (ss->sec.isServer) { - /* prepare to send back the appropriate response */ - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + /* prepare to send back the appropriate response */ + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + ssl3_SendRenegotiationInfoXtn); } return rv; } @@ -1940,60 +2046,60 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { - /* Client side */ + /* Client side */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + if (append && maxBytes >= 4 + ext_data_len) { + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); + if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; + } - return 4 + ext_data_len; + return 4 + ext_data_len; } /* Server side */ if (append && maxBytes >= 9) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); - if (rv != SECSuccess) return -1; - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); } return 9; @@ -2011,121 +2117,121 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECItem litem; if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { + /* Client side */ + if (!data->data || !data->len) { /* malformed */ return SECFailure; - } + } - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; + } + /* Now check that the number of ciphers listed is 1 (len = 2) */ + if (ciphers.len != 2) { + return SECFailure; + } - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } - if (!found) { - return SECFailure; - } + if (!found) { + return SECFailure; + } - /* Get the srtp_mki value */ + /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { return SECFailure; } - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } + /* We didn't offer an MKI, so this must be 0 length */ + /* XXX RFC 5764 Section 4.1.3 says: + * If the client detects a nonzero-length MKI in the server's + * response that is different than the one the client offered, + * then the client MUST abort the handshake and SHOULD send an + * invalid_parameter alert. + * + * Due to a limitation of the ssl3_HandleHelloExtensions function, + * returning SECFailure here won't abort the handshake. It will + * merely cause the use_srtp extension to be not negotiated. We + * should fix this. See NSS bug 753136. + */ + if (litem.len != 0) { + return SECFailure; + } - if (data->len != 0) { + if (data->len != 0) { /* malformed */ return SECFailure; - } + } - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; } /* Server side */ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { - /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP - * preferences have been set. */ - return SECSuccess; + /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP + * preferences have been set. */ + return SECSuccess; } if (!data->data || data->len < 5) { - /* malformed */ - return SECFailure; + /* malformed */ + return SECFailure; } /* Get the cipher list */ rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Check that the list is even length */ if (ciphers.len % 2) { - return SECFailure; + return SECFailure; } /* Walk through the offered list and pick the most preferred of our * ciphers, if any */ for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) { - for (j = 0; j + 1 < ciphers.len; j += 2) { - cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + for (j = 0; j + 1 < ciphers.len; j += 2) { + cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } } /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } if (data->len != 0) { - return SECFailure; /* Malformed */ + return SECFailure; /* Malformed */ } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ - return SECSuccess; + /* No matching ciphers */ + return SECSuccess; } /* OK, we have a valid cipher and we've selected it */ @@ -2133,7 +2239,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_SendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2149,59 +2255,59 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return SECSuccess; + return SECSuccess; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, - &data->len); + &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); - return SECFailure; + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + return SECFailure; } numAlgorithms = algorithms.len/2; /* We don't care to process excessive numbers of algorithms. */ if (numAlgorithms > 512) { - numAlgorithms = 512; + numAlgorithms = 512; } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); + PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - return SECFailure; + return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; for (i = 0; i < numAlgorithms; i++) { - unsigned char tls_hash = *(b++); - unsigned char tls_sig = *(b++); - SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); + unsigned char tls_hash = *(b++); + unsigned char tls_sig = *(b++); + SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); - if (hash == SEC_OID_UNKNOWN) { - /* We ignore formats that we don't understand. */ - continue; - } - /* tls_sig support will be checked later in - * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; - ss->ssl3.hs.numClientSigAndHash++; + if (hash == SEC_OID_UNKNOWN) { + /* We ignore formats that we don't understand. */ + continue; + } + /* tls_sig support will be checked later in + * ssl3_PickSignatureHashAlgorithm. */ + ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; + ss->ssl3.hs.numClientSigAndHash++; } if (!ss->ssl3.hs.numClientSigAndHash) { - /* We didn't understand any of the client's requested signature - * formats. We'll use the defaults. */ - PORT_Free(ss->ssl3.hs.clientSigAndHash); - ss->ssl3.hs.clientSigAndHash = NULL; + /* We didn't understand any of the client's requested signature + * formats. We'll use the defaults. */ + PORT_Free(ss->ssl3.hs.clientSigAndHash); + ss->ssl3.hs.clientSigAndHash = NULL; } return SECSuccess; @@ -2213,49 +2319,49 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) { static const unsigned char signatureAlgorithms[] = { - /* This block is the contents of our signature_algorithms extension, in - * wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, + /* This block is the contents of our signature_algorithms extension, in + * wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + tls_hash_sha256, tls_sig_rsa, + tls_hash_sha384, tls_sig_rsa, + tls_hash_sha1, tls_sig_rsa, #ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, + tls_hash_sha256, tls_sig_ecdsa, + tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha1, tls_sig_ecdsa, #endif - tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, + tls_hash_sha256, tls_sig_dsa, + tls_hash_sha1, tls_sig_dsa, }; PRInt32 extension_length; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return 0; + return 0; } extension_length = - 2 /* extension type */ + - 2 /* extension length */ + - 2 /* supported_signature_algorithms length */ + - sizeof(signatureAlgorithms); + 2 /* extension type */ + + 2 /* extension length */ + + 2 /* supported_signature_algorithms length */ + + sizeof(signatureAlgorithms); if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, - sizeof(signatureAlgorithms), 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, + sizeof(signatureAlgorithms), 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; + PORT_Assert(0); + return 0; } return extension_length; @@ -2268,18 +2374,18 @@ unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) { unsigned int recordLength = 1 /* handshake message type */ + - 3 /* handshake message length */ + - clientHelloLength; + 3 /* handshake message length */ + + clientHelloLength; unsigned int extensionLength; if (recordLength < 256 || recordLength >= 512) { - return 0; + return 0; } extensionLength = 512 - recordLength; /* Extensions take at least four bytes to encode. */ if (extensionLength < 4) { - extensionLength = 4; + extensionLength = 4; } return extensionLength; @@ -2290,28 +2396,28 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) * that we don't trigger bugs in F5 products. */ PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, - PRUint32 maxBytes) + PRUint32 maxBytes) { unsigned int paddingLen = extensionLen - 4; static unsigned char padding[256]; if (extensionLen == 0) { - return 0; + return 0; } if (extensionLen < 4 || - extensionLen > maxBytes || - paddingLen > sizeof(padding)) { - PORT_Assert(0); - return -1; + extensionLen > maxBytes || + paddingLen > sizeof(padding)) { + PORT_Assert(0); + return -1; } if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) - return -1; + return -1; if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) - return -1; + return -1; if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) - return -1; + return -1; return extensionLen; } diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index d341ff94..4d4aa10b 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -17,25 +17,25 @@ typedef PRUint16 SSL3ProtocolVersion; typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ -#define MAX_CERT_TYPES 10 -#define MAX_COMPRESSION_METHODS 10 -#define MAX_MAC_LENGTH 64 -#define MAX_PADDING_LENGTH 64 -#define MAX_KEY_LENGTH 64 -#define EXPORT_KEY_LENGTH 5 -#define SSL3_RANDOM_LENGTH 32 +#define MAX_CERT_TYPES 10 +#define MAX_COMPRESSION_METHODS 10 +#define MAX_MAC_LENGTH 64 +#define MAX_PADDING_LENGTH 64 +#define MAX_KEY_LENGTH 64 +#define EXPORT_KEY_LENGTH 5 +#define SSL3_RANDOM_LENGTH 32 -#define SSL3_RECORD_HEADER_LENGTH 5 +#define SSL3_RECORD_HEADER_LENGTH 5 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ #define DTLS_RECORD_HEADER_LENGTH 13 -#define MAX_FRAGMENT_LENGTH 16384 - +#define MAX_FRAGMENT_LENGTH 16384 + typedef enum { - content_change_cipher_spec = 20, + content_change_cipher_spec = 20, content_alert = 21, - content_handshake = 22, + content_handshake = 22, content_application_data = 23 } SSL3ContentType; @@ -77,11 +77,11 @@ typedef enum { close_notify = 0, unexpected_message = 10, bad_record_mac = 20, - decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ - record_overflow = 22, /* TLS only */ + decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ + record_overflow = 22, /* TLS only */ decompression_failure = 30, handshake_failure = 40, - no_certificate = 41, /* SSL3 only, NOT TLS */ + no_certificate = 41, /* SSL3 only, NOT TLS */ bad_certificate = 42, unsupported_certificate = 43, certificate_revoked = 44, @@ -106,7 +106,8 @@ typedef enum { certificate_unobtainable = 111, unrecognized_name = 112, bad_certificate_status_response = 113, - bad_certificate_hash_value = 114 + bad_certificate_hash_value = 114, + no_application_protocol = 120 } SSL3AlertDescription; @@ -116,44 +117,44 @@ typedef struct { } SSL3Alert; typedef enum { - hello_request = 0, - client_hello = 1, - server_hello = 2, + hello_request = 0, + client_hello = 1, + server_hello = 2, hello_verify_request = 3, - new_session_ticket = 4, - certificate = 11, + new_session_ticket = 4, + certificate = 11, server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, certificate_status = 22, - next_proto = 67 + next_proto = 67 } SSL3HandshakeType; typedef struct { PRUint8 empty; } SSL3HelloRequest; - + typedef struct { SSL3Opaque rand[SSL3_RANDOM_LENGTH]; } SSL3Random; - + typedef struct { SSL3Opaque id[32]; PRUint8 length; } SSL3SessionID; - + typedef struct { SSL3ProtocolVersion client_version; SSL3Random random; SSL3SessionID session_id; SECItem cipher_suites; - PRUint8 cm_count; + PRUint8 cm_count; SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; } SSL3ClientHello; - + typedef struct { SSL3ProtocolVersion server_version; SSL3Random random; @@ -161,29 +162,29 @@ typedef struct { ssl3CipherSuite cipher_suite; SSLCompressionMethod compression_method; } SSL3ServerHello; - + typedef struct { SECItem list; } SSL3Certificate; /* SSL3SignType moved to ssl.h */ -/* The SSL key exchange method used */ +/* The SSL key exchange method used */ typedef enum { - kea_null, - kea_rsa, + kea_null, + kea_rsa, kea_rsa_export, kea_rsa_export_1024, - kea_dh_dss, - kea_dh_dss_export, - kea_dh_rsa, + kea_dh_dss, + kea_dh_dss_export, + kea_dh_rsa, kea_dh_rsa_export, - kea_dhe_dss, - kea_dhe_dss_export, - kea_dhe_rsa, + kea_dhe_dss, + kea_dhe_dss_export, + kea_dhe_rsa, kea_dhe_rsa_export, - kea_dh_anon, - kea_dh_anon_export, + kea_dh_anon, + kea_dh_anon_export, kea_rsa_fips, kea_ecdh_ecdsa, kea_ecdhe_ecdsa, @@ -191,7 +192,7 @@ typedef enum { kea_ecdhe_rsa, kea_ecdh_anon } SSL3KeyExchangeAlgorithm; - + typedef struct { SECItem modulus; SECItem exponent; @@ -205,8 +206,8 @@ typedef struct { typedef struct { union { - SSL3ServerDHParams dh; - SSL3ServerRSAParams rsa; + SSL3ServerDHParams dh; + SSL3ServerRSAParams rsa; } u; } SSL3ServerParams; @@ -250,56 +251,56 @@ typedef struct { unsigned int len; SECOidTag hashAlg; union { - PRUint8 raw[64]; - SSL3HashesIndividually s; + PRUint8 raw[64]; + SSL3HashesIndividually s; } u; } SSL3Hashes; typedef struct { union { - SSL3Opaque anonymous; - SSL3Hashes certified; + SSL3Opaque anonymous; + SSL3Hashes certified; } u; } SSL3ServerKeyExchange; - + typedef enum { - ct_RSA_sign = 1, - ct_DSS_sign = 2, - ct_RSA_fixed_DH = 3, - ct_DSS_fixed_DH = 4, - ct_RSA_ephemeral_DH = 5, + ct_RSA_sign = 1, + ct_DSS_sign = 2, + ct_RSA_fixed_DH = 3, + ct_DSS_fixed_DH = 4, + ct_RSA_ephemeral_DH = 5, ct_DSS_ephemeral_DH = 6, - ct_ECDSA_sign = 64, - ct_RSA_fixed_ECDH = 65, - ct_ECDSA_fixed_ECDH = 66 + ct_ECDSA_sign = 64, + ct_RSA_fixed_ECDH = 65, + ct_ECDSA_fixed_ECDH = 66 } SSL3ClientCertificateType; - + typedef SECItem *SSL3DistinquishedName; typedef struct { SSL3Opaque client_version[2]; SSL3Opaque random[46]; } SSL3RSAPreMasterSecret; - + typedef SECItem SSL3EncryptedPreMasterSecret; typedef SSL3Opaque SSL3MasterSecret[48]; typedef enum { implicit, explicit } SSL3PublicValueEncoding; - + typedef struct { union { - SSL3Opaque implicit; - SECItem explicit; + SSL3Opaque implicit; + SECItem explicit; } dh_public; } SSL3ClientDiffieHellmanPublic; - + typedef struct { union { - SSL3EncryptedPreMasterSecret rsa; - SSL3ClientDiffieHellmanPublic diffie_helman; + SSL3EncryptedPreMasterSecret rsa; + SSL3ClientDiffieHellmanPublic diffie_helman; } exchange_keys; } SSL3ClientKeyExchange; @@ -312,7 +313,7 @@ typedef enum { sender_server = 0x53525652 } SSL3Sender; -typedef SSL3HashesIndividually SSL3Finished; +typedef SSL3HashesIndividually SSL3Finished; typedef struct { SSL3Opaque verify_data[12]; @@ -320,7 +321,7 @@ typedef struct { /* * TLS extension related data structures and constants. - */ + */ /* SessionTicket extension related data structures. */ @@ -339,7 +340,7 @@ typedef enum { typedef struct { ClientAuthenticationType client_auth_type; union { - SSL3Opaque *certificate_list; + SSL3Opaque *certificate_list; } identity; } ClientIdentity; @@ -355,7 +356,7 @@ typedef struct { unsigned char *mac; } EncryptedSessionTicket; -#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 +#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 #define TLS_STE_NO_SERVER_NAME -1 diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 07b61d53..38520859 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -8,179 +8,179 @@ #define __SSL_ERR_H_ -#define SSL_ERROR_BASE (-0x3000) -#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) +#define SSL_ERROR_BASE (-0x3000) +#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) #define IS_SSL_ERROR(code) \ (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), -SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), -SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), -/* +SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), +SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), +SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), +/* * Received an alert reporting what we did wrong. (more alerts below) */ -SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), -SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), -SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), - /* error 5 is obsolete */ -SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), -SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), -SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), -SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), -SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), - /* error 10 is obsolete */ -SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), -SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), -SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), -SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), -SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), -/* +SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), +SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), +SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), + /* error 5 is obsolete */ +SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), +SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), +SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), +SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), +SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), + /* error 10 is obsolete */ +SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), +SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), +SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), +SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), +SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), +/* * Received an alert reporting what we did wrong. * (two more alerts above, and many more below) */ -SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), +SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17), -SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), -SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), +SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), +SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), -SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), -SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), -SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), -SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), -SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), -SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), -SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), -/* +SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), +SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), +SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), +SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), +SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), +SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), +SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), +/* * Received a malformed (too long or short) SSL handshake. */ -SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), -SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), -SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), -SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), -SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), -SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), -SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), -SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), -SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), -SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), -/* +SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), +SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), +SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), +SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), +SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), +SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), +SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), +SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), +SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), +SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), +/* * Received a malformed (too long or short) SSL record. */ -SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), -SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), -SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), -SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), +SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), +SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), +SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), +SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), /* * Received an SSL handshake that was inappropriate for the state we're in. * E.g. Server received message from server, or wrong state in state machine. */ -SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), -SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), -SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), -SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), -SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), -SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), -SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), -SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), -SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), -SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), +SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), +SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), +SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), +SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), +SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), +SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), +SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), +SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), +SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), +SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), /* * Received an SSL record that was inappropriate for the state we're in. */ -SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), -SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), -SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), -SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54), +SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), +SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), +SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), +SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54), /* * Received record/message with unknown discriminant. */ -SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), -SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), -SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), -/* +SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), +SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), +SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), +/* * Received an alert reporting what we did wrong. (more alerts above) */ -SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), -SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), -SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), -SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), -SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), -SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), -SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), +SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), +SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), +SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), +SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), +SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), +SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), +SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), -SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), -SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), -SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), -SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), -SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), +SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), +SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), +SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), +SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), +SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), -SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), -SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ -SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), +SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), +SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ +SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), -SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), -SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), -SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), -SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), -SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), -SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), -SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), -SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), -SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), -SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), -SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), -SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), -SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), -SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), -SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), -SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), +SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), +SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), +SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), +SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), +SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), +SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), +SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), +SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), +SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), +SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), +SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), +SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), +SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), +SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), +SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), +SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */ -SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), -SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), +SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), +SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), -SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), -SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), -SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), -SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), -SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), -SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), -SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), -SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), -SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), -SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), -SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), -SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), +SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), +SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), +SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), +SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), +SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), +SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), +SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), +SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), +SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), +SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), +SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), +SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), -SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), +SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), -SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), -SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), -SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), -SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), -SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), +SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), +SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), +SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), +SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), +SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109), -SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), +SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), -SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), +SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112), SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), -SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), +SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115), -SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), +SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119), -SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), -SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), +SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), +SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122), SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), @@ -189,11 +189,14 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124), SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125), -SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), -SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), +SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), +SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128), -SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ +SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129), +SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), + +SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 180b6ae7..7a283c73 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -1,5 +1,5 @@ /* - * Various and sundry protocol constants. DON'T CHANGE THESE. These values + * Various and sundry protocol constants. DON'T CHANGE THESE. These values * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. * Cipher kinds and ciphersuites are part of the public API. * @@ -11,75 +11,77 @@ #define __sslproto_h_ /* All versions less than 3_0 are treated as SSL version 2 */ -#define SSL_LIBRARY_VERSION_2 0x0002 -#define SSL_LIBRARY_VERSION_3_0 0x0300 -#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 -#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 -#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 +#define SSL_LIBRARY_VERSION_2 0x0002 +#define SSL_LIBRARY_VERSION_3_0 0x0300 +#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 +#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 +#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 /* Note: this is the internal format, not the wire format */ -#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 /* deprecated old name */ -#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 +#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 -/* The DTLS version used in the spec */ +/* The DTLS versions used in the spec */ #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) +#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) /* Header lengths of some of the messages */ -#define SSL_HL_ERROR_HBYTES 3 -#define SSL_HL_CLIENT_HELLO_HBYTES 9 -#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 -#define SSL_HL_CLIENT_FINISHED_HBYTES 1 -#define SSL_HL_SERVER_HELLO_HBYTES 11 -#define SSL_HL_SERVER_VERIFY_HBYTES 1 -#define SSL_HL_SERVER_FINISHED_HBYTES 1 -#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 -#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 +#define SSL_HL_ERROR_HBYTES 3 +#define SSL_HL_CLIENT_HELLO_HBYTES 9 +#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 +#define SSL_HL_CLIENT_FINISHED_HBYTES 1 +#define SSL_HL_SERVER_HELLO_HBYTES 11 +#define SSL_HL_SERVER_VERIFY_HBYTES 1 +#define SSL_HL_SERVER_FINISHED_HBYTES 1 +#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 +#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 /* Security handshake protocol codes */ -#define SSL_MT_ERROR 0 -#define SSL_MT_CLIENT_HELLO 1 -#define SSL_MT_CLIENT_MASTER_KEY 2 -#define SSL_MT_CLIENT_FINISHED 3 -#define SSL_MT_SERVER_HELLO 4 -#define SSL_MT_SERVER_VERIFY 5 -#define SSL_MT_SERVER_FINISHED 6 -#define SSL_MT_REQUEST_CERTIFICATE 7 -#define SSL_MT_CLIENT_CERTIFICATE 8 +#define SSL_MT_ERROR 0 +#define SSL_MT_CLIENT_HELLO 1 +#define SSL_MT_CLIENT_MASTER_KEY 2 +#define SSL_MT_CLIENT_FINISHED 3 +#define SSL_MT_SERVER_HELLO 4 +#define SSL_MT_SERVER_VERIFY 5 +#define SSL_MT_SERVER_FINISHED 6 +#define SSL_MT_REQUEST_CERTIFICATE 7 +#define SSL_MT_CLIENT_CERTIFICATE 8 /* Certificate types */ -#define SSL_CT_X509_CERTIFICATE 0x01 +#define SSL_CT_X509_CERTIFICATE 0x01 #if 0 /* XXX Not implemented yet */ -#define SSL_PKCS6_CERTIFICATE 0x02 +#define SSL_PKCS6_CERTIFICATE 0x02 #endif -#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 +#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 /* Error codes */ -#define SSL_PE_NO_CYPHERS 0x0001 -#define SSL_PE_NO_CERTIFICATE 0x0002 -#define SSL_PE_BAD_CERTIFICATE 0x0004 -#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 +#define SSL_PE_NO_CYPHERS 0x0001 +#define SSL_PE_NO_CERTIFICATE 0x0002 +#define SSL_PE_BAD_CERTIFICATE 0x0004 +#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 /* Cypher kinds (not the spec version!) */ -#define SSL_CK_RC4_128_WITH_MD5 0x01 -#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 -#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 -#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 -#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 -#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 -#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 +#define SSL_CK_RC4_128_WITH_MD5 0x01 +#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 +#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 +#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 +#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 +#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 +#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 -/* Cipher enables. These are used only for SSL_EnableCipher - * These values define the SSL2 suites, and do not colide with the +/* Cipher enables. These are used only for SSL_EnableCipher + * These values define the SSL2 suites, and do not colide with the * SSL3 Cipher suites defined below. */ -#define SSL_EN_RC4_128_WITH_MD5 0xFF01 -#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 -#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 -#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 -#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 -#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 -#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 +#define SSL_EN_RC4_128_WITH_MD5 0xFF01 +#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 +#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 +#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 +#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 +#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 +#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES @@ -117,66 +119,66 @@ #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA #endif -#define TLS_NULL_WITH_NULL_NULL 0x0000 +#define TLS_NULL_WITH_NULL_NULL 0x0000 -#define TLS_RSA_WITH_NULL_MD5 0x0001 -#define TLS_RSA_WITH_NULL_SHA 0x0002 -#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 -#define TLS_RSA_WITH_RC4_128_MD5 0x0004 -#define TLS_RSA_WITH_RC4_128_SHA 0x0005 -#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 -#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 -#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 -#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a +#define TLS_RSA_WITH_NULL_MD5 0x0001 +#define TLS_RSA_WITH_NULL_SHA 0x0002 +#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 +#define TLS_RSA_WITH_RC4_128_MD5 0x0004 +#define TLS_RSA_WITH_RC4_128_SHA 0x0005 +#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 +#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 +#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 +#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a -#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b -#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d -#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e -#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 +#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b +#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d +#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e +#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 -#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 -#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 -#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 -#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 +#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 +#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 +#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 -#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 -#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 -#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 -#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a -#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b +#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 +#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 +#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 +#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a +#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b -#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ -#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 -#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 +#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 -#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 -#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A -#define TLS_RSA_WITH_NULL_SHA256 0x003B -#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C -#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 +#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A +#define TLS_RSA_WITH_NULL_SHA256 0x003B +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D -#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 -#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 -#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 -#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 -#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 -#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 +#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 +#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 +#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 +#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 @@ -187,14 +189,14 @@ #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B -#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 -#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 -#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 -#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 -#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 -#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 +#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 +#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 +#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 +#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 -#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 +#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E @@ -204,7 +206,7 @@ * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending * back an empty Renegotiation Info (RI) server hello extension. */ -#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF +#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF /* Cipher Suite Values starting with 0xC000 are defined in informational * RFCs. @@ -248,18 +250,18 @@ #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /* Netscape "experimental" cipher suites. */ -#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 -#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 +#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 +#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 /* New non-experimental openly spec'ed versions of those cipher suites. */ -#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff -#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe +#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff +#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe /* DTLS-SRTP cipher suites from RFC 5764 */ /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ -#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 -#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 -#define SRTP_NULL_HMAC_SHA1_80 0x0005 -#define SRTP_NULL_HMAC_SHA1_32 0x0006 +#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 +#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 +#define SRTP_NULL_HMAC_SHA1_80 0x0005 +#define SRTP_NULL_HMAC_SHA1_32 0x0006 #endif /* __sslproto_h_ */ diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 5144bc18..ee357b63 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -1,5 +1,5 @@ /* - * vtables (and methods that call through them) for the 4 types of + * vtables (and methods that call through them) for the 4 types of * SSLSockets supported. Only one type is still supported. * Various other functions. * @@ -21,7 +21,7 @@ #define SET_ERROR_CODE /* reminder */ -static const sslSocketOps ssl_default_ops = { /* No SSL. */ +static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefConnect, NULL, ssl_DefBind, @@ -36,7 +36,7 @@ static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefGetsockname }; -static const sslSocketOps ssl_secure_ops = { /* SSL. */ +static const sslSocketOps ssl_secure_ops = { /* SSL. */ ssl_SecureConnect, NULL, ssl_DefBind, @@ -56,19 +56,19 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ */ static sslOptions ssl_defaults = { { siBuffer, NULL, 0 }, /* nextProtoNego */ - PR_TRUE, /* useSecurity */ - PR_FALSE, /* useSocks */ - PR_FALSE, /* requestCertificate */ - 2, /* requireCertificate */ - PR_FALSE, /* handshakeAsClient */ - PR_FALSE, /* handshakeAsServer */ - PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ - PR_FALSE, /* unusedBit9 */ - PR_FALSE, /* unusedBit10 */ - PR_FALSE, /* noCache */ - PR_FALSE, /* fdx */ - PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ - PR_TRUE, /* detectRollBack */ + PR_TRUE, /* useSecurity */ + PR_FALSE, /* useSocks */ + PR_FALSE, /* requestCertificate */ + 2, /* requireCertificate */ + PR_FALSE, /* handshakeAsClient */ + PR_FALSE, /* handshakeAsServer */ + PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ + PR_FALSE, /* unusedBit9 */ + PR_FALSE, /* unusedBit10 */ + PR_FALSE, /* noCache */ + PR_FALSE, /* fdx */ + PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ + PR_TRUE, /* detectRollBack */ PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ @@ -107,9 +107,9 @@ sslSessionIDUncacheFunc ssl_sid_uncache; static PRBool ssl_inited = PR_FALSE; static PRDescIdentity ssl_layer_id; -PRBool locksEverDisabled; /* implicitly PR_FALSE */ -PRBool ssl_force_locks; /* implicitly PR_FALSE */ -int ssl_lock_readers = 1; /* default true. */ +PRBool locksEverDisabled; /* implicitly PR_FALSE */ +PRBool ssl_force_locks; /* implicitly PR_FALSE */ +int ssl_lock_readers = 1; /* default true. */ char ssl_debug; char ssl_trace; FILE * ssl_trace_iob; @@ -128,7 +128,7 @@ static const PRUint16 srtpCiphers[] = { static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); static SECStatus ssl_MakeLocks(sslSocket *ss); static void ssl_SetDefaultsFromEnvironment(void); -static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, +static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id); /************************************************************************/ @@ -149,8 +149,8 @@ ssl_GetPrivate(PRFileDesc *fd) if (fd->methods->file_type != PR_DESC_LAYERED || fd->identity != ssl_layer_id) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)fd->secret; @@ -163,9 +163,9 @@ ssl_GetPrivate(PRFileDesc *fd) return ss; } -/* This function tries to find the SSL layer in the stack. +/* This function tries to find the SSL layer in the stack. * It searches for the first SSL layer at or below the argument fd, - * and failing that, it searches for the nearest SSL layer above the + * and failing that, it searches for the nearest SSL layer above the * argument fd. It returns the private sslSocket from the found layer. */ sslSocket * @@ -179,8 +179,8 @@ ssl_FindSocket(PRFileDesc *fd) layer = PR_GetIdentitiesLayer(fd, ssl_layer_id); if (layer == NULL) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)layer->secret; @@ -201,94 +201,94 @@ ssl_DupSocket(sslSocket *os) ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); if (ss) { - ss->opt = os->opt; - ss->opt.useSocks = PR_FALSE; - ss->vrange = os->vrange; + ss->opt = os->opt; + ss->opt.useSocks = PR_FALSE; + ss->vrange = os->vrange; - ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); - ss->url = !os->url ? NULL : PORT_Strdup(os->url); + ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); + ss->url = !os->url ? NULL : PORT_Strdup(os->url); - ss->ops = os->ops; - ss->rTimeout = os->rTimeout; - ss->wTimeout = os->wTimeout; - ss->cTimeout = os->cTimeout; - ss->dbHandle = os->dbHandle; + ss->ops = os->ops; + ss->rTimeout = os->rTimeout; + ss->wTimeout = os->wTimeout; + ss->cTimeout = os->cTimeout; + ss->dbHandle = os->dbHandle; - /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ - ss->allowedByPolicy = os->allowedByPolicy; - ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; - ss->chosenPreference = os->chosenPreference; - PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); - PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, - sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); - ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; + /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ + ss->allowedByPolicy = os->allowedByPolicy; + ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; + ss->chosenPreference = os->chosenPreference; + PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); + PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, + sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); + ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; - if (os->cipherSpecs) { - ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); - if (ss->cipherSpecs) - PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, - os->sizeCipherSpecs); - ss->sizeCipherSpecs = os->sizeCipherSpecs; - ss->preferredCipher = os->preferredCipher; - } else { - ss->cipherSpecs = NULL; /* produced lazily */ - ss->sizeCipherSpecs = 0; - ss->preferredCipher = NULL; - } - if (ss->opt.useSecurity) { - /* This int should be SSLKEAType, but CC on Irix complains, - * during the for loop. - */ - int i; - sslServerCerts * oc = os->serverCerts; - sslServerCerts * sc = ss->serverCerts; - - for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { - if (oc->serverCert && oc->serverCertChain) { - sc->serverCert = CERT_DupCertificate(oc->serverCert); - sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); - if (!sc->serverCertChain) - goto loser; - } else { - sc->serverCert = NULL; - sc->serverCertChain = NULL; - } - sc->serverKeyPair = oc->serverKeyPair ? - ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; - if (oc->serverKeyPair && !sc->serverKeyPair) - goto loser; - sc->serverKeyBits = oc->serverKeyBits; - ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : - SECITEM_DupArray(NULL, os->certStatusArray[i]); - } - ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : - ssl3_GetKeyPairRef(os->stepDownKeyPair); - ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : - ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + if (os->cipherSpecs) { + ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); + if (ss->cipherSpecs) + PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, + os->sizeCipherSpecs); + ss->sizeCipherSpecs = os->sizeCipherSpecs; + ss->preferredCipher = os->preferredCipher; + } else { + ss->cipherSpecs = NULL; /* produced lazily */ + ss->sizeCipherSpecs = 0; + ss->preferredCipher = NULL; + } + if (ss->opt.useSecurity) { + /* This int should be SSLKEAType, but CC on Irix complains, + * during the for loop. + */ + int i; + sslServerCerts * oc = os->serverCerts; + sslServerCerts * sc = ss->serverCerts; + + for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { + if (oc->serverCert && oc->serverCertChain) { + sc->serverCert = CERT_DupCertificate(oc->serverCert); + sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); + if (!sc->serverCertChain) + goto loser; + } else { + sc->serverCert = NULL; + sc->serverCertChain = NULL; + } + sc->serverKeyPair = oc->serverKeyPair ? + ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; + if (oc->serverKeyPair && !sc->serverKeyPair) + goto loser; + sc->serverKeyBits = oc->serverKeyBits; + ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : + SECITEM_DupArray(NULL, os->certStatusArray[i]); + } + ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : + ssl3_GetKeyPairRef(os->stepDownKeyPair); + ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : + ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); /* * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. * XXX We should detect this, and not just march on with NULL pointers. */ - ss->authCertificate = os->authCertificate; - ss->authCertificateArg = os->authCertificateArg; - ss->getClientAuthData = os->getClientAuthData; - ss->getClientAuthDataArg = os->getClientAuthDataArg; + ss->authCertificate = os->authCertificate; + ss->authCertificateArg = os->authCertificateArg; + ss->getClientAuthData = os->getClientAuthData; + ss->getClientAuthDataArg = os->getClientAuthDataArg; ss->sniSocketConfig = os->sniSocketConfig; ss->sniSocketConfigArg = os->sniSocketConfigArg; - ss->handleBadCert = os->handleBadCert; - ss->badCertArg = os->badCertArg; - ss->handshakeCallback = os->handshakeCallback; - ss->handshakeCallbackData = os->handshakeCallbackData; - ss->canFalseStartCallback = os->canFalseStartCallback; - ss->canFalseStartCallbackData = os->canFalseStartCallbackData; - ss->pkcs11PinArg = os->pkcs11PinArg; - - /* Create security data */ - rv = ssl_CopySecurityInfo(ss, os); - if (rv != SECSuccess) { - goto loser; - } - } + ss->handleBadCert = os->handleBadCert; + ss->badCertArg = os->badCertArg; + ss->handshakeCallback = os->handshakeCallback; + ss->handshakeCallbackData = os->handshakeCallbackData; + ss->canFalseStartCallback = os->canFalseStartCallback; + ss->canFalseStartCallbackData = os->canFalseStartCallbackData; + ss->pkcs11PinArg = os->pkcs11PinArg; + + /* Create security data */ + rv = ssl_CopySecurityInfo(ss, os); + if (rv != SECSuccess) { + goto loser; + } + } } return ss; @@ -302,33 +302,33 @@ ssl_DestroyLocks(sslSocket *ss) { /* Destroy locks. */ if (ss->firstHandshakeLock) { - PZ_DestroyMonitor(ss->firstHandshakeLock); - ss->firstHandshakeLock = NULL; + PZ_DestroyMonitor(ss->firstHandshakeLock); + ss->firstHandshakeLock = NULL; } if (ss->ssl3HandshakeLock) { - PZ_DestroyMonitor(ss->ssl3HandshakeLock); - ss->ssl3HandshakeLock = NULL; + PZ_DestroyMonitor(ss->ssl3HandshakeLock); + ss->ssl3HandshakeLock = NULL; } if (ss->specLock) { - NSSRWLock_Destroy(ss->specLock); - ss->specLock = NULL; + NSSRWLock_Destroy(ss->specLock); + ss->specLock = NULL; } if (ss->recvLock) { - PZ_DestroyLock(ss->recvLock); - ss->recvLock = NULL; + PZ_DestroyLock(ss->recvLock); + ss->recvLock = NULL; } if (ss->sendLock) { - PZ_DestroyLock(ss->sendLock); - ss->sendLock = NULL; + PZ_DestroyLock(ss->sendLock); + ss->sendLock = NULL; } if (ss->xmitBufLock) { - PZ_DestroyMonitor(ss->xmitBufLock); - ss->xmitBufLock = NULL; + PZ_DestroyMonitor(ss->xmitBufLock); + ss->xmitBufLock = NULL; } if (ss->recvBufLock) { - PZ_DestroyMonitor(ss->recvBufLock); - ss->recvBufLock = NULL; + PZ_DestroyMonitor(ss->recvBufLock); + ss->recvBufLock = NULL; } } @@ -351,36 +351,36 @@ ssl_DestroySocketContents(sslSocket *ss) ssl_DestroyGather(&ss->gs); if (ss->peerID != NULL) - PORT_Free(ss->peerID); + PORT_Free(ss->peerID); if (ss->url != NULL) - PORT_Free((void *)ss->url); /* CONST */ + PORT_Free((void *)ss->url); /* CONST */ if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; } /* Clean up server configuration */ for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - if (sc->serverCert != NULL) - CERT_DestroyCertificate(sc->serverCert); - if (sc->serverCertChain != NULL) - CERT_DestroyCertificateList(sc->serverCertChain); - if (sc->serverKeyPair != NULL) - ssl3_FreeKeyPair(sc->serverKeyPair); - if (ss->certStatusArray[i] != NULL) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } + sslServerCerts * sc = ss->serverCerts + i; + if (sc->serverCert != NULL) + CERT_DestroyCertificate(sc->serverCert); + if (sc->serverCertChain != NULL) + CERT_DestroyCertificateList(sc->serverCertChain); + if (sc->serverKeyPair != NULL) + ssl3_FreeKeyPair(sc->serverKeyPair); + if (ss->certStatusArray[i] != NULL) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } } if (ss->stepDownKeyPair) { - ssl3_FreeKeyPair(ss->stepDownKeyPair); - ss->stepDownKeyPair = NULL; + ssl3_FreeKeyPair(ss->stepDownKeyPair); + ss->stepDownKeyPair = NULL; } if (ss->ephemeralECDHKeyPair) { - ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); - ss->ephemeralECDHKeyPair = NULL; + ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); + ss->ephemeralECDHKeyPair = NULL; } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); PORT_Assert(!ss->xtnData.sniNameArr); @@ -428,7 +428,7 @@ ssl_FreeSocket(sslSocket *ss) } /************************************************************************/ -SECStatus +SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled) { PRFileDesc * osfd = ss->fd->lower; @@ -506,26 +506,26 @@ static void ssl_EnableTLS(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; - vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; + vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled version to include TLS 1.0 */ - vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); + /* Expand the range of enabled version to include TLS 1.0 */ + vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); } else { - /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ - if (vrange->min == SSL_LIBRARY_VERSION_3_0) { - vrange->max = SSL_LIBRARY_VERSION_3_0; - } else { - /* Only TLS was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ + if (vrange->min == SSL_LIBRARY_VERSION_3_0) { + vrange->max = SSL_LIBRARY_VERSION_3_0; + } else { + /* Only TLS was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -536,28 +536,28 @@ static void ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_3_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_3_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled versions to include SSL 3.0. We know - * SSL 3.0 or some version of TLS is already enabled at this point, so - * we don't need to change vrange->max. - */ - vrange->min = SSL_LIBRARY_VERSION_3_0; + /* Expand the range of enabled versions to include SSL 3.0. We know + * SSL 3.0 or some version of TLS is already enabled at this point, so + * we don't need to change vrange->max. + */ + vrange->min = SSL_LIBRARY_VERSION_3_0; } else { - /* Disable SSL 3.0, leaving TLS unaffected. */ - if (vrange->max > SSL_LIBRARY_VERSION_3_0) { - vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - } else { - /* Only SSL 3.0 was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable SSL 3.0, leaving TLS unaffected. */ + if (vrange->max > SSL_LIBRARY_VERSION_3_0) { + vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + } else { + /* Only SSL 3.0 was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -569,8 +569,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) PRBool holdingLocks; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + return SECFailure; } holdingLocks = (!ss->opt.noLocks); @@ -579,140 +579,140 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) switch (which) { case SSL_SOCKS: - ss->opt.useSocks = PR_FALSE; - rv = PrepareSocket(ss); - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - break; + ss->opt.useSocks = PR_FALSE; + rv = PrepareSocket(ss); + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + break; case SSL_SECURITY: - ss->opt.useSecurity = on; - rv = PrepareSocket(ss); - break; + ss->opt.useSecurity = on; + rv = PrepareSocket(ss); + break; case SSL_REQUEST_CERTIFICATE: - ss->opt.requestCertificate = on; - break; + ss->opt.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ss->opt.requireCertificate = on; - break; + ss->opt.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ss->opt.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsClient = on; - break; + if ( ss->opt.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ss->opt.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsServer = on; - break; + if ( ss->opt.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableTLS(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableTLS(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL3: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableSSL3(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableSSL3(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL2: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.enableSSL2 = on; - if (on) { - ss->opt.v2CompatibleHello = on; - } - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.enableSSL2 = on; + if (on) { + ss->opt.v2CompatibleHello = on; + } + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_NO_CACHE: - ss->opt.noCache = on; - break; + ss->opt.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ss->opt.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - ss->opt.fdx = on; - break; + if (on && ss->opt.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + ss->opt.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.v2CompatibleHello = on; - if (!on) { - ss->opt.enableSSL2 = on; - } - break; - - case SSL_ROLLBACK_DETECTION: - ss->opt.detectRollBack = on; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.v2CompatibleHello = on; + if (!on) { + ss->opt.enableSSL2 = on; + } break; - case SSL_NO_STEP_DOWN: - ss->opt.noStepDown = on; - if (on) - SSL_DisableExportCipherSuites(fd); - break; + case SSL_ROLLBACK_DETECTION: + ss->opt.detectRollBack = on; + break; + + case SSL_NO_STEP_DOWN: + ss->opt.noStepDown = on; + if (on) + SSL_DisableExportCipherSuites(fd); + break; case SSL_BYPASS_PKCS11: - if (ss->handshakeBegun) { - PORT_SetError(PR_INVALID_STATE_ERROR); - rv = SECFailure; - } else { + if (ss->handshakeBegun) { + PORT_SetError(PR_INVALID_STATE_ERROR); + rv = SECFailure; + } else { if (PR_FALSE != on) { if (PR_SUCCESS == SSL_BypassSetup() ) { #ifdef NO_PKCS11_BYPASS @@ -726,67 +726,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) } else { ss->opt.bypassPKCS11 = PR_FALSE; } - } - break; + } + break; case SSL_NO_LOCKS: - if (on && ss->opt.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ss->opt.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } else if (!holdingLocks) { - rv = ssl_MakeLocks(ss); - if (rv != SECSuccess) { - ss->opt.noLocks = PR_TRUE; - } - } - break; + if (on && ss->opt.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ss->opt.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } else if (!holdingLocks) { + rv = ssl_MakeLocks(ss); + if (rv != SECSuccess) { + ss->opt.noLocks = PR_TRUE; + } + } + break; case SSL_ENABLE_SESSION_TICKETS: - ss->opt.enableSessionTickets = on; - break; + ss->opt.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ss->opt.enableDeflate = on; - break; + ss->opt.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ss->opt.enableRenegotiation = on; - break; + ss->opt.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ss->opt.requireSafeNegotiation = on; - break; + ss->opt.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ss->opt.enableFalseStart = on; - break; + ss->opt.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ss->opt.cbcRandomIV = on; - break; + ss->opt.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ss->opt.enableOCSPStapling = on; break; case SSL_ENABLE_NPN: - ss->opt.enableNPN = on; - break; + ss->opt.enableNPN = on; + break; case SSL_ENABLE_ALPN: - ss->opt.enableALPN = on; - break; + ss->opt.enableALPN = on; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } /* We can't use the macros for releasing the locks here, @@ -795,8 +795,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) * regardless of the current value of ss->opt.noLocks. */ if (holdingLocks) { - PZ_ExitMonitor((ss)->ssl3HandshakeLock); - PZ_ExitMonitor((ss)->firstHandshakeLock); + PZ_ExitMonitor((ss)->ssl3HandshakeLock); + PZ_ExitMonitor((ss)->firstHandshakeLock); } return rv; @@ -810,13 +810,13 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - *pOn = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + *pOn = PR_FALSE; + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -830,11 +830,11 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; - break; + on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break; case SSL_NO_CACHE: on = ss->opt.noCache; break; case SSL_ENABLE_FDX: on = ss->opt.fdx; break; @@ -844,12 +844,12 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break; case SSL_NO_LOCKS: on = ss->opt.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ss->opt.enableSessionTickets; - break; + on = ss->opt.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ss->opt.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: + case SSL_REQUIRE_SAFE_NEGOTIATION: on = ss->opt.requireSafeNegotiation; break; case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; @@ -858,8 +858,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } ssl_ReleaseSSL3HandshakeLock(ss); @@ -876,8 +876,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_SetDefaultsFromEnvironment(); @@ -890,13 +890,13 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; - break; + on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; - case SSL_NO_CACHE: on = ssl_defaults.noCache; break; + case SSL_NO_CACHE: on = ssl_defaults.noCache; break; case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break; case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break; @@ -904,14 +904,14 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ssl_defaults.enableSessionTickets; - break; + on = ssl_defaults.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ssl_defaults.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: - on = ssl_defaults.requireSafeNegotiation; - break; + case SSL_REQUIRE_SAFE_NEGOTIATION: + on = ssl_defaults.requireSafeNegotiation; + break; case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; case SSL_ENABLE_OCSP_STAPLING: @@ -921,8 +921,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } *pOn = on; @@ -942,91 +942,91 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) SECStatus status = ssl_Init(); if (status != SECSuccess) { - return status; + return status; } ssl_SetDefaultsFromEnvironment(); switch (which) { case SSL_SOCKS: - ssl_defaults.useSocks = PR_FALSE; - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - break; + ssl_defaults.useSocks = PR_FALSE; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + break; case SSL_SECURITY: - ssl_defaults.useSecurity = on; - break; + ssl_defaults.useSecurity = on; + break; case SSL_REQUEST_CERTIFICATE: - ssl_defaults.requestCertificate = on; - break; + ssl_defaults.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ssl_defaults.requireCertificate = on; - break; + ssl_defaults.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ssl_defaults.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsClient = on; - break; + if ( ssl_defaults.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ssl_defaults.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsServer = on; - break; + if ( ssl_defaults.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: - ssl_EnableTLS(&versions_defaults_stream, on); - break; + ssl_EnableTLS(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL3: - ssl_EnableSSL3(&versions_defaults_stream, on); - break; + ssl_EnableSSL3(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL2: - ssl_defaults.enableSSL2 = on; - if (on) { - ssl_defaults.v2CompatibleHello = on; - } - break; + ssl_defaults.enableSSL2 = on; + if (on) { + ssl_defaults.v2CompatibleHello = on; + } + break; case SSL_NO_CACHE: - ssl_defaults.noCache = on; - break; + ssl_defaults.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ssl_defaults.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.fdx = on; - break; + if (on && ssl_defaults.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: - ssl_defaults.v2CompatibleHello = on; - if (!on) { - ssl_defaults.enableSSL2 = on; - } - break; + ssl_defaults.v2CompatibleHello = on; + if (!on) { + ssl_defaults.enableSSL2 = on; + } + break; - case SSL_ROLLBACK_DETECTION: - ssl_defaults.detectRollBack = on; - break; + case SSL_ROLLBACK_DETECTION: + ssl_defaults.detectRollBack = on; + break; - case SSL_NO_STEP_DOWN: - ssl_defaults.noStepDown = on; - if (on) - SSL_DisableDefaultExportCipherSuites(); - break; + case SSL_NO_STEP_DOWN: + ssl_defaults.noStepDown = on; + if (on) + SSL_DisableDefaultExportCipherSuites(); + break; case SSL_BYPASS_PKCS11: if (PR_FALSE != on) { @@ -1042,76 +1042,76 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) } else { ssl_defaults.bypassPKCS11 = PR_FALSE; } - break; + break; case SSL_NO_LOCKS: - if (on && ssl_defaults.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ssl_defaults.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } - break; + if (on && ssl_defaults.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ssl_defaults.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } + break; case SSL_ENABLE_SESSION_TICKETS: - ssl_defaults.enableSessionTickets = on; - break; + ssl_defaults.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ssl_defaults.enableDeflate = on; - break; + ssl_defaults.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ssl_defaults.enableRenegotiation = on; - break; + ssl_defaults.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ssl_defaults.requireSafeNegotiation = on; - break; + ssl_defaults.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ssl_defaults.enableFalseStart = on; - break; + ssl_defaults.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ssl_defaults.cbcRandomIV = on; - break; + ssl_defaults.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ssl_defaults.enableOCSPStapling = on; break; case SSL_ENABLE_NPN: - ssl_defaults.enableNPN = on; - break; + ssl_defaults.enableNPN = on; + break; case SSL_ENABLE_ALPN: - ssl_defaults.enableALPN = on; - break; + ssl_defaults.enableALPN = on; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; } /* function tells us if the cipher suite is one that we no longer support. */ -static PRBool +static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) { switch (suite) { case SSL_FORTEZZA_DMS_WITH_NULL_SHA: case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: - return PR_TRUE; + return PR_TRUE; default: - return PR_FALSE; + return PR_FALSE; } } @@ -1123,14 +1123,14 @@ SECStatus SSL_SetPolicy(long which, int policy) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPolicySet(which, policy); } @@ -1140,15 +1140,15 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) { - rv = SECSuccess; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_SetPolicy(which, policy); + rv = ssl2_SetPolicy(which, policy); } else { - rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); + rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); } return rv; } @@ -1159,16 +1159,16 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) SECStatus rv; if (!oPolicy) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *oPolicy = SSL_NOT_ALLOWED; - rv = SECSuccess; + *oPolicy = SSL_NOT_ALLOWED; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_GetPolicy(which, oPolicy); + rv = ssl2_GetPolicy(which, oPolicy); } else { - rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); + rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); } return rv; } @@ -1176,20 +1176,20 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) /* Part of the public NSS API. * Since this is a global (not per-socket) setting, we cannot use the * HandshakeLock to protect this. Probably want a global lock. - * These changes have no effect on any sslSockets already created. + * These changes have no effect on any sslSockets already created. */ SECStatus SSL_EnableCipher(long which, PRBool enabled) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPrefSetDefault(which, enabled); } @@ -1199,39 +1199,39 @@ SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSetDefault(which, enabled); + rv = ssl2_CipherPrefSetDefault(which, enabled); } else { - rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled) { SECStatus rv; - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGetDefault(which, enabled); + rv = ssl2_CipherPrefGetDefault(which, enabled); } else { - rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); } return rv; } @@ -1241,47 +1241,47 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSet(ss, which, enabled); + rv = ssl2_CipherPrefSet(ss, which, enabled); } else { - rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); - *enabled = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); + *enabled = PR_FALSE; + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGet(ss, which, enabled); + rv = ssl2_CipherPrefGet(ss, which, enabled); } else { - rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); } return rv; } @@ -1293,9 +1293,9 @@ NSS_SetDomesticPolicy(void) const PRUint16 *cipher; for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { - status = SSL_SetPolicy(*cipher, SSL_ALLOWED); - if (status != SECSuccess) - break; + status = SSL_SetPolicy(*cipher, SSL_ALLOWED); + if (status != SECSuccess) + break; } return status; } @@ -1321,37 +1321,37 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) sslSocket * ns = NULL; PRStatus rv; PRNetAddr addr; - SECStatus status = ssl_Init(); + SECStatus status = ssl_Init(); if (status != SECSuccess) { - return NULL; + return NULL; } if (model == NULL) { - /* Just create a default socket if we're given NULL for the model */ - ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); + /* Just create a default socket if we're given NULL for the model */ + ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); } else { - sslSocket * ss = ssl_FindSocket(model); - if (ss == NULL || ss->protocolVariant != variant) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", - SSL_GETPID(), model)); - return NULL; - } - ns = ssl_DupSocket(ss); + sslSocket * ss = ssl_FindSocket(model); + if (ss == NULL || ss->protocolVariant != variant) { + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", + SSL_GETPID(), model)); + return NULL; + } + ns = ssl_DupSocket(ss); } if (ns == NULL) - return NULL; + return NULL; rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER); if (rv != PR_SUCCESS) { - ssl_FreeSocket(ns); - SET_ERROR_CODE - return NULL; + ssl_FreeSocket(ns); + SET_ERROR_CODE + return NULL; } #if defined(DEBUG) || defined(FORCE_PR_ASSERT) { - sslSocket * ss = ssl_FindSocket(fd); - PORT_Assert(ss == ns); + sslSocket * ss = ssl_FindSocket(fd); + PORT_Assert(ss == ns); } #endif ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); @@ -1370,16 +1370,21 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) return ssl_ImportFD(model, fd, ssl_variant_datagram); } +/* SSL_SetNextProtoCallback is used to select an application protocol + * for ALPN and NPN. For ALPN, this runs on the server; for NPN it + * runs on the client. */ +/* Note: The ALPN version doesn't allow for the use of a default, setting a + * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */ SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, - void *arg) + void *arg) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), + fd)); + return SECFailure; } ssl_GetSSL3HandshakeLock(ss); @@ -1390,55 +1395,52 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, return SECSuccess; } -/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when +/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when * SSL_SetNextProtoNego is used. */ static SECStatus ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd, - const unsigned char *protos, unsigned int protos_len, - unsigned char *protoOut, unsigned int *protoOutLen, - unsigned int protoMaxLen) + const unsigned char *protos, unsigned int protos_len, + unsigned char *protoOut, unsigned int *protoOutLen, + unsigned int protoMaxLen) { unsigned int i, j; const unsigned char *result; sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", - SSL_GETPID(), fd)); - return SECFailure; - } - - if (protos_len == 0) { - /* The server supports the extension, but doesn't have any protocols - * configured. In this case we request our favoured protocol. */ - goto pick_first; + SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", + SSL_GETPID(), fd)); + return SECFailure; } /* For each protocol in server preference, see if we support it. */ for (i = 0; i < protos_len; ) { - for (j = 0; j < ss->opt.nextProtoNego.len; ) { - if (protos[i] == ss->opt.nextProtoNego.data[j] && - PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], - protos[i]) == 0) { - /* We found a match. */ - ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; - result = &protos[i]; - goto found; - } - j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; - } - i += 1 + (unsigned int)protos[i]; + for (j = 0; j < ss->opt.nextProtoNego.len; ) { + if (protos[i] == ss->opt.nextProtoNego.data[j] && + PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], + protos[i]) == 0) { + /* We found a match. */ + ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; + result = &protos[i]; + goto found; + } + j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; + } + i += 1 + (unsigned int)protos[i]; } -pick_first: + /* The other side supports the extension, and either doesn't have any + * protocols configured, or none of its options match ours. In this case we + * request our favoured protocol. */ + /* This will be treated as a failure for ALPN. */ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP; result = ss->opt.nextProtoNego.data; found: if (protoMaxLen < result[0]) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } memcpy(protoOut, result + 1, result[0]); *protoOutLen = result[0]; @@ -1447,7 +1449,7 @@ found: SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, - unsigned int length) + unsigned int length) { sslSocket *ss; SECStatus rv; @@ -1455,13 +1457,13 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", + SSL_GETPID(), fd)); + return SECFailure; } if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess) - return SECFailure; + return SECFailure; ssl_GetSSL3HandshakeLock(ss); SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); @@ -1469,87 +1471,87 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ssl_ReleaseSSL3HandshakeLock(ss); if (rv != SECSuccess) - return rv; + return rv; return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL); } SECStatus SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf, - unsigned int *bufLen, unsigned int bufLenMax) + unsigned int *bufLen, unsigned int bufLenMax) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), + fd)); + return SECFailure; } if (!state || !buf || !bufLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *state = ss->ssl3.nextProtoState; if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && - ss->ssl3.nextProto.data) { - if (ss->ssl3.nextProto.len > bufLenMax) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); - *bufLen = ss->ssl3.nextProto.len; + ss->ssl3.nextProto.data) { + if (ss->ssl3.nextProto.len > bufLenMax) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); + *bufLen = ss->ssl3.nextProto.len; } else { - *bufLen = 0; + *bufLen = 0; } return SECSuccess; } SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, - const PRUint16 *ciphers, - unsigned int numCiphers) + const PRUint16 *ciphers, + unsigned int numCiphers) { sslSocket *ss; unsigned int i; ss = ssl_FindSocket(fd); if (!ss || !IS_DTLS(ss)) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ss->ssl3.dtlsSRTPCipherCount = 0; for (i = 0; i < numCiphers; i++) { - const PRUint16 *srtpCipher = srtpCiphers; + const PRUint16 *srtpCipher = srtpCiphers; - while (*srtpCipher) { - if (ciphers[i] == *srtpCipher) - break; - srtpCipher++; - } - if (*srtpCipher) { - ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = - ciphers[i]; - } else { - SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " - "suite specified: 0x%04hx", SSL_GETPID(), fd, - ciphers[i])); - } + while (*srtpCipher) { + if (ciphers[i] == *srtpCipher) + break; + srtpCipher++; + } + if (*srtpCipher) { + ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = + ciphers[i]; + } else { + SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " + "suite specified: 0x%04hx", SSL_GETPID(), fd, + ciphers[i])); + } } if (ss->ssl3.dtlsSRTPCipherCount == 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1562,15 +1564,15 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss->ssl3.dtlsSRTPCipherSuite) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *cipher = ss->ssl3.dtlsSRTPCipherSuite; @@ -1591,7 +1593,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) } sm = ssl_FindSocket(model); if (sm == NULL) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", SSL_GETPID(), model)); return NULL; } @@ -1601,7 +1603,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - + ss->opt = sm->opt; ss->vrange = sm->vrange; PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); @@ -1630,15 +1632,15 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) sc->serverCertChain = CERT_DupCertList(mc->serverCertChain); if (!sc->serverCertChain) goto loser; - if (sm->certStatusArray[i]) { - if (ss->certStatusArray[i]) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } - ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); - if (!ss->certStatusArray[i]) - goto loser; - } + if (sm->certStatusArray[i]) { + if (ss->certStatusArray[i]) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } + ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); + if (!ss->certStatusArray[i]) + goto loser; + } } if (mc->serverKeyPair) { if (sc->serverKeyPair) { @@ -1671,7 +1673,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) goto loser; } } - + if (sm->authCertificate) ss->authCertificate = sm->authCertificate; if (sm->authCertificateArg) @@ -1701,19 +1703,19 @@ loser: PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, - SSL3ProtocolVersion version) + SSL3ProtocolVersion version) { switch (protocolVariant) { case ssl_variant_stream: - return (version >= SSL_LIBRARY_VERSION_3_0 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_3_0 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); case ssl_variant_datagram: - return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); default: - /* Can't get here */ - PORT_Assert(PR_FALSE); - return PR_FALSE; + /* Can't get here */ + PORT_Assert(PR_FALSE); + return PR_FALSE; } } @@ -1722,35 +1724,35 @@ ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, */ static PRBool ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { return vrange && - vrange->min <= vrange->max && - ssl3_VersionIsSupported(protocolVariant, vrange->min) && - ssl3_VersionIsSupported(protocolVariant, vrange->max); + vrange->min <= vrange->max && + ssl3_VersionIsSupported(protocolVariant, vrange->min) && + ssl3_VersionIsSupported(protocolVariant, vrange->max); } SECStatus SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } switch (protocolVariant) { case ssl_variant_stream: - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; case ssl_variant_datagram: - vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1758,12 +1760,12 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if ((protocolVariant != ssl_variant_stream && - protocolVariant != ssl_variant_datagram) || !vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + protocolVariant != ssl_variant_datagram) || !vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *vrange = *VERSIONS_DEFAULTS(protocolVariant); @@ -1773,11 +1775,11 @@ SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } *VERSIONS_DEFAULTS(protocolVariant) = *vrange; @@ -1791,14 +1793,14 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", + SSL_GETPID(), fd)); + return SECFailure; } if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1818,14 +1820,14 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", + SSL_GETPID(), fd)); + return SECFailure; } if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1854,7 +1856,7 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return NULL; } - + return &ss->sec.ci.sid->peerCertStatus; } @@ -1867,15 +1869,15 @@ static PRFileDesc * PR_CALLBACK ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) { sslSocket *ss; - sslSocket *ns = NULL; - PRFileDesc *newfd = NULL; + sslSocket *ns = NULL; + PRFileDesc *newfd = NULL; PRFileDesc *osfd; PRStatus status; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); - return NULL; + SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); + return NULL; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1891,46 +1893,46 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) /* First accept connection */ newfd = osfd->methods->accept(osfd, sockaddr, timeout); if (newfd == NULL) { - SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", - SSL_GETPID(), ss->fd, PORT_GetError())); + SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", + SSL_GETPID(), ss->fd, PORT_GetError())); } else { - /* Create ssl module */ - ns = ssl_DupSocket(ss); + /* Create ssl module */ + ns = ssl_DupSocket(ss); } ssl_ReleaseSSL3HandshakeLock(ss); ssl_Release1stHandshakeLock(ss); SSL_UNLOCK_WRITER(ss); - SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ + SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ if (ns == NULL) - goto loser; + goto loser; /* push ssl module onto the new socket */ status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER); if (status != PR_SUCCESS) - goto loser; + goto loser; /* Now start server connection handshake with client. ** Don't need locks here because nobody else has a reference to ns yet. */ if ( ns->opt.useSecurity ) { - if ( ns->opt.handshakeAsClient ) { - ns->handshake = ssl2_BeginClientHandshake; - ss->handshaking = sslHandshakingAsClient; - } else { - ns->handshake = ssl2_BeginServerHandshake; - ss->handshaking = sslHandshakingAsServer; - } + if ( ns->opt.handshakeAsClient ) { + ns->handshake = ssl2_BeginClientHandshake; + ss->handshaking = sslHandshakingAsClient; + } else { + ns->handshake = ssl2_BeginServerHandshake; + ss->handshaking = sslHandshakingAsServer; + } } ns->TCPconnected = 1; return newfd; loser: if (ns != NULL) - ssl_FreeSocket(ns); + ssl_FreeSocket(ns); if (newfd != NULL) - PR_Close(newfd); + PR_Close(newfd); return NULL; } @@ -1942,8 +1944,8 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); + return PR_FAILURE; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1966,8 +1968,8 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -1986,8 +1988,8 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -2006,23 +2008,23 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); + return PR_FAILURE; } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_READER(ss); + SSL_LOCK_READER(ss); } if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_WRITER(ss); + SSL_LOCK_WRITER(ss); } rv = (PRStatus)(*ss->ops->shutdown)(ss, how); if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_WRITER(ss); + SSL_UNLOCK_WRITER(ss); } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_READER(ss); + SSL_UNLOCK_READER(ss); } return rv; } @@ -2035,16 +2037,16 @@ ssl_Close(PRFileDesc *fd) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); + return PR_FAILURE; } /* There must not be any I/O going on */ SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); - /* By the time this function returns, - ** ss is an invalid pointer, and the locks to which it points have + /* By the time this function returns, + ** ss is an invalid pointer, and the locks to which it points have ** been unlocked and freed. So, this is the ONE PLACE in all of SSL ** where the LOCK calls and the corresponding UNLOCK calls are not in ** the same function scope. The unlock calls are in ssl_FreeSocket(). @@ -2056,20 +2058,20 @@ ssl_Close(PRFileDesc *fd) static int PR_CALLBACK ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = timeout; if (!ss->opt.fdx) - ss->wTimeout = timeout; + ss->wTimeout = timeout; rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags); SSL_UNLOCK_READER(ss); return rv; @@ -2077,20 +2079,20 @@ ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, static int PR_CALLBACK ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = timeout; if (!ss->opt.fdx) - ss->rTimeout = timeout; + ss->rTimeout = timeout; rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags); SSL_UNLOCK_WRITER(ss); return rv; @@ -2104,13 +2106,13 @@ ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->read)(ss, (unsigned char*)buf, len); SSL_UNLOCK_READER(ss); return rv; @@ -2124,13 +2126,13 @@ ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len); SSL_UNLOCK_WRITER(ss); return rv; @@ -2143,8 +2145,8 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getpeername)(ss, addr); } @@ -2163,18 +2165,18 @@ ssl_GetPeerInfo(sslSocket *ss) PORT_Memset(&sin, 0, sizeof(sin)); rv = osfd->methods->getpeername(osfd, &sin); if (rv < 0) { - return SECFailure; + return SECFailure; } ss->TCPconnected = 1; if (sin.inet.family == PR_AF_INET) { PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer); - ss->sec.ci.port = sin.inet.port; + ss->sec.ci.port = sin.inet.port; } else if (sin.ipv6.family == PR_AF_INET6) { - ss->sec.ci.peer = sin.ipv6.ip; - ss->sec.ci.port = sin.ipv6.port; + ss->sec.ci.peer = sin.ipv6.ip; + ss->sec.ci.port = sin.ipv6.port; } else { - PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); - return SECFailure; + PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); + return SECFailure; } return SECSuccess; } @@ -2186,29 +2188,29 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getsockname)(ss, name); } SECStatus SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, - SSLKEAType kea) + SSLKEAType kea) { sslSocket *ss; ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if ( kea <= 0 || kea >= kt_kea_size) { - SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->certStatusArray[kea]) { @@ -2216,7 +2218,7 @@ SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, ss->certStatusArray[kea] = NULL; } if (responses) { - ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); + ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); } return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure; } @@ -2228,17 +2230,17 @@ SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->peerID) { - PORT_Free(ss->peerID); - ss->peerID = NULL; + PORT_Free(ss->peerID); + ss->peerID = NULL; } if (peerID) - ss->peerID = PORT_Strdup(peerID); + ss->peerID = PORT_Strdup(peerID); return (ss->peerID || !peerID) ? SECSuccess : SECFailure; } @@ -2248,117 +2250,117 @@ static PRInt16 PR_CALLBACK ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) { sslSocket *ss; - PRInt16 new_flags = how_flags; /* should select on these flags. */ + PRInt16 new_flags = how_flags; /* should select on these flags. */ PRNetAddr addr; *p_out_flags = 0; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", - SSL_GETPID(), fd)); - return 0; /* don't poll on this socket */ + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", + SSL_GETPID(), fd)); + return 0; /* don't poll on this socket */ } - if (ss->opt.useSecurity && - ss->handshaking != sslHandshakingUndetermined && + if (ss->opt.useSecurity && + ss->handshaking != sslHandshakingUndetermined && !ss->firstHsDone && - (how_flags & PR_POLL_RW)) { - if (!ss->TCPconnected) { - ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); - } - /* If it's not connected, then presumably the application is polling - ** on read or write appropriately, so don't change it. - */ - if (ss->TCPconnected) { - if (!ss->handshakeBegun) { - /* If the handshake has not begun, poll on read or write - ** based on the local application's role in the handshake, - ** not based on what the application requested. - */ - new_flags &= ~PR_POLL_RW; - if (ss->handshaking == sslHandshakingAsClient) { - new_flags |= PR_POLL_WRITE; - } else { /* handshaking as server */ - new_flags |= PR_POLL_READ; - } - } else - /* First handshake is in progress */ - if (ss->lastWriteBlocked) { - if (new_flags & PR_POLL_READ) { - /* The caller is waiting for data to be received, - ** but the initial handshake is blocked on write, or the - ** client's first handshake record has not been written. - ** The code should select on write, not read. - */ - new_flags ^= PR_POLL_READ; /* don't select on read. */ - new_flags |= PR_POLL_WRITE; /* do select on write. */ - } - } else if (new_flags & PR_POLL_WRITE) { - /* The caller is trying to write, but the handshake is - ** blocked waiting for data to read, and the first - ** handshake has been sent. So do NOT to poll on write - ** unless we did false start. - */ - if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.canFalseStart)) { - new_flags ^= PR_POLL_WRITE; /* don't select on write. */ - } - new_flags |= PR_POLL_READ; /* do select on read. */ - } - } + (how_flags & PR_POLL_RW)) { + if (!ss->TCPconnected) { + ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); + } + /* If it's not connected, then presumably the application is polling + ** on read or write appropriately, so don't change it. + */ + if (ss->TCPconnected) { + if (!ss->handshakeBegun) { + /* If the handshake has not begun, poll on read or write + ** based on the local application's role in the handshake, + ** not based on what the application requested. + */ + new_flags &= ~PR_POLL_RW; + if (ss->handshaking == sslHandshakingAsClient) { + new_flags |= PR_POLL_WRITE; + } else { /* handshaking as server */ + new_flags |= PR_POLL_READ; + } + } else + /* First handshake is in progress */ + if (ss->lastWriteBlocked) { + if (new_flags & PR_POLL_READ) { + /* The caller is waiting for data to be received, + ** but the initial handshake is blocked on write, or the + ** client's first handshake record has not been written. + ** The code should select on write, not read. + */ + new_flags ^= PR_POLL_READ; /* don't select on read. */ + new_flags |= PR_POLL_WRITE; /* do select on write. */ + } + } else if (new_flags & PR_POLL_WRITE) { + /* The caller is trying to write, but the handshake is + ** blocked waiting for data to read, and the first + ** handshake has been sent. So do NOT to poll on write + ** unless we did false start. + */ + if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && + ss->ssl3.hs.canFalseStart)) { + new_flags ^= PR_POLL_WRITE; /* don't select on write. */ + } + new_flags |= PR_POLL_READ; /* do select on read. */ + } + } } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { - *p_out_flags = PR_POLL_READ; /* it's ready already. */ - return new_flags; + *p_out_flags = PR_POLL_READ; /* it's ready already. */ + return new_flags; } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) && - (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ - new_flags |= PR_POLL_WRITE; /* also select on write. */ + (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ + new_flags |= PR_POLL_WRITE; /* also select on write. */ } if (ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.restartTarget != NULL) { - /* Read and write will block until the asynchronous callback completes - * (e.g. until SSL_AuthCertificateComplete is called), so don't tell - * the caller to poll the socket unless there is pending write data. - */ - if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { - /* Ignore any newly-received data on the socket, but do wait for - * the socket to become writable again. Here, it is OK for an error - * to be detected, because our logic for sending pending write data - * will allow us to report the error to the caller without the risk - * of the application spinning. - */ - new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); - } else { - /* Unfortunately, clearing new_flags will make it impossible for - * the application to detect errors that it would otherwise be - * able to detect with PR_POLL_EXCEPT, until the asynchronous - * callback completes. However, we must clear all the flags to - * prevent the application from spinning (alternating between - * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv - * which won't actually report the I/O error while we are waiting - * for the asynchronous callback to complete). - */ - new_flags = 0; - } + ss->ssl3.hs.restartTarget != NULL) { + /* Read and write will block until the asynchronous callback completes + * (e.g. until SSL_AuthCertificateComplete is called), so don't tell + * the caller to poll the socket unless there is pending write data. + */ + if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { + /* Ignore any newly-received data on the socket, but do wait for + * the socket to become writable again. Here, it is OK for an error + * to be detected, because our logic for sending pending write data + * will allow us to report the error to the caller without the risk + * of the application spinning. + */ + new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); + } else { + /* Unfortunately, clearing new_flags will make it impossible for + * the application to detect errors that it would otherwise be + * able to detect with PR_POLL_EXCEPT, until the asynchronous + * callback completes. However, we must clear all the flags to + * prevent the application from spinning (alternating between + * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv + * which won't actually report the I/O error while we are waiting + * for the asynchronous callback to complete). + */ + new_flags = 0; + } } if (new_flags && (fd->lower->methods->poll != NULL)) { - PRInt16 lower_out_flags = 0; - PRInt16 lower_new_flags; - lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, - &lower_out_flags); - if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { - PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; - if (lower_out_flags & PR_POLL_READ) - out_flags |= PR_POLL_WRITE; - if (lower_out_flags & PR_POLL_WRITE) - out_flags |= PR_POLL_READ; - *p_out_flags = out_flags; - new_flags = how_flags; - } else { - *p_out_flags = lower_out_flags; - new_flags = lower_new_flags; - } + PRInt16 lower_out_flags = 0; + PRInt16 lower_new_flags; + lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, + &lower_out_flags); + if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { + PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; + if (lower_out_flags & PR_POLL_READ) + out_flags |= PR_POLL_WRITE; + if (lower_out_flags & PR_POLL_WRITE) + out_flags |= PR_POLL_READ; + *p_out_flags = out_flags; + new_flags = how_flags; + } else { + *p_out_flags = lower_out_flags; + new_flags = lower_new_flags; + } } return new_flags; @@ -2366,8 +2368,8 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) static PRInt32 PR_CALLBACK ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd, - const void *headers, PRInt32 hlen, - PRTransmitFileFlags flags, PRIntervalTime timeout) + const void *headers, PRInt32 hlen, + PRTransmitFileFlags flags, PRIntervalTime timeout) { PRSendFileData sfd; @@ -2393,7 +2395,7 @@ ssl_FdIsBlocking(PRFileDesc *fd) opt.value.non_blocking = PR_FALSE; status = PR_GetSocketOption(fd, &opt); if (status != PR_SUCCESS) - return PR_FALSE; + return PR_FALSE; return (PRBool)!opt.value.non_blocking; } @@ -2407,7 +2409,7 @@ PRInt32 sslFirstBufSize = 8 * 1024; PRInt32 sslCopyLimit = 1024; static PRInt32 PR_CALLBACK -ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, +ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, PRIntervalTime timeout) { PRInt32 i; @@ -2418,22 +2420,22 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, const PRInt32 first_len = sslFirstBufSize; const PRInt32 limit = sslCopyLimit; PRBool blocking; - PRIOVec myIov = { 0, 0 }; + PRIOVec myIov = { 0, 0 }; char buf[MAX_FRAGMENT_LENGTH]; if (vectors < 0) { - PORT_SetError(PR_INVALID_ARGUMENT_ERROR); - return -1; + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; } if (vectors > PR_MAX_IOVECTOR_SIZE) { - PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); - return -1; + PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); + return -1; } for (i = 0; i < vectors; i++) { - if (iov[i].iov_len < 0) { - PORT_SetError(PR_INVALID_ARGUMENT_ERROR); - return -1; - } + if (iov[i].iov_len < 0) { + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; + } } blocking = ssl_FdIsBlocking(fd); @@ -2442,105 +2444,105 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0) #define HANDLE_ERR(rv, len) \ if (rv != len) { \ - if (rv < 0) { \ - if (!blocking \ - && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ - && (sent > 0)) { \ - return sent; \ - } else { \ - return -1; \ - } \ - } \ - /* Only a nonblocking socket can have partial sends */ \ - PR_ASSERT(!blocking); \ - return sent + rv; \ - } + if (rv < 0) { \ + if (!blocking \ + && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ + && (sent > 0)) { \ + return sent; \ + } else { \ + return -1; \ + } \ + } \ + /* Only a nonblocking socket can have partial sends */ \ + PR_ASSERT(!blocking); \ + return sent + rv; \ + } #define SEND(bfr, len) \ do { \ - rv = ssl_Send(fd, bfr, len, 0, timeout); \ - HANDLE_ERR(rv, len) \ - sent += len; \ + rv = ssl_Send(fd, bfr, len, 0, timeout); \ + HANDLE_ERR(rv, len) \ + sent += len; \ } while (0) /* Make sure the first write is at least 8 KB, if possible. */ KILL_VECTORS if (!vectors) - return ssl_Send(fd, 0, 0, 0, timeout); + return ssl_Send(fd, 0, 0, 0, timeout); GET_VECTOR; if (!vectors) { - return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); + return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); } if (myIov.iov_len < first_len) { - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - left = first_len - bufLen; - while (vectors && left) { - int toCopy; - GET_VECTOR; - toCopy = PR_MIN(left, myIov.iov_len); - PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); - bufLen += toCopy; - left -= toCopy; - myIov.iov_base += toCopy; - myIov.iov_len -= toCopy; - } - SEND( buf, bufLen ); + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + left = first_len - bufLen; + while (vectors && left) { + int toCopy; + GET_VECTOR; + toCopy = PR_MIN(left, myIov.iov_len); + PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); + bufLen += toCopy; + left -= toCopy; + myIov.iov_base += toCopy; + myIov.iov_len -= toCopy; + } + SEND( buf, bufLen ); } while (vectors || myIov.iov_len) { - PRInt32 addLen; - if (!myIov.iov_len) { - GET_VECTOR; - } - while (myIov.iov_len >= K16) { - SEND(myIov.iov_base, K16); - myIov.iov_base += K16; - myIov.iov_len -= K16; - } - if (!myIov.iov_len) - continue; + PRInt32 addLen; + if (!myIov.iov_len) { + GET_VECTOR; + } + while (myIov.iov_len >= K16) { + SEND(myIov.iov_base, K16); + myIov.iov_base += K16; + myIov.iov_len -= K16; + } + if (!myIov.iov_len) + continue; - if (!vectors || myIov.iov_len > limit) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { - addLen = limit - myIov.iov_len; - } else - addLen = 0; + if (!vectors || myIov.iov_len > limit) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { + addLen = limit - myIov.iov_len; + } else + addLen = 0; - if (!addLen) { - SEND( myIov.iov_base, myIov.iov_len ); - myIov.iov_len = 0; - continue; - } - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - do { - GET_VECTOR; - PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); - myIov.iov_base += addLen; - myIov.iov_len -= addLen; - bufLen += addLen; + if (!addLen) { + SEND( myIov.iov_base, myIov.iov_len ); + myIov.iov_len = 0; + continue; + } + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + do { + GET_VECTOR; + PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); + myIov.iov_base += addLen; + myIov.iov_len -= addLen; + bufLen += addLen; - left = PR_MIN( limit, K16 - bufLen); - if (!vectors /* no more left */ - || myIov.iov_len > 0 /* we didn't use that one all up */ - || bufLen >= K16 /* it's full. */ - ) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) <= left) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen <= left + limit) { - addLen = left; - } else - addLen = 0; + left = PR_MIN( limit, K16 - bufLen); + if (!vectors /* no more left */ + || myIov.iov_len > 0 /* we didn't use that one all up */ + || bufLen >= K16 /* it's full. */ + ) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) <= left) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen <= left + limit) { + addLen = left; + } else + addLen = 0; - } while (addLen); - SEND( buf, bufLen ); - } + } while (addLen); + SEND( buf, bufLen ); + } return sent; } @@ -2610,7 +2612,7 @@ ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info) static PRInt32 PR_CALLBACK ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, - PRNetAddr *addr, PRIntervalTime timeout) + PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2619,7 +2621,7 @@ ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, static PRInt32 PR_CALLBACK ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, - const PRNetAddr *addr, PRIntervalTime timeout) + const PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2628,41 +2630,41 @@ ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, static const PRIOMethods ssl_methods = { PR_DESC_LAYERED, - ssl_Close, /* close */ - ssl_Read, /* read */ - ssl_Write, /* write */ - ssl_Available, /* available */ - ssl_Available64, /* available64 */ - ssl_FSync, /* fsync */ - ssl_Seek, /* seek */ - ssl_Seek64, /* seek64 */ - ssl_FileInfo, /* fileInfo */ - ssl_FileInfo64, /* fileInfo64 */ - ssl_WriteV, /* writev */ - ssl_Connect, /* connect */ - ssl_Accept, /* accept */ - ssl_Bind, /* bind */ - ssl_Listen, /* listen */ - ssl_Shutdown, /* shutdown */ - ssl_Recv, /* recv */ - ssl_Send, /* send */ - ssl_RecvFrom, /* recvfrom */ - ssl_SendTo, /* sendto */ - ssl_Poll, /* poll */ + ssl_Close, /* close */ + ssl_Read, /* read */ + ssl_Write, /* write */ + ssl_Available, /* available */ + ssl_Available64, /* available64 */ + ssl_FSync, /* fsync */ + ssl_Seek, /* seek */ + ssl_Seek64, /* seek64 */ + ssl_FileInfo, /* fileInfo */ + ssl_FileInfo64, /* fileInfo64 */ + ssl_WriteV, /* writev */ + ssl_Connect, /* connect */ + ssl_Accept, /* accept */ + ssl_Bind, /* bind */ + ssl_Listen, /* listen */ + ssl_Shutdown, /* shutdown */ + ssl_Recv, /* recv */ + ssl_Send, /* send */ + ssl_RecvFrom, /* recvfrom */ + ssl_SendTo, /* sendto */ + ssl_Poll, /* poll */ PR_EmulateAcceptRead, /* acceptread */ ssl_TransmitFile, /* transmitfile */ - ssl_GetSockName, /* getsockname */ - ssl_GetPeerName, /* getpeername */ - NULL, /* getsockopt OBSOLETE */ - NULL, /* setsockopt OBSOLETE */ - NULL, /* getsocketoption */ - NULL, /* setsocketoption */ - PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL /* reserved for future use */ + ssl_GetSockName, /* getsockname */ + ssl_GetPeerName, /* getpeername */ + NULL, /* getsockopt OBSOLETE */ + NULL, /* setsockopt OBSOLETE */ + NULL, /* getsocketoption */ + NULL, /* setsocketoption */ + PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL /* reserved for future use */ }; @@ -2703,15 +2705,15 @@ ssl_SetupIOMethods(void) new_methods->transmitfile = my_methods->transmitfile; new_methods->getsockname = my_methods->getsockname; new_methods->getpeername = my_methods->getpeername; -/* new_methods->getsocketoption = my_methods->getsocketoption; */ -/* new_methods->setsocketoption = my_methods->setsocketoption; */ +/* new_methods->getsocketoption = my_methods->getsocketoption; */ +/* new_methods->setsocketoption = my_methods->setsocketoption; */ new_methods->sendfile = my_methods->sendfile; } static PRCallOnceType initIoLayerOnce; -static PRStatus +static PRStatus ssl_InitIOLayer(void) { ssl_layer_id = PR_GetUniqueIdentity("SSL"); @@ -2723,44 +2725,44 @@ ssl_InitIOLayer(void) static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id) { - PRFileDesc *layer = NULL; + PRFileDesc *layer = NULL; PRStatus status; if (!ssl_inited) { - status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); - if (status != PR_SUCCESS) - goto loser; + status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); + if (status != PR_SUCCESS) + goto loser; } if (ns == NULL) - goto loser; + goto loser; layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods); if (layer == NULL) - goto loser; + goto loser; layer->secret = (PRFilePrivate *)ns; /* Here, "stack" points to the PRFileDesc on the top of the stack. ** "layer" points to a new FD that is to be inserted into the stack. - ** If layer is being pushed onto the top of the stack, then + ** If layer is being pushed onto the top of the stack, then ** PR_PushIOLayer switches the contents of stack and layer, and then - ** puts stack on top of layer, so that after it is done, the top of - ** stack is the same "stack" as it was before, and layer is now the + ** puts stack on top of layer, so that after it is done, the top of + ** stack is the same "stack" as it was before, and layer is now the ** FD for the former top of stack. ** After this call, stack always points to the top PRFD on the stack. - ** If this function fails, the contents of stack and layer are as + ** If this function fails, the contents of stack and layer are as ** they were before the call. */ status = PR_PushIOLayer(stack, id, layer); if (status != PR_SUCCESS) - goto loser; + goto loser; ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer; return PR_SUCCESS; loser: if (layer) { - layer->dtor(layer); /* free layer */ + layer->dtor(layer); /* free layer */ } return PR_FAILURE; } @@ -2770,28 +2772,28 @@ static SECStatus ssl_MakeLocks(sslSocket *ss) { ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->firstHandshakeLock) - goto loser; + if (!ss->firstHandshakeLock) + goto loser; ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->ssl3HandshakeLock) - goto loser; + if (!ss->ssl3HandshakeLock) + goto loser; ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL); - if (!ss->specLock) - goto loser; + if (!ss->specLock) + goto loser; ss->recvBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->recvBufLock) - goto loser; + if (!ss->recvBufLock) + goto loser; ss->xmitBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->xmitBufLock) - goto loser; + if (!ss->xmitBufLock) + goto loser; ss->writerThread = NULL; if (ssl_lock_readers) { - ss->recvLock = PZ_NewLock(nssILockSSL); - if (!ss->recvLock) - goto loser; - ss->sendLock = PZ_NewLock(nssILockSSL); - if (!ss->sendLock) - goto loser; + ss->recvLock = PZ_NewLock(nssILockSSL); + if (!ss->recvLock) + goto loser; + ss->sendLock = PZ_NewLock(nssILockSSL); + if (!ss->sendLock) + goto loser; } return SECSuccess; loser: @@ -2812,81 +2814,81 @@ ssl_SetDefaultsFromEnvironment(void) static int firsttime = 1; if (firsttime) { - char * ev; - firsttime = 0; + char * ev; + firsttime = 0; #ifdef DEBUG - ev = getenv("SSLDEBUGFILE"); - if (ev && ev[0]) { - ssl_trace_iob = fopen(ev, "w"); - } - if (!ssl_trace_iob) { - ssl_trace_iob = stderr; - } + ev = getenv("SSLDEBUGFILE"); + if (ev && ev[0]) { + ssl_trace_iob = fopen(ev, "w"); + } + if (!ssl_trace_iob) { + ssl_trace_iob = stderr; + } #ifdef TRACE - ev = getenv("SSLTRACE"); - if (ev && ev[0]) { - ssl_trace = atoi(ev); - SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); - } + ev = getenv("SSLTRACE"); + if (ev && ev[0]) { + ssl_trace = atoi(ev); + SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); + } #endif /* TRACE */ - ev = getenv("SSLDEBUG"); - if (ev && ev[0]) { - ssl_debug = atoi(ev); - SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); - } + ev = getenv("SSLDEBUG"); + if (ev && ev[0]) { + ssl_debug = atoi(ev); + SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); + } #endif /* DEBUG */ - ev = getenv("SSLKEYLOGFILE"); - if (ev && ev[0]) { - ssl_keylog_iob = fopen(ev, "a"); - if (!ssl_keylog_iob) { - SSL_TRACE(("SSL: failed to open key log file")); - } else { - if (ftell(ssl_keylog_iob) == 0) { - fputs("# SSL/TLS secrets log file, generated by NSS\n", - ssl_keylog_iob); - } - SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); - } - } + ev = getenv("SSLKEYLOGFILE"); + if (ev && ev[0]) { + ssl_keylog_iob = fopen(ev, "a"); + if (!ssl_keylog_iob) { + SSL_TRACE(("SSL: failed to open key log file")); + } else { + if (ftell(ssl_keylog_iob) == 0) { + fputs("# SSL/TLS secrets log file, generated by NSS\n", + ssl_keylog_iob); + } + SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); + } + } #ifndef NO_PKCS11_BYPASS - ev = getenv("SSLBYPASS"); - if (ev && ev[0]) { - ssl_defaults.bypassPKCS11 = (ev[0] == '1'); - SSL_TRACE(("SSL: bypass default set to %d", \ - ssl_defaults.bypassPKCS11)); - } + ev = getenv("SSLBYPASS"); + if (ev && ev[0]) { + ssl_defaults.bypassPKCS11 = (ev[0] == '1'); + SSL_TRACE(("SSL: bypass default set to %d", \ + ssl_defaults.bypassPKCS11)); + } #endif /* NO_PKCS11_BYPASS */ - ev = getenv("SSLFORCELOCKS"); - if (ev && ev[0] == '1') { - ssl_force_locks = PR_TRUE; - ssl_defaults.noLocks = 0; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); - SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); - } - ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); - if (ev) { - if (ev[0] == '1' || LOWER(ev[0]) == 'u') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; - else if (ev[0] == '0' || LOWER(ev[0]) == 'n') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; - else if (ev[0] == '2' || LOWER(ev[0]) == 'r') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; - else if (ev[0] == '3' || LOWER(ev[0]) == 't') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; - SSL_TRACE(("SSL: enableRenegotiation set to %d", - ssl_defaults.enableRenegotiation)); - } - ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); - if (ev && ev[0] == '1') { - ssl_defaults.requireSafeNegotiation = PR_TRUE; - SSL_TRACE(("SSL: requireSafeNegotiation set to %d", - PR_TRUE)); - } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); - if (ev && ev[0] == '0') { - ssl_defaults.cbcRandomIV = PR_FALSE; - SSL_TRACE(("SSL: cbcRandomIV set to 0")); - } + ev = getenv("SSLFORCELOCKS"); + if (ev && ev[0] == '1') { + ssl_force_locks = PR_TRUE; + ssl_defaults.noLocks = 0; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); + SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); + } + ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); + if (ev) { + if (ev[0] == '1' || LOWER(ev[0]) == 'u') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; + else if (ev[0] == '0' || LOWER(ev[0]) == 'n') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; + else if (ev[0] == '2' || LOWER(ev[0]) == 'r') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; + else if (ev[0] == '3' || LOWER(ev[0]) == 't') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; + SSL_TRACE(("SSL: enableRenegotiation set to %d", + ssl_defaults.enableRenegotiation)); + } + ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); + if (ev && ev[0] == '1') { + ssl_defaults.requireSafeNegotiation = PR_TRUE; + SSL_TRACE(("SSL: requireSafeNegotiation set to %d", + PR_TRUE)); + } + ev = getenv("NSS_SSL_CBC_RANDOM_IV"); + if (ev && ev[0] == '0') { + ssl_defaults.cbcRandomIV = PR_FALSE; + SSL_TRACE(("SSL: cbcRandomIV set to 0")); + } } #endif /* NSS_HAVE_GETENV */ } @@ -2902,76 +2904,75 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) ssl_SetDefaultsFromEnvironment(); if (ssl_force_locks) - makeLocks = PR_TRUE; + makeLocks = PR_TRUE; /* Make a new socket and get it ready */ ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket)); if (ss) { /* This should be of type SSLKEAType, but CC on IRIX - * complains during the for loop. - */ - int i; - SECStatus status; - - ss->opt = ssl_defaults; - ss->opt.useSocks = PR_FALSE; - ss->opt.noLocks = !makeLocks; - ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); - ss->protocolVariant = protocolVariant; + * complains during the for loop. + */ + int i; + SECStatus status; - ss->peerID = NULL; - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cipherSpecs = NULL; + ss->opt = ssl_defaults; + ss->opt.useSocks = PR_FALSE; + ss->opt.noLocks = !makeLocks; + ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); + ss->protocolVariant = protocolVariant; + + ss->peerID = NULL; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; /* produced lazily */ ss->preferredCipher = NULL; ss->url = NULL; - for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - sc->serverCert = NULL; - sc->serverCertChain = NULL; - sc->serverKeyPair = NULL; - sc->serverKeyBits = 0; - ss->certStatusArray[i] = NULL; - } - ss->stepDownKeyPair = NULL; - ss->dbHandle = CERT_GetDefaultCertDB(); + for (i=kt_null; i < kt_kea_size; i++) { + sslServerCerts * sc = ss->serverCerts + i; + sc->serverCert = NULL; + sc->serverCertChain = NULL; + sc->serverKeyPair = NULL; + sc->serverKeyBits = 0; + ss->certStatusArray[i] = NULL; + } + ss->stepDownKeyPair = NULL; + ss->dbHandle = CERT_GetDefaultCertDB(); - /* Provide default implementation of hooks */ - ss->authCertificate = SSL_AuthCertificate; - ss->authCertificateArg = (void *)ss->dbHandle; + /* Provide default implementation of hooks */ + ss->authCertificate = SSL_AuthCertificate; + ss->authCertificateArg = (void *)ss->dbHandle; ss->sniSocketConfig = NULL; ss->sniSocketConfigArg = NULL; - ss->getClientAuthData = NULL; - ss->handleBadCert = NULL; - ss->badCertArg = NULL; - ss->pkcs11PinArg = NULL; - ss->ephemeralECDHKeyPair = NULL; + ss->getClientAuthData = NULL; + ss->handleBadCert = NULL; + ss->badCertArg = NULL; + ss->pkcs11PinArg = NULL; + ss->ephemeralECDHKeyPair = NULL; - ssl_ChooseOps(ss); - ssl2_InitSocketPolicy(ss); - ssl3_InitSocketPolicy(ss); - PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); + ssl_ChooseOps(ss); + ssl2_InitSocketPolicy(ss); + ssl3_InitSocketPolicy(ss); + PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); - if (makeLocks) { - status = ssl_MakeLocks(ss); - if (status != SECSuccess) - goto loser; - } - status = ssl_CreateSecurityInfo(ss); - if (status != SECSuccess) - goto loser; - status = ssl_InitGather(&ss->gs); - if (status != SECSuccess) { + if (makeLocks) { + status = ssl_MakeLocks(ss); + if (status != SECSuccess) + goto loser; + } + status = ssl_CreateSecurityInfo(ss); + if (status != SECSuccess) + goto loser; + status = ssl_InitGather(&ss->gs); + if (status != SECSuccess) { loser: - ssl_DestroySocketContents(ss); - ssl_DestroyLocks(ss); - PORT_Free(ss); - ss = NULL; - } + ssl_DestroySocketContents(ss); + ssl_DestroyLocks(ss); + PORT_Free(ss); + ss = NULL; + } } return ss; } - diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index d4c2704b..ac771b6c 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,11 +19,11 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.15.5" +#define NSSUTIL_VERSION "3.16.2.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 15 -#define NSSUTIL_VPATCH 5 -#define NSSUTIL_VBUILD 0 +#define NSSUTIL_VMINOR 16 +#define NSSUTIL_VPATCH 2 +#define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 490dabaf..adca22a9 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -7,211 +7,211 @@ #include "utilrename.h" -#define SEC_ERROR_BASE (-0x2000) -#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) +#define SEC_ERROR_BASE (-0x2000) +#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) #define IS_SEC_ERROR(code) \ (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SEC_ERROR_IO = SEC_ERROR_BASE + 0, -SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, -SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, -SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, -SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, -SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, -SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, -SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, -SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, -SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, -SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, -SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, -SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, -SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, -SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, -SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, -SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, -SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, -SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, -SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, -SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, -SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, -SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), -SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), -SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), -SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), -SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), -SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), -SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), -SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), -SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), -SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), -SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), -SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), -SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), -SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), -SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), -SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), -SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), -SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), -SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), -SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), -SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), -SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), -SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), -SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), -SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), -SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), -SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), -SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), +SEC_ERROR_IO = SEC_ERROR_BASE + 0, +SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, +SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, +SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, +SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, +SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, +SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, +SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, +SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, +SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, +SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, +SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, +SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, +SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, +SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, +SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, +SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, +SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, +SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, +SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, +SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, +SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, +SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), +SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), +SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), +SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), +SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), +SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), +SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), +SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), +SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), +SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), +SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), +SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), +SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), +SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), +SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), +SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), +SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), +SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), +SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), +SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), +SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), +SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), +SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), +SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), +SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), +SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), +SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), +SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), /* Fortezza Alerts */ -XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), -XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), -XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), -XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), -XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), -XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), -XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), -XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), -SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), -SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), -SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), -SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), -SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), -SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), -SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), -SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), -SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), -SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), -SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), -SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), -SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), -SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), -XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), -XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), -XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), -SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), -SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), -SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), -SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), -SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), -SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), -SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), -SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), -SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), -SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), -SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), -SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), -SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), -SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), -SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), -SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), -SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), -SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), -SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), -SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), +XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), +XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), +XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), +XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), +XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), +XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), +XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), +XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), +SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), +SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), +SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), +SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), +SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), +SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), +SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), +SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), +SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), +SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), +SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), +SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), +SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), +SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), +XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), +XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), +XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), +SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), +SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), +SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), +SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), +SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), +SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), +SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), +SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), +SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), +SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), +SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), +SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), +SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), +SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), +SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), +SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), +SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), +SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), +SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), +SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95), -SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), -SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), -SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), -SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), -SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), -SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), -SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), -SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), -SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), +SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), +SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), +SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), +SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), +SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), +SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), +SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), +SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), +SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = (SEC_ERROR_BASE + 105), -SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), -SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), -SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), -SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), -SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), -SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), -SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), -SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), -SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), -SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), -SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), -SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), -SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), -SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), -SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), -SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), -SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), -SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), -SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), -SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), -SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), -SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), -SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), -SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), -SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), +SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), +SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), +SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), +SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), +SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), +SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), +SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), +SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), +SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), +SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), +SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), +SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), +SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), +SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), +SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), +SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), +SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), +SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), +SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), +SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), +SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), +SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), +SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), +SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), +SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), /* smime stuff */ -SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), -SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), -SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), -SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), -SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), +SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), +SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), +SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), +SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), +SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138), SEC_ERROR_BUSY = (SEC_ERROR_BASE + 139), SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140), /* error codes used by elliptic curve code */ -SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), -SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), -SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), -SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), +SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), +SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), +SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), +SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), /* new revocation errors */ -SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), -SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), -SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), -SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), -SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), -SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), -SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), -SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), -SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), -SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), -SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), -SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), -SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), +SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), +SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), +SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), +SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), +SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), +SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), +SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), +SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), +SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), +SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), +SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), +SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), +SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), -SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), -SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), -SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), +SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), +SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), +SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), /* No longer used. Unknown AIA location types are now silently ignored. */ -SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), -SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), -SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), -SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), -SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), +SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), +SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), +SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), +SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), +SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), -SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), +SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), -SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), -SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), -SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), +SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), +SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), +SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), -SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), -SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), +SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), +SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), -SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), -SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), +SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), +SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), -SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), +SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), -SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), +SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), -SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), +SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), -SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), +SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), -SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), +SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), /* Add new error codes above here. */ -SEC_ERROR_END_OF_LIST +SEC_ERROR_END_OF_LIST } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index 1af4faf8..c0d2ba91 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -299,9 +299,15 @@ fi # created, we check for modutil to know whether the build # is complete. If a new file is created after that, the # following test for modutil should check for that instead. +# Exception: when building softoken only, shlibsign is the +# last file created. +if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then + LAST_FILE_BUILT=shlibsign +else + LAST_FILE_BUILT=modutil +fi -if [ ! -f ${DIST}/${OBJDIR}/bin/modutil -a \ - ! -f ${DIST}/${OBJDIR}/bin/modutil.exe ]; then +if [ ! -f ${DIST}/${OBJDIR}/bin/${LAST_FILE_BUILT}${PROG_SUFFIX} ]; then echo "Build Incomplete. Aborting test." >> ${LOGFILE} html_head "Testing Initialization" Exit "Checking for build" diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index 313c663f..1a23c19c 100644 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -1176,6 +1176,201 @@ cert_extensions() done < ${QADIR}/cert/certext.txt } +cert_make_with_param() +{ + DIRPASS="$1" + CERTNAME="$2" + MAKE="$3" + SUBJ="$4" + EXTRA="$5" + EXPECT="$6" + TESTNAME="$7" + + echo certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + ${BINDIR}/certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + # if we expected failure to create, then delete unexpected certificate + if [ "${EXPECT}" -ne 0 ]; then + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + fi + + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - ${EXTRA}" + cert_log "ERROR: ${TESTNAME} - ${EXTRA} failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_list_and_count_dns() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + EXPECTCOUNT="$4" + TESTNAME="$5" + + echo certutil ${DIRPASS} -L ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + LISTCOUNT=`${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} | grep -wc DNS` + if [ "${LISTCOUNT}" -ne "${EXPECTCOUNT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_dump_ext_to_file() +{ + DIRPASS="$1" + CERTNAME="$2" + OID="$3" + OUTFILE="$4" + EXPECT="$5" + TESTNAME="$6" + + echo certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} + echo "writing output to ${OUTFILE}" + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} > ${OUTFILE} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - dump to file" + cert_log "ERROR: ${TESTNAME} - dump to file failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_delete() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + TESTNAME="$4" + + echo certutil ${DIRPASS} -D ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - delete cert" + cert_log "ERROR: ${TESTNAME} - delete cert failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_inc_count() +{ + COUNT=`expr ${COUNT} + 1` +} + +############################## cert_crl_ssl ############################ +# test adding subject-alt-name, dumping, and adding generic extension +######################################################################## +cert_san_and_generic_extensions() +{ + EXTDUMP=${CERT_EXTENSIONS_DIR}/sanext.der + + DIR="-d ${CERT_EXTENSIONS_DIR} -f ${R_PWFILE}" + CERTNAME="-n WithSAN" + MAKE="-S -t ,, -x -z ${R_NOISE_FILE}" + SUBJ="CN=example.com" + + TESTNAME="san-and-generic-extensions" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com" 255 \ + "create cert with invalid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com,dns:www.example.com" 255 \ + "create cert with invalid SAN parameter" + + TN="create cert with valid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN dns:example.com,dns:www.example.com" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_dump_ext_to_file "${DIR}" "${CERTNAME}" "2.5.29.17" "${EXTDUMP}" 0 \ + "dump extension 2.5.29.17 to file ${EXTDUMP}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric ${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP},2.5.29.17:critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + TN="create cert with valid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric 2.5.29.17:not-critical:${EXTDUMP}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" +} + ############################## cert_crl_ssl ############################ # local shell function to generate certs and crls for SSL tests ######################################################################## @@ -1513,6 +1708,7 @@ if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then fi cert_eccurves cert_extensions +cert_san_and_generic_extensions cert_test_password cert_test_distrust cert_test_ocspresp diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh index a24af82c..12e78e18 100644 --- a/security/nss/tests/cipher/cipher.sh +++ b/security/nss/tests/cipher/cipher.sh @@ -129,6 +129,12 @@ if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then return 0 fi cipher_init -cipher_main -cipher_gcm +# Skip cipher_main if this an NSS without softoken build. +if [ "${NSS_BUILD_WITHOUT_SOFTOKEN}" != "1" ]; then + cipher_main +fi +# Skip cipher_gcm if this is a softoken only build. +if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then + cipher_gcm +fi cipher_cleanup