From 274c656e66ad9ad29655716d9851d80c348d8974 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Tue, 19 Jun 2018 23:24:24 +0800 Subject: [PATCH 01/20] jpeg: applied libjpeg-fix-CVE-2013-6629_6630.patch, from libjpeg6b_6b1-3+deb7u1.debian.tar.gz --- jpeg/jdmarker.c | 56 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 12 deletions(-) diff --git a/jpeg/jdmarker.c b/jpeg/jdmarker.c index c0fd8c2a..8e5d5a64 100644 --- a/jpeg/jdmarker.c +++ b/jpeg/jdmarker.c @@ -236,7 +236,7 @@ get_sof (j_decompress_ptr cinfo, boolean is_prog, boolean is_arith) /* Process a SOFn marker */ { INT32 length; - int c, ci; + int c, ci, i; jpeg_component_info * compptr; INPUT_VARS(cinfo); @@ -273,11 +273,27 @@ get_sof (j_decompress_ptr cinfo, boolean is_prog, boolean is_arith) cinfo->comp_info = (jpeg_component_info *) (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE, cinfo->num_components * SIZEOF(jpeg_component_info)); - - for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components; - ci++, compptr++) { + + for (ci = 0; ci < cinfo->num_components; ci++) { + INPUT_BYTE(cinfo, c, return FALSE); + /* Check to see whether component id has already been seen */ + /* (in violation of the spec, but unfortunately seen in some */ + /* files). If so, create "fake" component id equal to the */ + /* max id seen so far + 1. */ + for (i = 0, compptr = cinfo->comp_info; i < ci; i++, compptr++) { + if (c == compptr->component_id) { + compptr = cinfo->comp_info; + c = compptr->component_id; + compptr++; + for (i = 1; i < ci; i++, compptr++) { + if (compptr->component_id > c) c = compptr->component_id; + } + c++; + break; + } + } + compptr->component_id = c; compptr->component_index = ci; - INPUT_BYTE(cinfo, compptr->component_id, return FALSE); INPUT_BYTE(cinfo, c, return FALSE); compptr->h_samp_factor = (c >> 4) & 15; compptr->v_samp_factor = (c ) & 15; @@ -300,7 +316,7 @@ get_sos (j_decompress_ptr cinfo) /* Process a SOS marker */ { INT32 length; - int i, ci, n, c, cc; + int c, ci, i, n; jpeg_component_info * compptr; INPUT_VARS(cinfo); @@ -321,24 +337,38 @@ get_sos (j_decompress_ptr cinfo) /* Collect the component-spec parameters */ for (i = 0; i < n; i++) { - INPUT_BYTE(cinfo, cc, return FALSE); INPUT_BYTE(cinfo, c, return FALSE); - + + /* Detect the case where component id's are not unique, and, if so, */ + /* create a fake component id using the same logic as in get_sof. */ + for (ci = 0; ci < i; ci++) { + if (c == cinfo->cur_comp_info[ci]->component_id) { + c = cinfo->cur_comp_info[0]->component_id; + for (ci = 1; ci < i; ci++) { + compptr = cinfo->cur_comp_info[ci]; + if (compptr->component_id > c) c = compptr->component_id; + } + c++; + break; + } + } + for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components; ci++, compptr++) { - if (cc == compptr->component_id) + if (c == compptr->component_id) goto id_found; } - ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); + ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, c); id_found: cinfo->cur_comp_info[i] = compptr; + INPUT_BYTE(cinfo, c, return FALSE); compptr->dc_tbl_no = (c >> 4) & 15; compptr->ac_tbl_no = (c ) & 15; - - TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, compptr->component_id, compptr->dc_tbl_no, compptr->ac_tbl_no); } @@ -454,6 +484,8 @@ get_dht (j_decompress_ptr cinfo) if (count > 256 || ((INT32) count) > length) ERREXIT(cinfo, JERR_BAD_HUFF_TABLE); + MEMZERO(huffval, SIZEOF(huffval)); /* pre-zero array for later copy */ + for (i = 0; i < count; i++) INPUT_BYTE(cinfo, huffval[i], return FALSE); From 3cb0b7c6af849eaf37766f0ceb29e29e6c6f3a2d Mon Sep 17 00:00:00 2001 From: roytam1 Date: Sun, 8 Jul 2018 18:31:40 +0800 Subject: [PATCH 02/20] fix smime makefile --- mailnews/extensions/smime/build/Makefile.in | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/mailnews/extensions/smime/build/Makefile.in b/mailnews/extensions/smime/build/Makefile.in index 3c73d036..65c1e96a 100644 --- a/mailnews/extensions/smime/build/Makefile.in +++ b/mailnews/extensions/smime/build/Makefile.in @@ -71,6 +71,8 @@ else EXTRA_DSO_LIBS = msgbaseutil endif +else +SHARED_LIBRARY_LIBS += $(DIST)/lib/$(LIB_PREFIX)msgbsutl_s.$(LIB_SUFFIX) endif CPPSRCS = nsMsgSMIMEFactory.cpp @@ -79,10 +81,6 @@ SHARED_LIBRARY_LIBS = \ $(DIST)/lib/$(LIB_PREFIX)msgsmime_s.$(LIB_SUFFIX) \ $(NULL) -ifndef MOZ_STATIC_MAIL_BUILD -SHARED_LIBRARY_LIBS + = $(DIST)/lib/$(LIB_PREFIX)msgbsutl_s.$(LIB_SUFFIX) -endif - EXTRA_DSO_LDOPTS = \ $(LIBS_DIR) \ $(EXTRA_DSO_LIBS) \ From 1f106e1216a88f695f04de5829b0064d592d2edc Mon Sep 17 00:00:00 2001 From: roytam1 Date: Sat, 14 Jul 2018 19:42:58 +0800 Subject: [PATCH 03/20] nsFilePicker: Fix Browse Folder function in NT 3.51 --- widget/src/windows/nsFilePicker.cpp | 24 ++++++++++++++++++++---- widget/src/windows/nsFilePicker.h | 1 + 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/widget/src/windows/nsFilePicker.cpp b/widget/src/windows/nsFilePicker.cpp index bc5d61c0..5c593e81 100644 --- a/widget/src/windows/nsFilePicker.cpp +++ b/widget/src/windows/nsFilePicker.cpp @@ -89,6 +89,7 @@ char nsFilePicker::mLastUsedDirectory[MAX_PATH+1] = { 0 }; nsFilePicker::nsFilePicker() { mSelectedType = 1; + mWinVer = GetVersion() & 0xFF; } //------------------------------------------------------------------------- @@ -153,7 +154,7 @@ NS_IMETHODIMP nsFilePicker::ShowW(PRInt16 *aReturnVal) #ifndef WINCE - if (mMode == modeGetFolder) { + if (mMode == modeGetFolder && mWinVer > 3) { PRUnichar dirBuffer[MAX_PATH+1]; wcsncpy(dirBuffer, initialDir.get(), MAX_PATH); @@ -244,13 +245,17 @@ NS_IMETHODIMP nsFilePicker::ShowW(PRInt16 *aReturnVal) #ifndef WINCE try { #endif - if (mMode == modeOpen) { + if (mMode == modeOpen || mMode == modeGetFolder) { // FILE MUST EXIST! - ofn.Flags |= OFN_FILEMUSTEXIST; + if(mMode == modeOpen) ofn.Flags |= OFN_FILEMUSTEXIST; + else { + fileBuffer[0]='t'; fileBuffer[1]='h'; fileBuffer[2]='i'; fileBuffer[3]='s'; + fileBuffer[4]='D'; fileBuffer[5]='i'; fileBuffer[6]='r'; + } result = nsToolkit::mGetOpenFileName(&ofn); } else if (mMode == modeOpenMultiple) { - ofn.Flags |= OFN_FILEMUSTEXIST | OFN_ALLOWMULTISELECT | OFN_EXPLORER; + ofn.Flags |= OFN_FILEMUSTEXIST | OFN_ALLOWMULTISELECT | (mWinVer > 3 ? OFN_EXPLORER : 0); result = nsToolkit::mGetOpenFileName(&ofn); } else if (mMode == modeSave) { @@ -345,6 +350,17 @@ NS_IMETHODIMP nsFilePicker::ShowW(PRInt16 *aReturnVal) } } else { + // Get DirPath from Full Pathname + if(mMode == modeGetFolder) { + int cnt; + nsAutoString dirName(fileBuffer); + for(cnt=dirName.Length()-1;cnt > 1; cnt--) { + if (fileBuffer[cnt] == '\\') { + fileBuffer[cnt] = 0; + break; + } + } + } // I think it also needs a conversion here (to unicode since appending to nsString) // but doing that generates garbage file name, weird. mUnicodeFile.Assign(fileBuffer); diff --git a/widget/src/windows/nsFilePicker.h b/widget/src/windows/nsFilePicker.h index 7bf79f31..fa89abfe 100644 --- a/widget/src/windows/nsFilePicker.h +++ b/widget/src/windows/nsFilePicker.h @@ -97,6 +97,7 @@ protected: static char mLastUsedDirectory[]; nsString mUnicodeFile; static nsString mLastUsedUnicodeDirectory; + PRInt32 mWinVer; }; #endif // nsFilePicker_h__ From d1a5d94f4b2c84df103c9da3bf0144348a3c9259 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Sat, 14 Jul 2018 19:43:54 +0800 Subject: [PATCH 04/20] contentAreaUtils: wrap them with try-catch blocks as they can fail --- toolkit/content/contentAreaUtils.js | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/toolkit/content/contentAreaUtils.js b/toolkit/content/contentAreaUtils.js index 5361849b..4681e311 100644 --- a/toolkit/content/contentAreaUtils.js +++ b/toolkit/content/contentAreaUtils.js @@ -515,9 +515,11 @@ function getTargetFile(aFpP, aSkipPrompt) { var fileLocator = Components.classes["@mozilla.org/file/directory_service;1"] .getService(Components.interfaces.nsIProperties); - - var dir = fileLocator.get(getSpecialFolderKey(aFolder), Components.interfaces.nsILocalFile); - + var dir; + try { + dir = fileLocator.get(getSpecialFolderKey(aFolder), Components.interfaces.nsILocalFile); + } + catch (e) {} var bundle = Components.classes["@mozilla.org/intl/stringbundle;1"] .getService(Components.interfaces.nsIStringBundleService); bundle = bundle.createBundle("chrome://mozapps/locale/downloads/unknownContentType.properties"); @@ -544,6 +546,7 @@ function getTargetFile(aFpP, aSkipPrompt) if (!aSkipPrompt || !useDownloadDir || !dir) { // If we're asking the user where to save the file, root the Save As... // dialog on they place they last picked. + if(!dir) { try { dir = prefs.getComplexValue("lastDir", nsILocalFile); } @@ -552,8 +555,15 @@ function getTargetFile(aFpP, aSkipPrompt) var fileLocator = Components.classes["@mozilla.org/file/directory_service;1"] .getService(Components.interfaces.nsIProperties); - dir = fileLocator.get(getSpecialFolderKey("Desktop"), nsILocalFile); + try { + dir = fileLocator.get(getSpecialFolderKey("Desktop"), nsILocalFile); + } + catch (r) { + // no clue, try current dir + dir = '.'; + } } + } var fp = makeFilePicker(); var titleKey = aFpP.fpTitleKey || "SaveLinkTitle"; From 8444083c28b912945cba0a7203ca02082594d09b Mon Sep 17 00:00:00 2001 From: roytam1 Date: Sat, 14 Jul 2018 20:49:47 +0800 Subject: [PATCH 05/20] pref/main: _getDownloadsFolder() and fileLocator.get() can throw, wrap them with try-catch block --- browser/components/preferences/main.js | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js index ef0ded86..e296a1f1 100644 --- a/browser/components/preferences/main.js +++ b/browser/components/preferences/main.js @@ -307,10 +307,12 @@ var gMainPane = { */ _folderToIndex: function (aFolder) { + try { if (!aFolder || aFolder.equals(this._getDownloadsFolder("Desktop"))) return 0; else if (aFolder.equals(this._getDownloadsFolder("Downloads"))) return 1; + } catch(e) {} return 2; }, @@ -326,8 +328,13 @@ var gMainPane = { { var fileLocator = Components.classes["@mozilla.org/file/directory_service;1"] .getService(Components.interfaces.nsIProperties); - var dir = fileLocator.get(this._getSpecialFolderKey(aFolder), + var dir; + try { + dir = fileLocator.get(this._getSpecialFolderKey(aFolder), Components.interfaces.nsILocalFile); + } catch(e) { + dir = aFolder; + } if (aFolder != "Desktop") dir.append("My Downloads"); // XXX l12y! From 30d33aa8e84d0ed333c87031dfdba3b8e6a06545 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Tue, 10 Jul 2018 23:07:31 +0800 Subject: [PATCH 06/20] cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes): 9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869 --- security/nss/Makefile | 3 + .../buildbot-slave/bbenv-example.sh | 2 - .../nss/automation/buildbot-slave/build.sh | 2 +- security/nss/cmd/atob/atob.c | 46 +- security/nss/cmd/bltest/blapitest.c | 107 +- .../nss/cmd/bltest/tests/aes_cbc/ciphertext1 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext10 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext11 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext12 | 4 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext13 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext14 | 2 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext15 | 2 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext16 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext17 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext18 | 4 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext19 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext2 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext20 | 2 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext21 | 2 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext22 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext23 | 3 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext24 | 4 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext3 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext4 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext5 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext6 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext7 | 1 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext8 | 2 + .../nss/cmd/bltest/tests/aes_cbc/ciphertext9 | 2 + security/nss/cmd/bltest/tests/aes_cbc/iv1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv10 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv11 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv12 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv14 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv15 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv16 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv17 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv18 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv19 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv20 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv21 | 2 + security/nss/cmd/bltest/tests/aes_cbc/iv22 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv23 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv24 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv3 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv4 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv5 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv6 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/iv7 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv8 | 1 + security/nss/cmd/bltest/tests/aes_cbc/iv9 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key10 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key11 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key12 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key13 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key14 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key15 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key16 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key17 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key18 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key19 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key20 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key21 | 2 + security/nss/cmd/bltest/tests/aes_cbc/key22 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key23 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key24 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key3 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key4 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_cbc/key5 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_cbc/key6 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_cbc/key7 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_cbc/key8 | 1 + security/nss/cmd/bltest/tests/aes_cbc/key9 | 1 + .../nss/cmd/bltest/tests/aes_cbc/mktst.sh | 11 + .../nss/cmd/bltest/tests/aes_cbc/numtests | 2 +- .../nss/cmd/bltest/tests/aes_cbc/plaintext1 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext10 | 2 + .../nss/cmd/bltest/tests/aes_cbc/plaintext11 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext12 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext13 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext14 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext15 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext16 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext17 | 2 + .../nss/cmd/bltest/tests/aes_cbc/plaintext18 | Bin 0 -> 160 bytes .../nss/cmd/bltest/tests/aes_cbc/plaintext19 | Bin 0 -> 32 bytes .../nss/cmd/bltest/tests/aes_cbc/plaintext2 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext20 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext21 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext22 | Bin 0 -> 128 bytes .../nss/cmd/bltest/tests/aes_cbc/plaintext23 | Bin 0 -> 144 bytes .../nss/cmd/bltest/tests/aes_cbc/plaintext24 | Bin 0 -> 160 bytes .../nss/cmd/bltest/tests/aes_cbc/plaintext3 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext4 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext5 | 2 + .../nss/cmd/bltest/tests/aes_cbc/plaintext6 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext7 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext8 | 1 + .../nss/cmd/bltest/tests/aes_cbc/plaintext9 | 2 + .../nss/cmd/bltest/tests/aes_cbc/test1.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test10.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test11.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test12.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test13.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test14.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test15.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test16.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test17.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test18.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test19.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test2.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test20.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test21.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test22.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test23.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test24.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test3.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test4.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test5.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test6.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test7.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test8.txt | 5 + .../nss/cmd/bltest/tests/aes_cbc/test9.txt | 5 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext1 | 1 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext2 | 1 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext3 | 1 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext4 | 1 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext5 | 1 + .../nss/cmd/bltest/tests/aes_ecb/ciphertext6 | 1 + security/nss/cmd/bltest/tests/aes_ecb/key1 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_ecb/key2 | Bin 0 -> 16 bytes security/nss/cmd/bltest/tests/aes_ecb/key3 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_ecb/key4 | Bin 0 -> 24 bytes security/nss/cmd/bltest/tests/aes_ecb/key5 | Bin 0 -> 32 bytes security/nss/cmd/bltest/tests/aes_ecb/key6 | Bin 0 -> 32 bytes .../nss/cmd/bltest/tests/aes_ecb/mktst.sh | 10 + .../nss/cmd/bltest/tests/aes_ecb/numtests | 2 +- .../nss/cmd/bltest/tests/aes_ecb/plaintext1 | 1 + .../nss/cmd/bltest/tests/aes_ecb/plaintext2 | 1 + .../nss/cmd/bltest/tests/aes_ecb/plaintext3 | 1 + .../nss/cmd/bltest/tests/aes_ecb/plaintext4 | 1 + .../nss/cmd/bltest/tests/aes_ecb/plaintext5 | 2 + .../nss/cmd/bltest/tests/aes_ecb/plaintext6 | 1 + .../nss/cmd/bltest/tests/aes_ecb/test1.txt | 4 + .../nss/cmd/bltest/tests/aes_ecb/test2.txt | 4 + .../nss/cmd/bltest/tests/aes_ecb/test3.txt | 4 + .../nss/cmd/bltest/tests/aes_ecb/test4.txt | 4 + .../nss/cmd/bltest/tests/aes_ecb/test5.txt | 4 + .../nss/cmd/bltest/tests/aes_ecb/test6.txt | 4 + security/nss/cmd/certutil/certutil.c | 85 +- security/nss/cmd/certutil/keystuff.c | 10 +- security/nss/cmd/fipstest/fipstest.c | 10 +- security/nss/cmd/lib/secutil.c | 6 +- .../libpkix/pkix/params/test_buildparams.c | 179 --- security/nss/cmd/libpkix/pkixutil/pkixutil.c | 3 - security/nss/cmd/modutil/install.c | 2 +- security/nss/cmd/modutil/modutil.c | 5 + security/nss/cmd/modutil/modutil.h | 12 +- security/nss/cmd/modutil/pk11.c | 110 +- security/nss/cmd/platlibs.mk | 4 - security/nss/cmd/selfserv/selfserv.c | 46 +- security/nss/cmd/ssltap/ssltap.c | 6 +- security/nss/cmd/strsclnt/strsclnt.c | 24 +- security/nss/cmd/tstclnt/tstclnt.c | 24 +- security/nss/cmd/vfyserv/vfyserv.c | 2 +- security/nss/cmd/vfyserv/vfyutil.c | 24 +- security/nss/coreconf/Linux.mk | 14 +- security/nss/coreconf/WIN32.mk | 12 +- security/nss/coreconf/config.mk | 13 +- security/nss/coverage/cov.sh | 1 - security/nss/doc/certutil.xml | 4 +- security/nss/doc/html/certutil.html | 6 +- security/nss/doc/modutil.xml | 2 +- security/nss/doc/nroff/certutil.1 | 8 +- security/nss/lib/certdb/cert.h | 7 - security/nss/lib/certdb/certdb.c | 15 +- security/nss/lib/certdb/genname.c | 81 +- security/nss/lib/certhigh/certvfy.c | 23 +- security/nss/lib/certhigh/ocsp.c | 3 +- security/nss/lib/ckfw/capi/cobject.c | 2 +- security/nss/lib/cryptohi/cryptohi.h | 2 +- security/nss/lib/cryptohi/keyhi.h | 16 +- security/nss/lib/cryptohi/seckey.c | 95 +- security/nss/lib/dbm/include/mcom_db.h | 4 + security/nss/lib/freebl/Makefile | 40 +- security/nss/lib/freebl/aeskeywrap.c | 1 + security/nss/lib/freebl/arcfour.c | 2 +- security/nss/lib/freebl/blapi.h | 14 +- security/nss/lib/freebl/blapii.h | 2 +- security/nss/lib/freebl/blapit.h | 2 +- security/nss/lib/freebl/ctr.c | 76 +- security/nss/lib/freebl/ctr.h | 7 + security/nss/lib/freebl/ec.c | 40 +- .../nss/lib/{softoken => freebl}/ecdecode.c | 8 +- .../nss/lib/freebl/intel-aes-x64-masm.asm | 971 ++++++++++++ .../nss/lib/freebl/intel-aes-x86-masm.asm | 949 ++++++++++++ security/nss/lib/freebl/intel-aes.h | 23 + security/nss/lib/freebl/intel-gcm-wrap.c | 117 +- .../nss/lib/freebl/intel-gcm-x64-masm.asm | 1295 +++++++++++++++++ .../nss/lib/freebl/intel-gcm-x86-masm.asm | 1209 +++++++++++++++ security/nss/lib/freebl/intel-gcm.h | 2 +- security/nss/lib/freebl/ldvector.c | 12 +- security/nss/lib/freebl/loader.c | 28 + security/nss/lib/freebl/loader.h | 11 +- security/nss/lib/freebl/manifest.mn | 3 +- security/nss/lib/freebl/mpi/mpi.h | 6 +- security/nss/lib/freebl/mpi/target.mk | 4 +- security/nss/lib/freebl/rijndael.c | 50 +- security/nss/lib/freebl/rsapkcs.c | 10 +- security/nss/lib/freebl/sha-fast-amd64-sun.s | 41 + security/nss/lib/freebl/stubs.c | 27 +- security/nss/lib/freebl/stubs.h | 4 +- .../lib/libpkix/include/pkix_errorstrings.h | 2 + .../nss/lib/libpkix/include/pkix_pl_pki.h | 8 +- .../lib/libpkix/include/pkix_sample_modules.h | 2 + .../libpkix/pkix/certsel/pkix_certselector.c | 8 +- .../checker/pkix_nameconstraintschecker.c | 9 +- .../libpkix/pkix/params/pkix_buildparams.c | 284 ---- .../libpkix/pkix/params/pkix_buildparams.h | 32 - .../libpkix/pkix/params/pkix_trustanchor.c | 6 +- .../nss/lib/libpkix/pkix/top/pkix_build.h | 2 + .../lib/libpkix/pkix_pl_nss/module/config.mk | 20 + .../libpkix/pkix_pl_nss/module/manifest.mn | 12 +- .../pkix_pl_nss/module/pkix_pl_aiamgr.c | 12 + .../pkix_pl_nss/module/pkix_pl_aiamgr.h | 4 + .../libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 8 +- .../pkix_pl_nss/pki/pkix_pl_infoaccess.c | 4 + .../pkix_pl_nss/pki/pkix_pl_infoaccess.h | 2 + .../pkix_pl_nss/system/pkix_pl_common.h | 4 + .../pkix_pl_nss/system/pkix_pl_lifecycle.c | 2 + .../pkix_pl_nss/system/pkix_pl_lifecycle.h | 2 + security/nss/lib/nss/nss.def | 8 + security/nss/lib/nss/nss.h | 2 +- security/nss/lib/nss/nssinit.c | 18 +- security/nss/lib/pk11wrap/pk11akey.c | 10 +- security/nss/lib/pk11wrap/pk11cxt.c | 3 + security/nss/lib/pk11wrap/pk11obj.c | 3 + security/nss/lib/pk11wrap/pk11pk12.c | 110 ++ security/nss/lib/pk11wrap/pk11pub.h | 10 +- security/nss/lib/pk11wrap/pk11skey.c | 4 +- security/nss/lib/pk11wrap/pk11slot.c | 18 +- security/nss/lib/pk11wrap/pk11util.c | 4 +- security/nss/lib/pk11wrap/secmod.h | 2 + security/nss/lib/pk11wrap/secmodi.h | 1 - security/nss/lib/pk11wrap/secmodt.h | 8 +- security/nss/lib/pkcs12/p12creat.c | 2 +- security/nss/lib/pki/tdcache.c | 3 +- security/nss/lib/smime/smime.def | 6 + security/nss/lib/softoken/config.mk | 4 - security/nss/lib/softoken/fipstest.c | 8 +- security/nss/lib/softoken/fipstokn.c | 33 - security/nss/lib/softoken/legacydb/config.mk | 4 - security/nss/lib/softoken/legacydb/keydb.c | 16 +- security/nss/lib/softoken/legacydb/lgattr.c | 20 +- security/nss/lib/softoken/legacydb/lgcreate.c | 20 +- security/nss/lib/softoken/legacydb/lowcert.c | 4 +- security/nss/lib/softoken/legacydb/lowkey.c | 12 +- security/nss/lib/softoken/legacydb/lowkeyi.h | 6 +- security/nss/lib/softoken/legacydb/lowkeyti.h | 4 +- security/nss/lib/softoken/lowkey.c | 18 +- security/nss/lib/softoken/lowkeyi.h | 4 +- security/nss/lib/softoken/lowkeyti.h | 4 +- security/nss/lib/softoken/manifest.mn | 1 - security/nss/lib/softoken/manifest.mn.orig | 63 + security/nss/lib/softoken/pkcs11.c | 20 +- security/nss/lib/softoken/pkcs11c.c | 56 +- security/nss/lib/softoken/pkcs11u.c | 8 +- security/nss/lib/softoken/sdb.c | 12 +- security/nss/lib/softoken/softkver.h | 2 +- security/nss/lib/softoken/softoken.h | 13 - security/nss/lib/sqlite/config.mk | 4 - security/nss/lib/ssl/derive.c | 16 +- security/nss/lib/ssl/dtlscon.c | 14 +- security/nss/lib/ssl/ssl3con.c | 216 +-- security/nss/lib/ssl/ssl3ecc.c | 4 +- security/nss/lib/ssl/ssl3ext.c | 8 +- security/nss/lib/ssl/sslcon.c | 4 +- security/nss/lib/ssl/sslenum.c | 36 +- security/nss/lib/ssl/sslgathr.c | 28 - security/nss/lib/ssl/sslimpl.h | 22 +- security/nss/lib/ssl/sslinfo.c | 28 +- security/nss/lib/ssl/sslnonce.c | 6 +- security/nss/lib/ssl/sslproto.h | 108 +- security/nss/lib/ssl/sslsecur.c | 4 +- security/nss/lib/ssl/sslsnce.c | 1 - security/nss/lib/ssl/sslsock.c | 11 +- security/nss/lib/ssl/sslt.h | 4 +- security/nss/lib/util/secdig.h | 2 +- security/nss/lib/util/secdigt.h | 4 +- security/nss/lib/util/utilmod.c | 107 +- security/nss/lib/util/utilmodt.h | 3 +- security/nss/lib/zlib/config.mk | 4 + security/nss/tests/all.sh | 2 +- security/nss/tests/cert/cert.sh | 36 +- .../chains/scenarios/nameconstraints.cfg | 139 ++ security/nss/tests/common/cleanup.sh | 3 + .../libpkix/certs/NameConstraints.ca.cert | Bin 626 -> 626 bytes .../certs/NameConstraints.dcissallowed.cert | Bin 0 -> 888 bytes .../certs/NameConstraints.dcissblocked.cert | Bin 0 -> 889 bytes .../certs/NameConstraints.dcisscopy.cert | Bin 0 -> 957 bytes .../certs/NameConstraints.intermediate.cert | Bin 662 -> 662 bytes .../certs/NameConstraints.intermediate2.cert | Bin 0 -> 644 bytes .../certs/NameConstraints.intermediate3.cert | Bin 0 -> 716 bytes .../certs/NameConstraints.intermediate4.cert | Bin 0 -> 607 bytes .../certs/NameConstraints.intermediate5.cert | Bin 0 -> 612 bytes .../certs/NameConstraints.intermediate6.cert | Bin 0 -> 611 bytes .../libpkix/certs/NameConstraints.ncca.cert | Bin 0 -> 672 bytes .../certs/NameConstraints.server1.cert | Bin 660 -> 660 bytes .../certs/NameConstraints.server10.cert | Bin 0 -> 560 bytes .../certs/NameConstraints.server11.cert | Bin 0 -> 585 bytes .../certs/NameConstraints.server12.cert | Bin 0 -> 562 bytes .../certs/NameConstraints.server13.cert | Bin 0 -> 574 bytes .../certs/NameConstraints.server14.cert | Bin 0 -> 574 bytes .../certs/NameConstraints.server15.cert | Bin 0 -> 634 bytes .../certs/NameConstraints.server16.cert | Bin 0 -> 612 bytes .../certs/NameConstraints.server17.cert | Bin 0 -> 630 bytes .../certs/NameConstraints.server2.cert | Bin 643 -> 643 bytes .../certs/NameConstraints.server3.cert | Bin 660 -> 660 bytes .../certs/NameConstraints.server4.cert | Bin 0 -> 663 bytes .../certs/NameConstraints.server5.cert | Bin 0 -> 646 bytes .../certs/NameConstraints.server6.cert | Bin 0 -> 663 bytes .../certs/NameConstraints.server7.cert | Bin 0 -> 578 bytes .../certs/NameConstraints.server8.cert | Bin 0 -> 564 bytes .../certs/NameConstraints.server9.cert | Bin 0 -> 551 bytes security/nss/tests/libpkix/certs/make-nc | 407 +++++- security/nss/tests/remote/Makefile | 2 +- security/nss/tests/smime/smime.sh | 4 +- security/nss/tests/ssl/ssl.sh | 16 +- security/nss/tests/tools/tools.sh | 4 +- 333 files changed, 6964 insertions(+), 1515 deletions(-) create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv1 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv10 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv11 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv12 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv13 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv14 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv15 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv16 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv17 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv18 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv19 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv2 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv20 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv21 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv22 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv23 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv24 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv3 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv4 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv5 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv6 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv7 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv8 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv9 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key1 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key10 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key11 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key12 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key13 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key14 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key15 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key16 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key17 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key18 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key19 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key2 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key20 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key21 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key22 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key23 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key24 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key3 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key4 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key5 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key6 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key7 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key8 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key9 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/mktst.sh create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext1 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext10 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext11 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext12 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext13 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext14 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext15 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext16 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext17 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext18 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext19 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext2 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext20 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext21 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext22 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext23 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext24 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext3 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext4 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext5 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext6 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext7 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext8 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext9 create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test1.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test10.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test11.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test12.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test13.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test14.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test15.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test16.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test17.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test18.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test19.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test2.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test20.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test21.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test22.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test23.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test24.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test3.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test4.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test5.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test6.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test7.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test8.txt create mode 100644 security/nss/cmd/bltest/tests/aes_cbc/test9.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext2 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext3 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext4 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext5 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext6 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key1 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key2 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key3 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key4 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key5 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key6 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/mktst.sh create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext1 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext2 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext3 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext4 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext5 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext6 create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test1.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test2.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test3.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test4.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test5.txt create mode 100644 security/nss/cmd/bltest/tests/aes_ecb/test6.txt delete mode 100644 security/nss/cmd/libpkix/pkix/params/test_buildparams.c rename security/nss/lib/{softoken => freebl}/ecdecode.c (99%) create mode 100644 security/nss/lib/freebl/intel-aes-x64-masm.asm create mode 100644 security/nss/lib/freebl/intel-aes-x86-masm.asm create mode 100644 security/nss/lib/freebl/intel-gcm-x64-masm.asm create mode 100644 security/nss/lib/freebl/intel-gcm-x86-masm.asm delete mode 100644 security/nss/lib/libpkix/pkix/params/pkix_buildparams.c delete mode 100644 security/nss/lib/libpkix/pkix/params/pkix_buildparams.h create mode 100644 security/nss/lib/softoken/manifest.mn.orig create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.ncca.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server10.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server11.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server12.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server13.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server14.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server15.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server16.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server17.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server4.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server5.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server6.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server7.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server8.cert create mode 100644 security/nss/tests/libpkix/certs/NameConstraints.server9.cert diff --git a/security/nss/Makefile b/security/nss/Makefile index 85c62be0..6d01a1da 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -61,6 +61,9 @@ endif ifdef BUILD_OPT NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize endif +ifdef USE_X32 +NSPR_CONFIGURE_OPTS += --enable-x32 +endif ifdef USE_64 NSPR_CONFIGURE_OPTS += --enable-64bit endif diff --git a/security/nss/automation/buildbot-slave/bbenv-example.sh b/security/nss/automation/buildbot-slave/bbenv-example.sh index 1d0dd010..c76e5d6a 100644 --- a/security/nss/automation/buildbot-slave/bbenv-example.sh +++ b/security/nss/automation/buildbot-slave/bbenv-example.sh @@ -19,8 +19,6 @@ ARCH=$(uname -s) ulimit -c unlimited 2> /dev/null -export NSS_ENABLE_ECC=1 -export NSS_ECC_MORE_THAN_SUITE_B=1 export NSPR_LOG_MODULES="pkix:1" #export JAVA_HOME_32= diff --git a/security/nss/automation/buildbot-slave/build.sh b/security/nss/automation/buildbot-slave/build.sh index 286a735f..605293ed 100644 --- a/security/nss/automation/buildbot-slave/build.sh +++ b/security/nss/automation/buildbot-slave/build.sh @@ -288,7 +288,7 @@ prepare() mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1 mkdir -p ${OUTPUTDIR} - if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then + if [ -z "${NSS_DISABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then cd ${HGDIR}/nss ECF="lib/freebl/ecl/ecl-curve.h" print_log "hg revert -r NSS_3_11_1_RTM ${ECF}" diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c index c438d603..cdc9dd6a 100644 --- a/security/nss/cmd/atob/atob.c +++ b/security/nss/cmd/atob/atob.c @@ -35,13 +35,24 @@ output_binary (void *arg, const unsigned char *obuf, PRInt32 size) return nb; } +static PRBool +isBase64Char(char c) +{ + return ((c >= 'A' && c <= 'Z') + || (c >= 'a' && c <= 'z') + || (c >= '0' && c <= '9') + || c == '+' + || c == '/' + || c == '='); +} + static SECStatus decode_file(FILE *outFile, FILE *inFile) { NSSBase64Decoder *cx; - int nb; SECStatus status = SECFailure; char ibuf[4096]; + const char *ptr; cx = NSSBase64Decoder_Create(output_binary, outFile); if (!cx) { @@ -50,19 +61,29 @@ decode_file(FILE *outFile, FILE *inFile) for (;;) { if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; + if (!fgets(ibuf, sizeof(ibuf), inFile)) { + if (ferror(inFile)) { + PORT_SetError(SEC_ERROR_IO); + goto loser; + } + /* eof */ + break; + } + for (ptr = ibuf; *ptr; ++ptr) { + char c = *ptr; + if (c == '\n' || c == '\r') { + break; /* found end of line */ + } + if (!isBase64Char(c)) { + ptr = ibuf; /* ignore line */ + break; } } + if (ibuf == ptr) { + continue; /* skip empty or non-base64 line */ + } - status = NSSBase64Decoder_Update(cx, ibuf, nb); + status = NSSBase64Decoder_Update(cx, ibuf, ptr-ibuf); if (status != SECSuccess) goto loser; } @@ -99,10 +120,11 @@ int main(int argc, char **argv) progName = progName ? progName+1 : argv[0]; /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); + optstate = PL_CreateOptState(argc, argv, "?hi:o:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': + case 'h': Usage(progName); break; diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 469ada8f..77619180 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -21,7 +21,7 @@ #include "secoid.h" #include "nssutil.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ecl-curve.h" SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); @@ -133,7 +133,7 @@ static void Usage() PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "", "[-n curvename]"); #endif PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); @@ -141,7 +141,7 @@ static void Usage() PRINTUSAGE("", "-i", "file which contains input buffer"); PRINTUSAGE("", "-o", "file for signature"); PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); @@ -390,7 +390,7 @@ dsakey_from_filedata(SECItem *filedata) return key; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static ECPrivateKey * eckey_from_filedata(SECItem *filedata) { @@ -544,7 +544,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static void dump_pqg(PQGParams *pqg) @@ -562,7 +562,7 @@ dump_dsakey(DSAPrivateKey *key) SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void dump_ecp(ECParams *ecp) { @@ -651,7 +651,7 @@ typedef enum { bltestRSA, /* Public Key Ciphers */ bltestRSA_OAEP, /* . (Public Key Enc.) */ bltestRSA_PSS, /* . (Public Key Sig.) */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSA, /* . (Public Key Sig.) */ #endif bltestDSA, /* . (Public Key Sig.) */ @@ -690,7 +690,7 @@ static char *mode_strings[] = "rsa", "rsa_oaep", "rsa_pss", -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC "ecdsa", #endif /*"pqg",*/ @@ -744,7 +744,7 @@ typedef struct PQGParams *pqg; } bltestDSAParams; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct { char *curveName; @@ -763,7 +763,7 @@ typedef struct union { bltestRSAParams rsa; bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC bltestECDSAParams ecdsa; #endif } cipherParams; @@ -1266,7 +1266,7 @@ dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input) return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input) { @@ -1720,7 +1720,7 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECStatus bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -2077,7 +2077,7 @@ finish: SECStatus pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int keysize, int exponent, char *curveName) #else int keysize, int exponent) @@ -2090,7 +2090,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, RSAPrivateKey **rsaKey = NULL; bltestDSAParams *dsap; DSAPrivateKey **dsaKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *tmpECParamsDER; ECParams *tmpECParams = NULL; SECItem ecSerialize[3]; @@ -2132,7 +2132,7 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, dsap->keysize = (*dsaKey)->params.prime.len*8; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: ecKey = (ECPrivateKey **)&asymk->privKey; if (curveName != NULL) { @@ -2244,7 +2244,7 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) } return bltest_dsa_init(cipherInfo, encrypt); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (encrypt) { SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, @@ -2494,7 +2494,7 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestRSA_PSS: /* will be freed with it. */ case bltestRSA_OAEP: case bltestDSA: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: #endif case bltestMD2: /* hash contexts are ephemeral */ @@ -2674,7 +2674,7 @@ print_td: fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize); } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: if (td) { fprintf(stdout, "%12s", "ec_curve"); @@ -2906,7 +2906,7 @@ get_params(PLArenaPool *arena, bltestParams *params, sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case bltestECDSA: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); @@ -2938,46 +2938,62 @@ SECStatus verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, PRBool forward, SECStatus sigstatus) { - int res; + PRBool equal; char *modestr = mode_strings[mode]; - res = SECITEM_CompareItem(&result->pBuf, &cmp->buf); + equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf); if (is_sigCipher(mode)) { if (forward) { - if (res == 0) { + if (equal) { printf("Signature self-test for %s passed.\n", modestr); } else { printf("Signature self-test for %s failed!\n", modestr); } + return equal ? SECSuccess : SECFailure; } else { if (sigstatus == SECSuccess) { printf("Verification self-test for %s passed.\n", modestr); } else { printf("Verification self-test for %s failed!\n", modestr); } + return sigstatus; } - return sigstatus; } else if (is_hashCipher(mode)) { - if (res == 0) { + if (equal) { printf("Hash self-test for %s passed.\n", modestr); } else { printf("Hash self-test for %s failed!\n", modestr); } } else { if (forward) { - if (res == 0) { + if (equal) { printf("Encryption self-test for %s passed.\n", modestr); } else { printf("Encryption self-test for %s failed!\n", modestr); } } else { - if (res == 0) { + if (equal) { printf("Decryption self-test for %s passed.\n", modestr); } else { printf("Decryption self-test for %s failed!\n", modestr); } } } - return (res != 0); + return equal ? SECSuccess : SECFailure; +} + +static SECStatus +ReadFileToItem(SECItem *dst, const char *filename) +{ + PRFileDesc *file; + SECStatus rv; + + file = PR_Open(filename, PR_RDONLY, 00660); + if (!file) { + return SECFailure; + } + rv = SECU_FileToItem(dst, file); + PR_Close(file); + return rv; } static SECStatus @@ -2991,19 +3007,16 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, int i, j, nummodes, numtests; char *modestr; char filename[256]; - PRFileDesc *file; PLArenaPool *arena; SECItem item; - PRBool finished; SECStatus rv = SECSuccess, srv; PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); cipherInfo.arena = arena; - finished = PR_FALSE; nummodes = (numModes == 0) ? NUMMODES : numModes; - for (i=0; i < nummodes && !finished; i++) { + for (i=0; i < nummodes; i++) { if (numModes > 0) mode = modes[i]; else @@ -3017,13 +3030,11 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, params = &cipherInfo.params; /* get the number of tests in the directory */ sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); - file = PR_Open(filename, PR_RDONLY, 00660); - if (!file) { - fprintf(stderr, "%s: File %s does not exist.\n", progName,filename); - return SECFailure; + if (ReadFileToItem(&item, filename) != SECSuccess) { + fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename); + rv = SECFailure; + continue; } - rv = SECU_FileToItem(&item, file); - PR_Close(file); /* loop over the tests in the directory */ numtests = 0; for (j=0; jkey.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); #else pubkeyInitKey(cipherInfo, file, keysize, exponent); diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 new file mode 100644 index 00000000..1126bbf3 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext1 @@ -0,0 +1 @@ +AzZ2PpZtkllaVnzJzlN/Xg== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 new file mode 100644 index 00000000..c3d443ff --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext10 @@ -0,0 +1,3 @@ +eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv +WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N +PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 new file mode 100644 index 00000000..ae00d8b0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext11 @@ -0,0 +1,3 @@ +sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ +afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN +YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 new file mode 100644 index 00000000..605a1bab --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext12 @@ -0,0 +1,4 @@ +a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2 +PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2 +0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ +M7vld2JDgIUPEXQ1oDVbKw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 new file mode 100644 index 00000000..2abf3695 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext13 @@ -0,0 +1 @@ +UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 new file mode 100644 index 00000000..f16428a9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext14 @@ -0,0 +1,2 @@ +1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK +CNL7ao6LDxybcsejRNw0nw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 new file mode 100644 index 00000000..ed1cecd9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext15 @@ -0,0 +1,2 @@ +dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T +ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 new file mode 100644 index 00000000..8fa89522 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext16 @@ -0,0 +1,3 @@ +gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC +92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07 +byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 new file mode 100644 index 00000000..8ca864c9 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext17 @@ -0,0 +1,3 @@ +km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3 +ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq +0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 new file mode 100644 index 00000000..9b427409 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext18 @@ -0,0 +1,4 @@ +yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA +aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs +qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo +StM8DZJzlFGsh/Of+MMbhA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 new file mode 100644 index 00000000..39bf9377 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext19 @@ -0,0 +1 @@ +L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 new file mode 100644 index 00000000..ec069abd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext2 @@ -0,0 +1 @@ +qaFjG/SZaVTrwJOVeyNFiQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 new file mode 100644 index 00000000..d74f0e04 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext20 @@ -0,0 +1,2 @@ +BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM +OJ/WOb3aZH2qO9rasutVlA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 new file mode 100644 index 00000000..9f3b9ead --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext21 @@ -0,0 +1,2 @@ +rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK +ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 new file mode 100644 index 00000000..b9b5b5ce --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext22 @@ -0,0 +1,3 @@ +kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b +ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo +Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 new file mode 100644 index 00000000..e7710c1f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext23 @@ -0,0 +1,3 @@ +AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu +kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km +cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 new file mode 100644 index 00000000..d5234aa6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext24 @@ -0,0 +1,4 @@ +/Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ +THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee +uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i +T8RHJ1ll255NN/vJMERIzQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 new file mode 100644 index 00000000..82c4cd20 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext3 @@ -0,0 +1 @@ +J1z8BBPYzLcFE8OFmx0Pcg== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 new file mode 100644 index 00000000..81714bd4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext4 @@ -0,0 +1 @@ +ybgTX/G1rcQT39BTshvZbQ== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 new file mode 100644 index 00000000..ce9672a5 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext5 @@ -0,0 +1 @@ +XJ2ETtRvmIUIXl1qT5TH1w== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 new file mode 100644 index 00000000..fc53a4f5 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext6 @@ -0,0 +1 @@ +qf91vXz2YT03Mcd8O20MBA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 new file mode 100644 index 00000000..1d6d84bb --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext7 @@ -0,0 +1 @@ +xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA= diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 new file mode 100644 index 00000000..7191a647 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext8 @@ -0,0 +1,2 @@ +Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP +0xZSTq59y5Wuc46+roSkZw== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 new file mode 100644 index 00000000..232a6911 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext9 @@ -0,0 +1,2 @@ +O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI +k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+ diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv1 b/security/nss/cmd/bltest/tests/aes_cbc/iv1 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv10 b/security/nss/cmd/bltest/tests/aes_cbc/iv10 new file mode 100644 index 00000000..58d7a2da --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv10 @@ -0,0 +1 @@ +žù4”n\Ю—½XS,´“ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv11 b/security/nss/cmd/bltest/tests/aes_cbc/iv11 new file mode 100644 index 00000000..6847886b --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv11 @@ -0,0 +1 @@ +$_&[vëëÂíÊÄ¢ø \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv12 b/security/nss/cmd/bltest/tests/aes_cbc/iv12 new file mode 100644 index 00000000..15040cd2 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv12 @@ -0,0 +1 @@ +»ë/«´H¯„—–$J× \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv13 b/security/nss/cmd/bltest/tests/aes_cbc/iv13 new file mode 100644 index 00000000..1bef08ad --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv13 @@ -0,0 +1 @@ +óÖf~My`÷P[£ƒë \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv14 b/security/nss/cmd/bltest/tests/aes_cbc/iv14 new file mode 100644 index 00000000..099828fd --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv14 @@ -0,0 +1 @@ +‹YÉ œRœ¨9ŸÀÎ<8 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv15 b/security/nss/cmd/bltest/tests/aes_cbc/iv15 new file mode 100644 index 00000000..d7a44d9d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv15 @@ -0,0 +1 @@ +6긃¯ï“lÃc(FÍ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv16 b/security/nss/cmd/bltest/tests/aes_cbc/iv16 new file mode 100644 index 00000000..678bb8d6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv16 @@ -0,0 +1 @@ +ãțЗëÝöOHÛm¿â \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv17 b/security/nss/cmd/bltest/tests/aes_cbc/iv17 new file mode 100644 index 00000000..7ff21ab6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv17 @@ -0,0 +1 @@ +’¤(3ñE ¤½Æè< \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv18 b/security/nss/cmd/bltest/tests/aes_cbc/iv18 new file mode 100644 index 00000000..244b5022 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv18 @@ -0,0 +1 @@ +$@€8,Êà{›¶cUÁ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv19 b/security/nss/cmd/bltest/tests/aes_cbc/iv19 new file mode 100644 index 00000000..919e1657 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv19 @@ -0,0 +1 @@ +ýê¡4È×7EquýWÓü \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv2 b/security/nss/cmd/bltest/tests/aes_cbc/iv2 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv20 b/security/nss/cmd/bltest/tests/aes_cbc/iv20 new file mode 100644 index 00000000..c49bf8f7 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv20 @@ -0,0 +1 @@ +ÀÍ+ëÌ»lI’ ÕH*ÇVè \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv21 b/security/nss/cmd/bltest/tests/aes_cbc/iv21 new file mode 100644 index 00000000..6452e3d6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv21 @@ -0,0 +1,2 @@ +³Ë—¨ +S™¸ÂE ;“• \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv22 b/security/nss/cmd/bltest/tests/aes_cbc/iv22 new file mode 100644 index 00000000..42b7bd3a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv22 @@ -0,0 +1 @@ +LïüYcÔY`&u>–I \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv23 b/security/nss/cmd/bltest/tests/aes_cbc/iv23 new file mode 100644 index 0000000000000000000000000000000000000000..99b22495ccacd11ae5c41ccdd2a241b9470d3a3b GIT binary patch literal 16 YcmWGMCi&;XCVQSr)h`UoPMyvL07fVXQ~&?~ literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv24 b/security/nss/cmd/bltest/tests/aes_cbc/iv24 new file mode 100644 index 00000000..0104daff --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv24 @@ -0,0 +1 @@ +ÖÕ¸ÏëӶ꡵?~á \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv3 b/security/nss/cmd/bltest/tests/aes_cbc/iv3 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv4 b/security/nss/cmd/bltest/tests/aes_cbc/iv4 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv5 b/security/nss/cmd/bltest/tests/aes_cbc/iv5 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv6 b/security/nss/cmd/bltest/tests/aes_cbc/iv6 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv7 b/security/nss/cmd/bltest/tests/aes_cbc/iv7 new file mode 100644 index 00000000..524d1b98 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv7 @@ -0,0 +1 @@ +ªÑX<Ùeã»/ 40Ðe» \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv8 b/security/nss/cmd/bltest/tests/aes_cbc/iv8 new file mode 100644 index 00000000..f58e954f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv8 @@ -0,0 +1 @@ +È ]‹± `iŸ|—J  \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv9 b/security/nss/cmd/bltest/tests/aes_cbc/iv9 new file mode 100644 index 00000000..d6c47826 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/iv9 @@ -0,0 +1 @@ +eµî60¾Ö¸BÙ¹z \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key1 b/security/nss/cmd/bltest/tests/aes_cbc/key1 new file mode 100644 index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9 GIT binary patch literal 16 KcmZQzKm`B*5C8!H literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key10 b/security/nss/cmd/bltest/tests/aes_cbc/key10 new file mode 100644 index 00000000..3cdff7a8 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key10 @@ -0,0 +1 @@ +Ä‘Ê1ùEŽ)©%ìUx \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key11 b/security/nss/cmd/bltest/tests/aes_cbc/key11 new file mode 100644 index 00000000..4a130401 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key11 @@ -0,0 +1 @@ +öè}q°Mn°jhÜjqô˜ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key12 b/security/nss/cmd/bltest/tests/aes_cbc/key12 new file mode 100644 index 00000000..0a0103de --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key12 @@ -0,0 +1 @@ +,A7QÃ'0W £6xk \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key13 b/security/nss/cmd/bltest/tests/aes_cbc/key13 new file mode 100644 index 00000000..87ae208d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key13 @@ -0,0 +1 @@ +ê³±œX¨sᘃ«ƒ»øQû.k! \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key14 b/security/nss/cmd/bltest/tests/aes_cbc/key14 new file mode 100644 index 00000000..de4da4d4 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key14 @@ -0,0 +1 @@ +{±{M÷…i~¬Ï–˜âËuæy|é5Ë \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key15 b/security/nss/cmd/bltest/tests/aes_cbc/key15 new file mode 100644 index 00000000..b13351f0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key15 @@ -0,0 +1 @@ +ãþÌuðZ ³ƒßÓ‰£Ó<ɸT³²TÀô \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key16 b/security/nss/cmd/bltest/tests/aes_cbc/key16 new file mode 100644 index 0000000000000000000000000000000000000000..71afcb384f652847a5a15141d4bec356a5376dc6 GIT binary patch literal 24 gcmey(d43+l?H|n1W1poj5 literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key17 b/security/nss/cmd/bltest/tests/aes_cbc/key17 new file mode 100644 index 00000000..291b89b1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key17 @@ -0,0 +1 @@ +¼¦úHjsK}G-#EH9{xvY2qGus8} literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key8 b/security/nss/cmd/bltest/tests/aes_cbc/key8 new file mode 100644 index 00000000..804b8d42 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key8 @@ -0,0 +1 @@ +·óÉWnÝ ¶>¬+š9 \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key9 b/security/nss/cmd/bltest/tests/aes_cbc/key9 new file mode 100644 index 00000000..193a2a14 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/key9 @@ -0,0 +1 @@ +»ç·ºOñ®|4þ‹F^ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh new file mode 100644 index 00000000..443167ef --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/mktst.sh @@ -0,0 +1,11 @@ +#!/bin/sh +for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 +do + file="test$i.txt" + grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i + grep "IV = " $file | sed -e 's;IV = ;;' | hex > iv$i + grep "PLAINTEXT = " $file | sed -e 's;PLAINTEXT = ;;' | hex > plaintext$i + grep "CIPHERTEXT = " $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin + btoa < ciphertext$i.bin > ciphertext$i + rm ciphertext$i.bin +done diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests index d00491fd..7273c0fa 100644 --- a/security/nss/cmd/bltest/tests/aes_cbc/numtests +++ b/security/nss/cmd/bltest/tests/aes_cbc/numtests @@ -1 +1 @@ -1 +25 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 new file mode 100644 index 00000000..8bac1b75 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext1 @@ -0,0 +1 @@ +óDì<Æ'ºÍ]Ãûòsæ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 new file mode 100644 index 00000000..779400be --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext10 @@ -0,0 +1,2 @@ +Ëjx~ ìVù¡e•¯3l¦´…Ùé@“ÆQRdŸˆ.‡My¬^{Ò§Lå®.èTöSž +”ykÔÉüÛÇšËïMvÑŠ÷â¤üGÝfßlM¾PäfTšG¶6¼Ç³¦$•µk¶{mE_ëÙ¿ï켦Çó5ÏΛEË \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 new file mode 100644 index 00000000..c226c29d --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext11 @@ -0,0 +1 @@ +ø+ïÅÌͼìLå`ÏÒ"W 2mM甎TÖÐ×þ×Rû#ñªD”û°0éÞÔç~7Ày-‚€@Ã%±¥ïÑ_ÈBä@ÊCt¿8óÃü>ã's; Šî¼ÐUw/Ü`?{,¦Ÿöb6+à¡q»Üê]? \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 new file mode 100644 index 00000000..88c5250f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext13 @@ -0,0 +1 @@ +NLÌÑh#!…mðiãñÆú9:Ÿ°-YÛtÁ@³¬Ä \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 new file mode 100644 index 00000000..c42aec2a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext14 @@ -0,0 +1 @@ +Û7…¨‰´½8wTÚ"/L-+þ yà[Éû©A¾ê0ñ#ž¬ðFìÃhé†ü¦·ÅŽIyÒ–½y†ïõO \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 new file mode 100644 index 00000000..12662556 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext15 @@ -0,0 +1 @@ +“/_:X Õ:kêªd1:4ˆôë°õµ~ø8áW–#;Öæ€wS‹.QïpV4iRw+KME&Ay;4I?#{dym OzYdV7vJO4i!bGmGT}_$* literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext19 new file mode 100644 index 0000000000000000000000000000000000000000..0d6ad5e8c8ce9227c5d865f9611d744f34fa2470 GIT binary patch literal 32 ocmWG|`R?JGpa#wtr_Y*ZmUhTbEehFaKk@ppG+hBhg`n3A03N;%bN~PV literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 new file mode 100644 index 00000000..b2153e2a --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext2 @@ -0,0 +1 @@ +—˜Äd ­uÇÃ"}¹Nr \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 new file mode 100644 index 00000000..6873047f --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext20 @@ -0,0 +1 @@ +‹7ùô»%•kæ1 sÈÜXê—ÿI¶C{4É¿ð–©OíÖ‚5&«ÂzŽ anî%J´V}ÖŽŒÍL8¬V;cœ \ No newline at end of file diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 new file mode 100644 index 00000000..22bfbac6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/aes_cbc/plaintext21 @@ -0,0 +1 @@ +:Þ¦ànBÄðA‘òw^ö7Œ°ˆ$^ÜOdHâ2[`Ð4[Ÿœxße–ì"·¹çn1>QHhoX zSU=>-u|1Q7abA#tJRfi+zLGYo2ZLi;*=pqoQB#Xflv%$QJP9-d$8`uK{W<=Ql literal 0 HcmV?d00001 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext24 new file mode 100644 index 0000000000000000000000000000000000000000..42c59ead887f692e13b6e5bbfe82c26331c34b2e GIT binary patch literal 160 zcmV;R0AK$MW7HGVhDC7a3$|g4_@ud5RfcGcGP|Iq?7=oKt*1)bGQ}#-(W-Prx>kEm zeX8vD%p9_jg0B`zversion.data) = 2; - cert->version.len = 1; + switch(certVersion) { + case (SEC_CERTIFICATE_VERSION_1): + /* The initial version for x509 certificates is version one + * and this default value must be an implicit DER encoding. */ + cert->version.data = NULL; + cert->version.len = 0; + break; + case (SEC_CERTIFICATE_VERSION_2): + case (SEC_CERTIFICATE_VERSION_3): + case 3: /* unspecified format (would be version 4 certificate). */ + *(cert->version.data) = certVersion; + cert->version.len = 1; + break; + default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } der.len = 0; der.data = NULL; @@ -1821,6 +1836,7 @@ CreateCert( PRBool ascii, PRBool selfsign, certutilExtnList extnList, + int certVersion, SECItem * certDER) { void * extHandle; @@ -1880,7 +1896,8 @@ CreateCert( } rv = SignCert(handle, subjectCert, selfsign, hashAlgTag, - *selfsignprivkey, issuerNickName, pwarg); + *selfsignprivkey, issuerNickName, + certVersion, pwarg); if (rv != SECSuccess) break; @@ -2194,6 +2211,7 @@ enum certutilOpts { opt_KeyOpFlagsOff, opt_KeyAttrFlags, opt_EmptyPassword, + opt_CertVersion, opt_Help }; @@ -2303,6 +2321,8 @@ secuCommandFlag options_init[] = "keyAttrFlags"}, { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE, "empty-password"}, + { /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE, + "certVersion"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2341,6 +2361,7 @@ certutil_main(int argc, char **argv, PRBool initialize) SECOidTag hashAlgTag = SEC_OID_UNKNOWN; int keysize = DEFAULT_KEY_BITS; int publicExponent = 0x010001; + int certVersion = SEC_CERTIFICATE_VERSION_3; unsigned int serialNumber = 0; int warpmonths = 0; int validityMonths = 3; @@ -2427,12 +2448,12 @@ certutil_main(int argc, char **argv, PRBool initialize) progName, MIN_KEY_BITS, MAX_KEY_BITS); return 255; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (keytype == ecKey) { PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); return 255; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } @@ -2462,10 +2483,10 @@ certutil_main(int argc, char **argv, PRBool initialize) keytype = rsaKey; } else if (PL_strcmp(arg, "dsa") == 0) { keytype = dsaKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if (PL_strcmp(arg, "ec") == 0) { keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } else if (PL_strcmp(arg, "all") == 0) { keytype = nullKey; } else { @@ -2518,7 +2539,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* -q PQG file or curve name */ if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if ((keytype != dsaKey) && (keytype != ecKey)) { PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ " (-k dsa) or a named curve for EC keys (-k ec)\n)", @@ -2527,7 +2548,7 @@ certutil_main(int argc, char **argv, PRBool initialize) if (keytype != dsaKey) { PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", progName); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return 255; } } @@ -2569,6 +2590,19 @@ certutil_main(int argc, char **argv, PRBool initialize) } } + /* --certVersion */ + if (certutil.options[opt_CertVersion].activated) { + certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg); + if (certVersion < 1 || certVersion > 4) { + PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.", + progName, certVersion); + PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n"); + return 255; + } + certVersion = certVersion - 1; + } + + /* Check number of commands entered. */ commandsEntered = 0; for (i=0; i< certutil.numCommands; i++) { @@ -3225,6 +3259,7 @@ merge_fail: certutil.commands[cmd_CreateNewCert].activated, certutil.options[opt_SelfSign].activated, certutil_extns, + certVersion, &certDER); if (rv) goto shutdown; diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 48d784bc..2665dd44 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -356,7 +356,7 @@ CERTUTIL_FileForRNG(const char *noise) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -484,7 +484,7 @@ getECParams(const char *curve) return ecparams; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEYPrivateKey * CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, @@ -545,14 +545,14 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, params = (void *)&default_pqg_params; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: mechanism = CKM_EC_KEY_PAIR_GEN; /* For EC keys, PQGFile determines EC parameters */ if ((params = (void *) getECParams(pqgFile)) == NULL) return NULL; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return NULL; } @@ -567,7 +567,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, switch (keytype) { case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; #endif default: /* nothing to free */ break; diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index f921c9ac..cdd6b1aa 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -22,7 +22,7 @@ #include "../../lib/freebl/mpi/mpi.h" #endif -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern SECStatus EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); extern SECStatus @@ -1849,7 +1849,7 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) return (c == EOF) ? -1 : ignore; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC typedef struct curveNameTagPairStr { char *curveName; SECOidTag curveOidTag; @@ -2530,7 +2530,7 @@ loser: } fclose(ecdsareq); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* @@ -5327,7 +5327,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ dsa_sigver_test(argv[3]); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /*************/ /* ECDSA */ /*************/ @@ -5346,7 +5346,7 @@ int main(int argc, char **argv) /* Signature Verification Test */ ecdsa_sigver_test(argv[3]); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /*************/ /* RNG */ /*************/ diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 652f2ebf..d06dcf3c 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -1364,7 +1364,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static void secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) { @@ -1382,7 +1382,7 @@ secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) SECU_PrintObjectID(out, &curveOID, "Curve", level +1); } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) @@ -1426,7 +1426,7 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); break; diff --git a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c b/security/nss/cmd/libpkix/pkix/params/test_buildparams.c deleted file mode 100644 index 5584384c..00000000 --- a/security/nss/cmd/libpkix/pkix/params/test_buildparams.c +++ /dev/null @@ -1,179 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * test_buildparams.c - * - * Test BuildParams Type - * - */ - -#include "testutil.h" -#include "testutil_nss.h" - -static void *plContext = NULL; - -static void -testDestroy(void *goodObject, void *equalObject, void *diffObject) -{ - PKIX_TEST_STD_VARS(); - - subTest("PKIX_BuildParams_Destroy"); - - PKIX_TEST_DECREF_BC(goodObject); - PKIX_TEST_DECREF_BC(equalObject); - PKIX_TEST_DECREF_BC(diffObject); - -cleanup: - - PKIX_TEST_RETURN(); - -} - -static -void testGetProcParams( - PKIX_BuildParams *goodObject, - PKIX_BuildParams *equalObject){ - - PKIX_ProcessingParams *goodProcParams = NULL; - PKIX_ProcessingParams *equalProcParams = NULL; - - PKIX_TEST_STD_VARS(); - subTest("PKIX_BuildParams_GetProcessingParams"); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams - (goodObject, &goodProcParams, NULL)); - - PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildParams_GetProcessingParams - (equalObject, &equalProcParams, NULL)); - - testEqualsHelper - ((PKIX_PL_Object *)goodProcParams, - (PKIX_PL_Object *)equalProcParams, - PKIX_TRUE, - plContext); - -cleanup: - - PKIX_TEST_DECREF_AC(goodProcParams); - PKIX_TEST_DECREF_AC(equalProcParams); - - PKIX_TEST_RETURN(); -} - -static -void printUsage(char *pName){ - printf("\nUSAGE: %s \n\n", pName); -} - -int test_buildparams(int argc, char *argv[]) { - - PKIX_BuildParams *goodObject = NULL; - PKIX_BuildParams *equalObject = NULL; - PKIX_BuildParams *diffObject = NULL; - PKIX_UInt32 actualMinorVersion; - PKIX_UInt32 j = 0; - - char *dataCentralDir = NULL; - char *goodInput = "yassir2yassir"; - char *diffInput = "yassir2bcn"; - - char *expectedAscii = - "[\n" - "\tProcessing Params: \n" - "\t********BEGIN PROCESSING PARAMS********\n" - "\t\t" - "[\n" - "\tTrust Anchors: \n" - "\t********BEGIN LIST OF TRUST ANCHORS********\n" - "\t\t" -"([\n" - "\tTrusted CA Name: " - "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n" - "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" - "\tInitial Name Constraints:(null)\n" - "]\n" - ", [\n" - "\tTrusted CA Name: OU=bcn,OU=east,O=sun,C=us\n" - "\tTrusted CA PublicKey: ANSI X9.57 DSA Signature\n" - "\tInitial Name Constraints:(null)\n" - "]\n" - ")\n" - "\t********END LIST OF TRUST ANCHORS********\n" - "\tDate: \t\t(null)\n" - "\tTarget Constraints: (null)\n" - "\tInitial Policies: (null)\n" - "\tQualifiers Rejected: FALSE\n" - "\tCert Stores: (EMPTY)\n" - "\tResource Limits: (null)\n" - "\tCRL Checking Enabled: 0\n" - "]\n" - "\n" - "\t********END PROCESSING PARAMS********\n" - "]\n"; - - PKIX_TEST_STD_VARS(); - - startTests("BuildParams"); - - PKIX_TEST_EXPECT_NO_ERROR( - PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); - - if (argc < 2){ - printUsage(argv[0]); - return (0); - } - - dataCentralDir = argv[j+1]; - - subTest("PKIX_BuildParams_Create"); - - goodObject = createBuildParams - (dataCentralDir, - goodInput, - diffInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - equalObject = createBuildParams - (dataCentralDir, - goodInput, - diffInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - diffObject = createBuildParams - (dataCentralDir, - diffInput, - goodInput, - NULL, - NULL, - PKIX_FALSE, - plContext); - - testGetProcParams(goodObject, equalObject); - - PKIX_TEST_EQ_HASH_TOSTR_DUP - (goodObject, - equalObject, - diffObject, - expectedAscii, - BuildParams, - PKIX_FALSE); - - testDestroy(goodObject, equalObject, diffObject); - -cleanup: - - PKIX_Shutdown(plContext); - - PKIX_TEST_RETURN(); - - endTests("BuildParams"); - - return (0); -} diff --git a/security/nss/cmd/libpkix/pkixutil/pkixutil.c b/security/nss/cmd/libpkix/pkixutil/pkixutil.c index 4d108041..0cd832ac 100644 --- a/security/nss/cmd/libpkix/pkixutil/pkixutil.c +++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c @@ -26,8 +26,6 @@ extern int test_certchainchecker(int argc, char *argv[]); extern int test_comcrlselparams(int argc, char *argv[]); extern int test_crlselector(int argc, char *argv[]); -/* This test fails to build. Need to fix */ -/* extern int test_buildparams(int argc, char *argv[]); */ extern int test_procparams(int argc, char *argv[]); extern int test_resourcelimits(int argc, char *argv[]); extern int test_trustanchor(int argc, char *argv[]); @@ -104,7 +102,6 @@ testFunctionRef testFnRefTable[] = { {"test_certchainchecker", test_certchainchecker}, {"test_comcrlselparams", test_comcrlselparams}, {"test_crlselector", test_crlselector}, -/* {"test_buildparams", test_buildparams}*/ {"test_procparams", test_procparams}, {"test_resourcelimits", test_resourcelimits}, {"test_trustanchor", test_trustanchor}, diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 0665608b..839cf402 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -777,7 +777,7 @@ loser: if(tempname) { PRFileInfo info; if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) { - if((info.type == PR_FILE_DIRECTORY)) { + if(info.type == PR_FILE_DIRECTORY) { /* Recursively remove temporary directory */ if(rm_dash_r(tempname)) { error(PK11_INSTALL_REMOVE_DIR, diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index 2cc9a133..ba07bba4 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -832,6 +832,11 @@ main(int argc, char *argv[]) goto loser; } + errcode = LoadMechanismList(); + if (errcode != SUCCESS) { + goto loser; + } + /* Execute the command */ switch(command) { case ADD_COMMAND: diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h index 2505f2ed..529d60ef 100644 --- a/security/nss/cmd/modutil/modutil.h +++ b/security/nss/cmd/modutil/modutil.h @@ -6,20 +6,22 @@ #define MODUTIL_H #include +#include + #include #include #include +#include #include #include -#include -#include -#include -#include -#include +#include "seccomon.h" +#include "secmod.h" +#include "secutil.h" #include "error.h" +Error LoadMechanismList(void); Error FipsMode(char *arg); Error ChkFipsMode(char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index fc3e7224..d630e4ee 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -2,17 +2,13 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. +/* To edit this file, set TABSTOPS to 4 spaces. + * This is not the normal NSS convention. */ #include "modutil.h" -/* #include "secmodti.h" */ #include "pk11func.h" -static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; -static int pk11_DefaultArraySize = 0; - /************************************************************************* * * F i p s M o d e @@ -110,32 +106,9 @@ ChkFipsMode(char *arg) typedef struct { const char *name; - const unsigned long mask; + unsigned long mask; } MaskString; -static const MaskString mechanismStrings[] = { - {"RSA", PUBLIC_MECH_RSA_FLAG}, - {"DSA", PUBLIC_MECH_DSA_FLAG}, - {"RC2", PUBLIC_MECH_RC2_FLAG}, - {"RC4", PUBLIC_MECH_RC4_FLAG}, - {"RC5", PUBLIC_MECH_RC5_FLAG}, - {"DES", PUBLIC_MECH_DES_FLAG}, - {"DH", PUBLIC_MECH_DH_FLAG}, - {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG}, - {"SHA1", PUBLIC_MECH_SHA1_FLAG}, - {"MD5", PUBLIC_MECH_MD5_FLAG}, - {"MD2", PUBLIC_MECH_MD2_FLAG}, - {"SSL", PUBLIC_MECH_SSL_FLAG}, - {"TLS", PUBLIC_MECH_TLS_FLAG}, - {"AES", PUBLIC_MECH_AES_FLAG}, - {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG}, - {"SHA256", PUBLIC_MECH_SHA256_FLAG}, - {"SHA512", PUBLIC_MECH_SHA512_FLAG}, - {"RANDOM", PUBLIC_MECH_RANDOM_FLAG}, - {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG} -}; -static const int numMechanismStrings = - sizeof(mechanismStrings) / sizeof(mechanismStrings[0]); static const MaskString cipherStrings[] = { {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG} @@ -143,10 +116,68 @@ static const MaskString cipherStrings[] = { static const int numCipherStrings = sizeof(cipherStrings) / sizeof(cipherStrings[0]); -/* Maximum length of a colon-separated list of all the strings in an +/* Initialized by LoadMechanismList */ +static MaskString *mechanismStrings = NULL; +static int numMechanismStrings = 0; +const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; +static int pk11_DefaultArraySize = 0; + +/* Maximum length of a colon-separated list of all the strings in an * array. */ #define MAX_STRING_LIST_LEN 240 /* or less */ + +Error +LoadMechanismList(void) +{ + int i; + + if (pk11_DefaultArray == NULL) { + pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); + if (pk11_DefaultArray == NULL) { + /* should assert. This shouldn't happen */ + return UNSPECIFIED_ERR; + } + } + if (mechanismStrings != NULL) { + return SUCCESS; + } + + /* build the mechanismStrings array */ + mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize); + if (mechanismStrings == NULL) { + return OUT_OF_MEM_ERR; + } + numMechanismStrings = pk11_DefaultArraySize; + for (i = 0; i < numMechanismStrings; i++) { + const char *name = pk11_DefaultArray[i].name; + unsigned long flag = pk11_DefaultArray[i].flag; + /* map new name to old */ + switch (flag) { + case SECMOD_FORTEZZA_FLAG: + name = "FORTEZZA"; + break; + case SECMOD_SHA1_FLAG: + name = "SHA1"; + break; + case SECMOD_CAMELLIA_FLAG: + name = "CAMELLIA"; + break; + case SECMOD_RANDOM_FLAG: + name = "RANDOM"; + break; + case SECMOD_FRIENDLY_FLAG: + name = "FRIENDLY"; + break; + default: + break; + } + mechanismStrings[i].name = name; + mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag); + } + return SUCCESS; +} + /************************************************************************ * * g e t F l a g s F r o m S t r i n g @@ -816,14 +847,6 @@ SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) PRBool found = PR_FALSE; Error errcode = UNSPECIFIED_ERR; - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - goto loser; - } - } - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); @@ -894,15 +917,6 @@ UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) PRBool found = PR_FALSE; Error rv; - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - rv = UNSPECIFIED_ERR; - goto loser; - } - } - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index 0f07910a..833952a5 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -146,10 +146,6 @@ EXTRA_SHARED_LIBS += \ $(NULL) endif -ifeq ($(OS_TARGET), SunOS) -OS_LIBS += -lbsm -endif - else # USE_STATIC_LIBS # can't do this in manifest.mn because OS_ARCH isn't defined there. ifeq ($(OS_ARCH), WINNT) diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 11f30155..d87f0de0 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -107,30 +107,30 @@ const int ssl2CipherSuites[] = { const int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ - -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ - -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ - -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA, * r */ - -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA, * s */ + -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ + -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ + -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */ + -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */ -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; @@ -160,11 +160,11 @@ PrintUsageHeader(const char *progName) " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" " [-V [min-version]:[max-version]] [-a sni_name]\n" " [ T ] [-A ca]\n" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC " [-C SSLCacheEntries] [-e ec_nickname]\n" #else " [-C SSLCacheEntries]\n" -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ,progName); } @@ -1932,9 +1932,9 @@ server_main( * would like it to be. Turn this cipher on. */ - secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE); + secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE); if ( secStatus != SECSuccess ) { - errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); + errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5"); } if (expectedHostNameVal) { @@ -2133,7 +2133,7 @@ main(int argc, char **argv) { char * progName = NULL; char * nickName = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC char * ecNickName = NULL; #endif const char * fileName = NULL; @@ -2246,9 +2246,9 @@ main(int argc, char **argv) case 'd': dir = optstate->value; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case 'e': ecNickName = PORT_Strdup(optstate->value); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case 'f': pwdata.source = PW_FROMFILE; @@ -2362,7 +2362,7 @@ main(int argc, char **argv) } if ((nickName == NULL) - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC && (ecNickName == NULL) #endif ) { @@ -2593,7 +2593,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, &pwdata); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecNickName) { cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); if (cert[kt_ecdh] == NULL) { @@ -2620,7 +2620,7 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_ecdh], kt_ecdh, &pwdata); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (testbypass) goto cleanup; @@ -2691,7 +2691,7 @@ cleanup: if (certPrefix && certPrefix != emptyString) { PORT_Free(certPrefix); } - #ifdef NSS_ENABLE_ECC + #ifndef NSS_DISABLE_ECC if (ecNickName) { PORT_Free(ecNickName); } diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index b1eaaa63..9614f05f 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -493,13 +493,13 @@ const char * helloExtensionNameString(int ex_num) static int isNULLmac(int cs_int) { - return (cs_int == SSL_NULL_WITH_NULL_NULL); + return (cs_int == TLS_NULL_WITH_NULL_NULL); } static int isNULLcipher(int cs_int) { - return ((cs_int == SSL_RSA_WITH_NULL_MD5) || - (cs_int == SSL_RSA_WITH_NULL_SHA) || + return ((cs_int == TLS_RSA_WITH_NULL_MD5) || + (cs_int == TLS_RSA_WITH_NULL_SHA) || (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) || (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) || (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) || diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 26b8f92c..43d121e2 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -59,30 +59,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 2e6c068b..b92dcb1a 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -68,30 +68,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c index 768224ca..d83fc395 100644 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ b/security/nss/cmd/vfyserv/vfyserv.c @@ -497,7 +497,7 @@ main(int argc, char **argv) /* All cipher suites except RSA_NULL_MD5 are enabled by * Domestic Policy. */ NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); + SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE); /* all the SSL2 and SSL3 cipher suites are enabled by default. */ if (cipherString) { diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index fb6ac6bb..15f0d978 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -27,30 +27,30 @@ int ssl2CipherSuites[] = { int ssl3CipherSuites[] = { -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */ -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ + TLS_RSA_WITH_RC4_128_MD5, /* c */ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ + TLS_RSA_WITH_DES_CBC_SHA, /* e */ + TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ + TLS_RSA_WITH_NULL_MD5, /* i */ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - SSL_RSA_WITH_RC4_128_SHA, /* n */ + TLS_RSA_WITH_RC4_128_SHA, /* n */ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, /* r */ - SSL_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - SSL_RSA_WITH_NULL_SHA, /* z */ + TLS_RSA_WITH_NULL_SHA, /* z */ 0 }; diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index a586e5ed..36995ba8 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -55,11 +55,18 @@ else ifeq ($(OS_TEST),x86_64) ifeq ($(USE_64),1) CPU_ARCH = x86_64 + ARCHFLAG = -m64 +else +ifeq ($(USE_X32),1) + CPU_ARCH = x86_64 + ARCHFLAG = -mx32 + 64BIT_TAG = _x32 else OS_REL_CFLAGS = -Di386 CPU_ARCH = x86 ARCHFLAG = -m32 endif +endif else ifeq ($(OS_TEST),sparc64) CPU_ARCH = sparc @@ -123,12 +130,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -# See bug 537829, in particular comment 23. -# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override -# -ansi on platforms like Android where the system headers are C99 and do -# not build with -ansi. -STANDARDS_CFLAGS = -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE -OS_CFLAGS = $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifdef USE_PTHREADS diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index 6d1297d8..afece499 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -41,7 +41,11 @@ else _CC_BUILD := $(word 4,$(_CC_VERSION_WORDS)) _MSC_VER = $(_CC_VMAJOR)$(_CC_VMINOR) _MSC_VER_6 = 1200 - _MSC_VER_GE_18 := $(shell expr $(_MSC_VER) \>= 1800) + # VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01. + _MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \ + $(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219) + # VC12 (2013). + _MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800) ifeq ($(_CC_VMAJOR),14) # -DYNAMICBASE is only supported on VC8SP1 or newer, # so be very specific here! @@ -173,7 +177,7 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 - ifeq ($(_MSC_VER_GE_18),1) + ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif endif # !MSVC6 @@ -218,10 +222,10 @@ ifdef NS_USE_GCC else ifdef USE_64 AS = ml64.exe - ASFLAGS = -Cp -Sn -Zi $(INCLUDES) + ASFLAGS = -nologo -Cp -Sn -Zi $(INCLUDES) else AS = ml.exe - ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES) + ASFLAGS = -nologo -Cp -Sn -Zi -coff $(INCLUDES) endif endif diff --git a/security/nss/coreconf/config.mk b/security/nss/coreconf/config.mk index ea1d04b2..99c6ce6c 100644 --- a/security/nss/coreconf/config.mk +++ b/security/nss/coreconf/config.mk @@ -146,10 +146,10 @@ endif # [16.0] Global environ ment defines ####################################################################### -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC +ifdef NSS_DISABLE_ECC +DEFINES += -DNSS_DISABLE_ECC endif - + ifdef NSS_ECC_MORE_THAN_SUITE_B DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B endif @@ -166,6 +166,10 @@ ifdef NSS_DISABLE_DBM DEFINES += -DNSS_DISABLE_DBM endif +ifdef NSS_PKIX_NO_LDAP +DEFINES += -DNSS_PKIX_NO_LDAP +endif + # Avoid building object leak test code for optimized library ifndef BUILD_OPT ifdef PKIX_OBJECT_LEAK_TEST @@ -181,3 +185,6 @@ USE_UTIL_DIRECTLY = 1 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features DEFINES += -DNO_NSPR_10_SUPPORT + +# Hide old, deprecated, TLS cipher suite names when building NSS +DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES diff --git a/security/nss/coverage/cov.sh b/security/nss/coverage/cov.sh index 51587515..d2a68946 100644 --- a/security/nss/coverage/cov.sh +++ b/security/nss/coverage/cov.sh @@ -32,7 +32,6 @@ CVS_CHECKOUT_BRANCH="cvs_checkout_${BRANCH}" export HOST=`hostname` export DOMSUF=red.iplanet.com -export NSS_ENABLE_ECC=1 export NSS_ECC_MORE_THAN_SUITE_B=1 export IOPR_HOSTADDR_LIST="dochinups.red.iplanet.com" export NSS_AIA_PATH="/share/builds/mccrel3/security/aia_certs" diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 32eaf188..a86e954f 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -222,7 +222,7 @@ If this option is not used, the validity check defaults to the current system ti -g keysize - Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed. + Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed. @@ -360,7 +360,7 @@ of the attribute codes: The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: --t "TCu,Cu,Tuw" +-t "TCu,Cu,Tu" Use the -L option to see a list of the current certificates and trust attributes in a certificate database. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 968a9d26..34430f2c 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

@@ -12,7 +12,7 @@ If this option is not used, the validity check defaults to the current system ti Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

-f password-file

Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent - unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

+ unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

The valid key type options are rsa, dsa, ec, or all. The default value is rsa. Specifying the type of key can avoid mistakes caused by duplicate nicknames. Giving a key type generates a new key pair; @@ -53,7 +53,7 @@ of the attribute codes: u - user

The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: -

-t "TCu,Cu,Tuw"

+

-t "TCu,Cu,Tu"

Use the -L option to see a list of the current certificates and trust attributes in a certificate database.

-u certusage

Specify a usage context to apply when validating a certificate with the -V option.

The contexts are the following:

  • C (as an SSL client)

  • V (as an SSL server)

  • S (as an email signer)

  • R (as an email recipient)

  • O (as an OCSP status responder)

  • J (as an object signer)

-v valid-months

Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months.

-w offset-months

Set an offset from the current system time, in months, for the beginning of a certificate's validity period. Use when creating the certificate or adding it to a database. Express the offset in integers, diff --git a/security/nss/doc/modutil.xml b/security/nss/doc/modutil.xml index 24b24e60..cefd3f41 100644 --- a/security/nss/doc/modutil.xml +++ b/security/nss/doc/modutil.xml @@ -86,7 +86,7 @@ -disable modulename - Disable all slots on the named module. Use the argument to disable a specific slot. + Disable all slots on the named module. Use the argument to disable a specific slot.The internal NSS PKCS #11 module cannot be disabled. diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 00746cdb..2dfa79df 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 31 March 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "31 March 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -263,7 +263,7 @@ Specify a file that will automatically supply the password to include in a certi .PP \-g keysize .RS 4 -Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 8192 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. +Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. .RE .PP \-h tokenname @@ -414,7 +414,7 @@ for each trust setting\&. In each category position, use none, any, or all of th .sp The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks\&. For example: .sp -\fB\-t "TCu,Cu,Tuw"\fR +\fB\-t "TCu,Cu,Tu"\fR .sp Use the \-L option to see a list of the current certificates and trust attributes in a certificate database\&. .RE diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 1d4fe9c9..4ebdf336 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -78,13 +78,6 @@ extern CERTRDN *CERT_CreateRDN(PLArenaPool *arena, CERTAVA *avas, ...); */ extern SECStatus CERT_CopyRDN(PLArenaPool *arena, CERTRDN *dest, CERTRDN *src); -/* -** Destory an RDN object. -** "rdn" the RDN to destroy -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void CERT_DestroyRDN(CERTRDN *rdn, PRBool freeit); - /* ** Add an AVA to an RDN. ** "rdn" the RDN to add to diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index b7d22bd8..43304371 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1381,7 +1381,7 @@ cert_TestHostName(char * cn, const char * hn) return rv; } } else { - /* New approach conforms to RFC 2818. */ + /* New approach conforms to RFC 6125. */ char *wildcard = PORT_Strchr(cn, '*'); char *firstcndot = PORT_Strchr(cn, '.'); char *secondcndot = firstcndot ? PORT_Strchr(firstcndot+1, '.') : NULL; @@ -1390,14 +1390,17 @@ cert_TestHostName(char * cn, const char * hn) /* For a cn pattern to be considered valid, the wildcard character... * - may occur only in a DNS name with at least 3 components, and * - may occur only as last character in the first component, and - * - may be preceded by additional characters + * - may be preceded by additional characters, and + * - must not be preceded by an IDNA ACE prefix (xn--) */ if (wildcard && secondcndot && secondcndot[1] && firsthndot - && firstcndot - wildcard == 1 - && secondcndot - firstcndot > 1 - && PORT_Strrchr(cn, '*') == wildcard + && firstcndot - wildcard == 1 /* wildcard is last char in first component */ + && secondcndot - firstcndot > 1 /* second component is non-empty */ + && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */ && !PORT_Strncasecmp(cn, hn, wildcard - cn) - && !PORT_Strcasecmp(firstcndot, firsthndot)) { + && !PORT_Strcasecmp(firstcndot, firsthndot) + /* If hn starts with xn--, then cn must start with wildcard */ + && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) { /* valid wildcard pattern match */ return SECSuccess; } diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index b0d35cc8..de9e1f87 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -1523,6 +1523,75 @@ done: return rv; } +/* Add name constraints to certain certs that do not include name constraints + * This is the core of the implementation for bug 952572. + */ + +static SECStatus +getNameExtensionsBuiltIn(CERTCertificate *cert, + SECItem *extensions) +{ + const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/ + "\xA0\x5B" /* element len =91 */ + "\x30\x05" /* sequence len 5 */ + "\x82\x03" /* entry len 3 */ + ".fr" + "\x30\x05\x82\x03" /* sequence len5, entry len 3 */ + ".gp" + "\x30\x05\x82\x03" + ".gf" + "\x30\x05\x82\x03" + ".mq" + "\x30\x05\x82\x03" + ".re" + "\x30\x05\x82\x03" + ".yt" + "\x30\x05\x82\x03" + ".pm" + "\x30\x05\x82\x03" + ".bl" + "\x30\x05\x82\x03" + ".mf" + "\x30\x05\x82\x03" + ".wf" + "\x30\x05\x82\x03" + ".pf" + "\x30\x05\x82\x03" + ".nc" + "\x30\x05\x82\x03" + ".tf"; + + /* The stringified value for the subject is: + E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR + */ + const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04" + "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03" + "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65" + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" + "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03" + "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44" + "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13" + "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06" + "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41" + "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7" + "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40" + "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" + "\x76\x2E\x66\x72"; + + const SECItem anssi_subject = {0, (char *) rawANSSISubject, + sizeof(rawANSSISubject)-1}; + const SECItem permitFranceGovNC = {0, (char *) constraintFranceGov, + sizeof(constraintFranceGov)-1}; + + if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { + SECStatus rv; + rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC); + return rv; + } + PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); + return SECFailure; +} + /* Extract the name constraints extension from the CA cert. */ SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, @@ -1538,10 +1607,16 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, &constraintsExtension); if (rv != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { - rv = SECSuccess; + if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) { + return rv; + } + rv = getNameExtensionsBuiltIn(cert, &constraintsExtension); + if (rv != SECSuccess) { + if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { + return SECSuccess; + } + return rv; } - return rv; } mark = PORT_ArenaMark(arena); diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 6917a254..3141163d 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -506,7 +506,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, PORT_SetError (SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID); LOG_ERROR_OR_EXIT(log, issuerCert, count+1, pathLengthLimit); } - + + /* make sure that the entire chain is within the name space of the + * current issuer certificate. + */ + rv = CERT_CompareNameSpace(issuerCert, namesList, certsList, + arena, &badCert); + if (rv != SECSuccess || badCert != NULL) { + PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE); + LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0); + goto loser; + } + /* XXX - the error logging may need to go down into CRL stuff at some * point */ @@ -628,16 +639,6 @@ cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert, } } - /* make sure that the entire chain is within the name space of the - ** current issuer certificate. - */ - rv = CERT_CompareNameSpace(issuerCert, namesList, certsList, - arena, &badCert); - if (rv != SECSuccess || badCert != NULL) { - PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE); - LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0); - goto loser; - } /* make sure that the issuer is not self signed. If it is, then * stop here to prevent looping. */ diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 177f03d7..59b341f1 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -2577,9 +2577,8 @@ loser: static SECStatus ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes) { - PORT_Assert(rbytes != NULL); /* internal error, really */ if (rbytes == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); /* XXX set better error? */ + PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE); return SECFailure; } diff --git a/security/nss/lib/ckfw/capi/cobject.c b/security/nss/lib/ckfw/capi/cobject.c index 54952749..a7c2dbbb 100644 --- a/security/nss/lib/ckfw/capi/cobject.c +++ b/security/nss/lib/ckfw/capi/cobject.c @@ -2302,7 +2302,7 @@ nss_ckcapi_CreatePrivateKey return (ckcapiInternalObject *)NULL; } containerName = ckcapi_getContainer(pError, &keyID); - if ((char *)NULL == providerName ) { + if ((char *)NULL == containerName) { goto loser; } rc = CryptAcquireContext(&hProv, containerName, providerName, diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h index 09297ea6..b16c9134 100644 --- a/security/nss/lib/cryptohi/cryptohi.h +++ b/security/nss/lib/cryptohi/cryptohi.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * cryptohi.h - public prototypes for the crypto library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 3793b570..88a77f15 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -90,17 +90,7 @@ SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param, ** Create a subject-public-key-info based on a public key. */ extern CERTSubjectPublicKeyInfo * -SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *k); - -/* -** Decode a DER encoded public key into an SECKEYPublicKey structure. -*/ -extern SECKEYPublicKey *SECKEY_DecodeDERPublicKey(const SECItem *pubkder); - -/* -** Convert a base64 ascii encoded DER public key to our internal format. -*/ -extern SECKEYPublicKey *SECKEY_ConvertAndDecodePublicKey(const char *pubkstr); +SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k); /* ** Convert a base64 ascii encoded DER public key and challenge to spki, @@ -115,7 +105,7 @@ SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge, ** DER encoded subject public key info. */ SECItem * -SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk); +SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk); /* ** Decode a DER encoded subject public key info into a @@ -208,7 +198,7 @@ KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey); /* * Creates a PublicKey from its DER encoding. - * Currently only supports RSA and DSA keys. + * Currently only supports RSA, DSA, and DH keys. */ SECKEYPublicKey* SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type); diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index f63d1506..16d2a499 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1213,18 +1213,13 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk) return NULL; } -CERTSubjectPublicKeyInfo * -SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk) +static CERTSubjectPublicKeyInfo * +seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk) { CERTSubjectPublicKeyInfo *spki; PLArenaPool *arena; SECItem params = { siBuffer, NULL, 0 }; - if (!pubk) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); @@ -1332,6 +1327,26 @@ SECKEY_CreateSubjectPublicKeyInfo(SECKEYPublicKey *pubk) return NULL; } +CERTSubjectPublicKeyInfo * +SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *pubk) +{ + CERTSubjectPublicKeyInfo *spki; + SECKEYPublicKey *tempKey; + + if (!pubk) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + + tempKey = SECKEY_CopyPublicKey(pubk); + if (!tempKey) { + return NULL; + } + spki = seckey_CreateSubjectPublicKeyInfo_helper(tempKey); + SECKEY_DestroyPublicKey(tempKey); + return spki; +} + void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki) { @@ -1340,70 +1355,8 @@ SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki) } } -/* - * this only works for RSA keys... need to do something - * similiar to CERT_ExtractPublicKey for other key times. - */ -SECKEYPublicKey * -SECKEY_DecodeDERPublicKey(const SECItem *pubkder) -{ - PLArenaPool *arena; - SECKEYPublicKey *pubk; - SECStatus rv; - SECItem newPubkder; - - arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - PORT_SetError (SEC_ERROR_NO_MEMORY); - return NULL; - } - - pubk = (SECKEYPublicKey *) PORT_ArenaZAlloc (arena, sizeof (SECKEYPublicKey)); - if (pubk != NULL) { - pubk->arena = arena; - pubk->pkcs11Slot = NULL; - pubk->pkcs11ID = 0; - prepare_rsa_pub_key_for_asn1(pubk); - /* copy the DER into the arena, since Quick DER returns data that points - into the DER input, which may get freed by the caller */ - rv = SECITEM_CopyItem(arena, &newPubkder, pubkder); - if ( rv == SECSuccess ) { - rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, - &newPubkder); - } - if (rv == SECSuccess) - return pubk; - SECKEY_DestroyPublicKey (pubk); - } else { - PORT_SetError (SEC_ERROR_NO_MEMORY); - } - - PORT_FreeArena (arena, PR_FALSE); - return NULL; -} - -/* - * Decode a base64 ascii encoded DER encoded public key. - */ -SECKEYPublicKey * -SECKEY_ConvertAndDecodePublicKey(const char *pubkstr) -{ - SECKEYPublicKey *pubk; - SECStatus rv; - SECItem der; - - rv = ATOB_ConvertAsciiToItem (&der, pubkstr); - if (rv != SECSuccess) - return NULL; - - pubk = SECKEY_DecodeDERPublicKey (&der); - - PORT_Free (der.data); - return pubk; -} - SECItem * -SECKEY_EncodeDERSubjectPublicKeyInfo(SECKEYPublicKey *pubk) +SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk) { CERTSubjectPublicKeyInfo *spki=NULL; SECItem *spkiDER=NULL; @@ -1757,7 +1710,7 @@ SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type) finish: if (rv != SECSuccess) { if (arena != NULL) { - PORT_FreeArena(arena, PR_TRUE); + PORT_FreeArena(arena, PR_FALSE); } pubk = NULL; } diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h index e3b9ccd8..f2044846 100644 --- a/security/nss/lib/dbm/include/mcom_db.h +++ b/security/nss/lib/dbm/include/mcom_db.h @@ -45,7 +45,11 @@ typedef PRUintn uint; #endif typedef PRUint8 uint8; typedef PRUint16 uint16; +/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h) + * defines the types int8, int16, int32, and int64. */ +#if !defined(AIX) typedef PRInt32 int32; +#endif typedef PRUint32 uint32; #include diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 0d293f14..2a51501b 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -95,7 +95,7 @@ endif # NSS_X86_OR_X64 means the target is either x86 or x64 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH))) DEFINES += -DNSS_X86_OR_X64 -ifdef USE_64 +ifneq (,$(USE_64)$(USE_X32)) DEFINES += -DNSS_X64 else DEFINES += -DNSS_X86 @@ -135,6 +135,13 @@ else ifdef BUILD_OPT OPTIMIZER += -Ox # maximum optimization for freebl endif + # The Intel AES assembly code requires Visual C++ 2010. + # if $(_MSC_VER) >= 1600 (Visual C++ 2010) + ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + endif endif else # -DMP_NO_MP_WORD @@ -150,6 +157,13 @@ else ASFILES = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA + # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv + # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1. + ifeq ($(_MSC_VER_GE_10SP1),1) + DEFINES += -DUSE_HW_AES -DINTEL_GCM + ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm + EXTRA_SRCS += intel-gcm-wrap.c + endif MPI_SRCS += mpi_amd64.c endif endif @@ -180,13 +194,13 @@ endif # Darwin ifeq ($(OS_TARGET),Linux) ifeq ($(CPU_ARCH),x86_64) ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s - ASFLAGS += -m64 -fPIC -Wa,--noexecstack + ASFLAGS += -fPIC -Wa,--noexecstack DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # DEFINES += -DMPI_AMD64_ADD - # comment the next two lines to turn off intel HW accelleration - DEFINES += -DUSE_HW_AES + # comment the next four lines to turn off Intel HW acceleration. + DEFINES += -DUSE_HW_AES -DINTEL_GCM ASFILES += intel-aes.s intel-gcm.s EXTRA_SRCS += intel-gcm-wrap.c INTEL_GCM = 1 @@ -195,7 +209,7 @@ endif ifeq ($(CPU_ARCH),x86) ASFILES = mpi_x86.s DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE - DEFINES += -DMP_ASSEMBLY_DIV_2DX1D + DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN # The floating point ECC code doesn't work on Linux x86 (bug 311432). #ECL_USE_FP = 1 @@ -419,6 +433,11 @@ else ASFILES = arcfour-amd64-gas.s mpi_amd64_gas.s ASFLAGS += -march=opteron -m64 -fPIC MPI_SRCS += mp_comba.c + # comment the next four lines to turn off Intel HW acceleration + ASFILES += intel-gcm.s + EXTRA_SRCS += intel-gcm-wrap.c + INTEL_GCM = 1 + DEFINES += -DINTEL_GCM else ASFILES = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s @@ -426,14 +445,13 @@ else SOL_CFLAGS += -xprefetch=no SHA_SRCS = MPCPU_SRCS = + # Intel acceleration for GCM does not build currently with Studio endif DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN - # comment the next two lines to turn off intel HW accelleration + # comment the next two lines to turn off Intel HW acceleration DEFINES += -DUSE_HW_AES - ASFILES += intel-aes.s intel-gcm.s - EXTRA_SRCS += intel-gcm-wrap.c - INTEL_GCM = 1 + ASFILES += intel-aes.s MPI_SRCS += mpi_amd64.c else # Solaris x86 @@ -449,14 +467,14 @@ else endif # Solaris for non-sparc family CPUs endif # target == SunOS -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ifdef ECL_USE_FP #enable floating point ECC code DEFINES += -DECL_USE_FP ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c ECL_HDRS += ecp_fp.h endif -endif # NSS_ENABLE_ECC +endif ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c index 16804f52..c1c95b35 100644 --- a/security/nss/lib/freebl/aeskeywrap.c +++ b/security/nss/lib/freebl/aeskeywrap.c @@ -369,6 +369,7 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, if (pOutputLen) *pOutputLen = outLen; } else { + s = SECFailure; PORT_SetError(SEC_ERROR_BAD_DATA); if (pOutputLen) *pOutputLen = 0; diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c index d89684c0..abc9857e 100644 --- a/security/nss/lib/freebl/arcfour.c +++ b/security/nss/lib/freebl/arcfour.c @@ -30,7 +30,7 @@ #define USE_WORD #endif -#if (defined(IS_64)) +#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR) typedef PRUint64 WORD; #else typedef PRUint32 WORD; diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 0f501309..2e88d769 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * blapi.h - public prototypes for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -1576,6 +1576,18 @@ extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType); extern void BL_SetForkState(PRBool forked); +#ifndef NSS_DISABLE_ECC +/* +** pepare an ECParam structure from DEREncoded params + */ +extern SECStatus EC_FillParams(PLArenaPool *arena, + const SECItem *encodedParams, ECParams *params); +extern SECStatus EC_DecodeParams(const SECItem *encodedParams, + ECParams **ecparams); +extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams); +#endif + SEC_END_PROTOS #endif /* _BLAPI_H_ */ diff --git a/security/nss/lib/freebl/blapii.h b/security/nss/lib/freebl/blapii.h index 3ba7b7c2..4840fc79 100644 --- a/security/nss/lib/freebl/blapii.h +++ b/security/nss/lib/freebl/blapii.h @@ -1,5 +1,5 @@ /* - * blapii.h - private data structures and prototypes for the crypto library + * blapii.h - private data structures and prototypes for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index b533743b..8e172d42 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -1,5 +1,5 @@ /* - * blapit.h - public data structures for the crypto library + * blapit.h - public data structures for the freebl library * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c index 3a2f1a6b..1cbf30c2 100644 --- a/security/nss/lib/freebl/ctr.c +++ b/security/nss/lib/freebl/ctr.c @@ -12,6 +12,11 @@ #include "pkcs11t.h" #include "secerr.h" +#ifdef USE_HW_AES +#include "intel-aes.h" +#include "rijndael.h" +#endif + SECStatus CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher, const unsigned char *param, unsigned int blocksize) @@ -77,7 +82,7 @@ CTR_DestroyContext(CTRContext *ctr, PRBool freeit) */ static void ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, - unsigned int blocksize) + unsigned int blocksize) { unsigned char *counterPtr = counter + blocksize - 1; unsigned char mask, count; @@ -101,7 +106,7 @@ ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits, static void ctr_xor(unsigned char *target, const unsigned char *x, - const unsigned char *y, unsigned int count) + const unsigned char *y, unsigned int count) { unsigned int i; for (i=0; i < count; i++) { @@ -111,9 +116,9 @@ ctr_xor(unsigned char *target, const unsigned char *x, SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf, - unsigned int *outlen, unsigned int maxout, - const unsigned char *inbuf, unsigned int inlen, - unsigned int blocksize) + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) { unsigned int tmp; SECStatus rv; @@ -126,7 +131,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, *outlen = 0; if (ctr->bufPtr != blocksize) { unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); - ctr_xor(outbuf, inbuf, ctr->buffer+ctr->bufPtr, needed); + ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); ctr->bufPtr += needed; outbuf += needed; inbuf += needed; @@ -137,7 +142,7 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, } PORT_Assert(ctr->bufPtr == blocksize); } - + while (inlen >= blocksize) { rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); @@ -165,3 +170,60 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, *outlen += inlen; return SECSuccess; } + +#if defined(USE_HW_AES) && defined(_MSC_VER) +SECStatus +CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) +{ + unsigned int fullblocks; + unsigned int tmp; + SECStatus rv; + + if (maxout < inlen) { + *outlen = inlen; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + *outlen = 0; + if (ctr->bufPtr != blocksize) { + unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen); + ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed); + ctr->bufPtr += needed; + outbuf += needed; + inbuf += needed; + *outlen += needed; + inlen -= needed; + if (inlen == 0) { + return SECSuccess; + } + PORT_Assert(ctr->bufPtr == blocksize); + } + + intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)( + ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize); + /* XXX intel_aes_ctr_worker should set *outlen. */ + PORT_Assert(*outlen == 0); + fullblocks = (inlen/blocksize)*blocksize; + *outlen += fullblocks; + outbuf += fullblocks; + inbuf += fullblocks; + inlen -= fullblocks; + + if (inlen == 0) { + return SECSuccess; + } + rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, + ctr->counter, blocksize, blocksize); + ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (rv != SECSuccess) { + return SECFailure; + } + ctr_xor(outbuf, inbuf, ctr->buffer, inlen); + ctr->bufPtr = inlen; + *outlen += inlen; + return SECSuccess; +} +#endif diff --git a/security/nss/lib/freebl/ctr.h b/security/nss/lib/freebl/ctr.h index 69ef150b..e7645a22 100644 --- a/security/nss/lib/freebl/ctr.h +++ b/security/nss/lib/freebl/ctr.h @@ -41,4 +41,11 @@ SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf, const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); +#ifdef USE_HW_AES +SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf, + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize); +#endif + #endif diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index a8c7832d..ca53c1ae 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -16,7 +16,7 @@ #include "ec.h" #include "ecl.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * Returns true if pointP is the point at infinity, false otherwise @@ -192,7 +192,7 @@ cleanup: return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a supplied * value and the public key is the result of performing a scalar @@ -203,7 +203,7 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *privKeyBytes, int privKeyLen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PLArenaPool *arena; ECPrivateKey *key; mp_int k; @@ -301,7 +301,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; @@ -317,15 +317,15 @@ EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char *seed, int seedlen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC rv = ec_NewKey(ecParams, privKey, seed, seedlen); #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Generate a random private key using the algorithm A.4.1 of ANSI X9.62, * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the * random number generator. @@ -381,7 +381,7 @@ cleanup: } return privKeyBytes; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication @@ -391,7 +391,7 @@ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *privKeyBytes = NULL; @@ -416,7 +416,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -430,7 +430,7 @@ cleanup: SECStatus EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue) { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int Px, Py; ECGroup *group = NULL; SECStatus rv = SECFailure; @@ -506,7 +506,7 @@ cleanup: #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); return SECFailure; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } /* @@ -527,7 +527,7 @@ ECDH_Derive(SECItem *publicValue, SECItem *derivedSecret) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC unsigned int len = 0; SECItem pointQ = {siBuffer, NULL, 0}; mp_int k; /* to hold the private value */ @@ -596,7 +596,7 @@ cleanup: } #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -610,7 +610,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, const SECItem *digest, const unsigned char *kb, const int kblen) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int x1; mp_int d, k; /* private key, random integer */ mp_int r, s; /* tuple (r, s) is the signature */ @@ -822,7 +822,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -835,7 +835,7 @@ SECStatus ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC int len; unsigned char *kBytes= NULL; @@ -863,7 +863,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } @@ -876,7 +876,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, const SECItem *digest) { SECStatus rv = SECFailure; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC mp_int r_, s_; /* tuple (r', s') is received signature) */ mp_int c, u1, u2, v; /* intermediate values used in verification */ mp_int x1; @@ -1073,7 +1073,7 @@ cleanup: #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ return rv; } diff --git a/security/nss/lib/softoken/ecdecode.c b/security/nss/lib/freebl/ecdecode.c similarity index 99% rename from security/nss/lib/softoken/ecdecode.c rename to security/nss/lib/freebl/ecdecode.c index b04d0228..3c0294d4 100644 --- a/security/nss/lib/softoken/ecdecode.c +++ b/security/nss/lib/freebl/ecdecode.c @@ -2,7 +2,11 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC + +#ifdef FREEBL_NO_DEPEND +#include "stubs.h" +#endif #include "blapi.h" #include "secoid.h" @@ -603,4 +607,4 @@ EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams) } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/freebl/intel-aes-x64-masm.asm b/security/nss/lib/freebl/intel-aes-x64-masm.asm new file mode 100644 index 00000000..ef5c76ba --- /dev/null +++ b/security/nss/lib/freebl/intel-aes-x64-masm.asm @@ -0,0 +1,971 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias@intel.com + + +.DATA +ALIGN 16 +Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh +Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h +Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh +Lcon1 dd 1,1,1,1 +Lcon2 dd 1bh,1bh,1bh,1bh + +.CODE + +ctx textequ +output textequ +input textequ +inputLen textequ + + +aes_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesenc xmm0, xmm8 + aesenc xmm1, xmm8 + aesenc xmm2, xmm8 + aesenc xmm3, xmm8 + aesenc xmm4, xmm8 + aesenc xmm5, xmm8 + aesenc xmm6, xmm8 + aesenc xmm7, xmm8 + ENDM + +aes_last_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesenclast xmm0, xmm8 + aesenclast xmm1, xmm8 + aesenclast xmm2, xmm8 + aesenclast xmm3, xmm8 + aesenclast xmm4, xmm8 + aesenclast xmm5, xmm8 + aesenclast xmm6, xmm8 + aesenclast xmm7, xmm8 + ENDM + +aes_dec_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesdec xmm0, xmm8 + aesdec xmm1, xmm8 + aesdec xmm2, xmm8 + aesdec xmm3, xmm8 + aesdec xmm4, xmm8 + aesdec xmm5, xmm8 + aesdec xmm6, xmm8 + aesdec xmm7, xmm8 + ENDM + +aes_dec_last_rnd MACRO i + movdqu xmm8, [i*16 + ctx] + aesdeclast xmm0, xmm8 + aesdeclast xmm1, xmm8 + aesdeclast xmm2, xmm8 + aesdeclast xmm3, xmm8 + aesdeclast xmm4, xmm8 + aesdeclast xmm5, xmm8 + aesdeclast xmm6, xmm8 + aesdeclast xmm7, xmm8 + ENDM + + +gen_aes_ecb_func MACRO enc, rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL bail + + xor inputLen, inputLen + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + +loop8: + cmp inputLen, 8*16 + jb loop1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + movdqu xmm7, [7*16 + input] + + movdqu xmm8, [0*16 + ctx] + pxor xmm0, xmm8 + pxor xmm1, xmm8 + pxor xmm2, xmm8 + pxor xmm3, xmm8 + pxor xmm4, xmm8 + pxor xmm5, xmm8 + pxor xmm6, xmm8 + pxor xmm7, xmm8 + +IF enc eq 1 + rnd textequ + lastrnd textequ + aesinst textequ + aeslastinst textequ +ELSE + rnd textequ + lastrnd textequ + aesinst textequ + aeslastinst textequ +ENDIF + + i = 1 + WHILE i LT rnds + rnd i + i = i+1 + ENDM + lastrnd rnds + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesinst xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aeslastinst xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret +ENDM + +intel_aes_encrypt_ecb_128 PROC +gen_aes_ecb_func 1, 10 +intel_aes_encrypt_ecb_128 ENDP + +intel_aes_encrypt_ecb_192 PROC +gen_aes_ecb_func 1, 12 +intel_aes_encrypt_ecb_192 ENDP + +intel_aes_encrypt_ecb_256 PROC +gen_aes_ecb_func 1, 14 +intel_aes_encrypt_ecb_256 ENDP + +intel_aes_decrypt_ecb_128 PROC +gen_aes_ecb_func 0, 10 +intel_aes_decrypt_ecb_128 ENDP + +intel_aes_decrypt_ecb_192 PROC +gen_aes_ecb_func 0, 12 +intel_aes_decrypt_ecb_192 ENDP + +intel_aes_decrypt_ecb_256 PROC +gen_aes_ecb_func 0, 14 +intel_aes_decrypt_ecb_256 ENDP + + +KEY textequ +KS textequ +ITR textequ + +intel_aes_encrypt_init_128 PROC + + movdqu xmm1, [KEY] + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + lea ITR, Lcon1 + movdqa xmm0, [ITR] + lea ITR, Lmask + movdqa xmm4, [ITR] + + mov ITR, 8 + +Lenc_128_ks_loop: + lea KS, [16 + KS] + dec ITR + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + jne Lenc_128_ks_loop + + lea ITR, Lcon2 + movdqa xmm0, [ITR] + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [16 + KS], xmm1 + movdqa xmm2, xmm1 + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [32 + KS], xmm1 + movdqa xmm2, xmm1 + + ret +intel_aes_encrypt_init_128 ENDP + + +intel_aes_decrypt_init_128 PROC + + push KS + push KEY + + call intel_aes_encrypt_init_128 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [10*16 + KS] + movdqu [10*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 5 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(10-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(10-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [5*16 + KS] + aesimc xmm0, xmm0 + movdqu [5*16 + KS], xmm0 + ret +intel_aes_decrypt_init_128 ENDP + + +intel_aes_encrypt_init_192 PROC + + sub rsp, 16*2 + movdqu [16*0 + rsp], xmm6 + movdqu [16*1 + rsp], xmm7 + + movdqu xmm1, [KEY] + mov ITR, [16 + KEY] + movd xmm3, ITR + + movdqu [KS], xmm1 + movdqa xmm5, xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask192 + movdqu xmm4, [ITR] + + mov ITR, 4 + +Lenc_192_ks_loop: + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqa xmm6, xmm1 + shufpd xmm5, xmm1, 00h + shufpd xmm6, xmm3, 01h + + movdqu [16 + KS], xmm5 + movdqu [32 + KS], xmm6 + + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqu [48 + KS], xmm1 + movdqa xmm5, xmm3 + + lea KS, [48 + KS] + + dec ITR + jnz Lenc_192_ks_loop + + movdqu [16 + KS], xmm5 + + movdqu xmm7, [16*1 + rsp] + movdqu xmm6, [16*0 + rsp] + add rsp, 16*2 + ret +intel_aes_encrypt_init_192 ENDP + +intel_aes_decrypt_init_192 PROC + push KS + push KEY + + call intel_aes_encrypt_init_192 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [12*16 + KS] + movdqu [12*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 6 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(12-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(12-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [6*16 + KS] + aesimc xmm0, xmm0 + movdqu [6*16 + KS], xmm0 + ret +intel_aes_decrypt_init_192 ENDP + + +intel_aes_encrypt_init_256 PROC + sub rsp, 16*2 + movdqu [16*0 + rsp], xmm6 + movdqu [16*1 + rsp], xmm7 + + movdqu xmm1, [16*0 + KEY] + movdqu xmm3, [16*1 + KEY] + + movdqu [16*0 + KS], xmm1 + movdqu [16*1 + KS], xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask256 + movdqu xmm5, [ITR] + + pxor xmm6, xmm6 + + mov ITR, 6 + +Lenc_256_ks_loop: + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + pshufd xmm2, xmm1, 0ffh + aesenclast xmm2, xmm6 + movdqa xmm4, xmm3 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pxor xmm3, xmm2 + movdqu [16*3 + KS], xmm3 + + lea KS, [32 + KS] + dec ITR + jnz Lenc_256_ks_loop + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + movdqu xmm7, [16*1 + rsp] + movdqu xmm6, [16*0 + rsp] + add rsp, 16*2 + ret + +intel_aes_encrypt_init_256 ENDP + + +intel_aes_decrypt_init_256 PROC + push KS + push KEY + + call intel_aes_encrypt_init_256 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [14*16 + KS] + movdqu [14*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 7 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(14-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(14-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [7*16 + KS] + aesimc xmm0, xmm0 + movdqu [7*16 + KS], xmm0 + ret +intel_aes_decrypt_init_256 ENDP + + + +gen_aes_cbc_enc_func MACRO rnds + +LOCAL loop1 +LOCAL bail + + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + + movdqu xmm0, [-32+ctx] + + movdqu xmm2, [0*16 + ctx] + movdqu xmm3, [1*16 + ctx] + movdqu xmm4, [2*16 + ctx] + movdqu xmm5, [3*16 + ctx] + movdqu xmm6, [4*16 + ctx] + movdqu xmm7, [5*16 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm1, [input] + pxor xmm1, xmm2 + pxor xmm0, xmm1 + + aesenc xmm0, xmm3 + aesenc xmm0, xmm4 + aesenc xmm0, xmm5 + aesenc xmm0, xmm6 + aesenc xmm0, xmm7 + + i = 6 + WHILE i LT rnds + movdqu xmm8, [i*16 + ctx] + aesenc xmm0, xmm8 + i = i+1 + ENDM + movdqu xmm8, [rnds*16 + ctx] + aesenclast xmm0, xmm8 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32+ctx], xmm0 + + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret + +ENDM + +gen_aes_cbc_dec_func MACRO rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL dec1 +LOCAL bail + + mov input, [rsp + 1*8 + 8*4] + mov inputLen, [rsp + 1*8 + 8*5] + + sub rsp, 3*16 + + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + lea ctx, [48+ctx] + +loop8: + cmp inputLen, 8*16 + jb dec1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + movdqu xmm7, [7*16 + input] + + movdqu xmm8, [0*16 + ctx] + pxor xmm0, xmm8 + pxor xmm1, xmm8 + pxor xmm2, xmm8 + pxor xmm3, xmm8 + pxor xmm4, xmm8 + pxor xmm5, xmm8 + pxor xmm6, xmm8 + pxor xmm7, xmm8 + + i = 1 + WHILE i LT rnds + aes_dec_rnd i + i = i+1 + ENDM + aes_dec_last_rnd rnds + + movdqu xmm8, [-32 + ctx] + pxor xmm0, xmm8 + movdqu xmm8, [0*16 + input] + pxor xmm1, xmm8 + movdqu xmm8, [1*16 + input] + pxor xmm2, xmm8 + movdqu xmm8, [2*16 + input] + pxor xmm3, xmm8 + movdqu xmm8, [3*16 + input] + pxor xmm4, xmm8 + movdqu xmm8, [4*16 + input] + pxor xmm5, xmm8 + movdqu xmm8, [5*16 + input] + pxor xmm6, xmm8 + movdqu xmm8, [6*16 + input] + pxor xmm7, xmm8 + movdqu xmm8, [7*16 + input] + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + movdqu [-32 + ctx], xmm8 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 +dec1: + + movdqu xmm3, [-32 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqa xmm4, xmm0 + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesdeclast xmm0, xmm7 + pxor xmm3, xmm0 + + movdqu [output], xmm3 + movdqa xmm3, xmm4 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32 + ctx], xmm3 + xor rax, rax + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + ret +ENDM + +intel_aes_encrypt_cbc_128 PROC +gen_aes_cbc_enc_func 10 +intel_aes_encrypt_cbc_128 ENDP + +intel_aes_encrypt_cbc_192 PROC +gen_aes_cbc_enc_func 12 +intel_aes_encrypt_cbc_192 ENDP + +intel_aes_encrypt_cbc_256 PROC +gen_aes_cbc_enc_func 14 +intel_aes_encrypt_cbc_256 ENDP + +intel_aes_decrypt_cbc_128 PROC +gen_aes_cbc_dec_func 10 +intel_aes_decrypt_cbc_128 ENDP + +intel_aes_decrypt_cbc_192 PROC +gen_aes_cbc_dec_func 12 +intel_aes_decrypt_cbc_192 ENDP + +intel_aes_decrypt_cbc_256 PROC +gen_aes_cbc_dec_func 14 +intel_aes_decrypt_cbc_256 ENDP + + + +ctrCtx textequ +CTR textequ +CTRSave textequ + +gen_aes_ctr_func MACRO rnds + +LOCAL loop8 +LOCAL loop1 +LOCAL enc1 +LOCAL bail + + mov input, [rsp + 8*1 + 4*8] + mov inputLen, [rsp + 8*1 + 5*8] + + mov ctrCtx, ctx + mov ctx, [8+ctrCtx] + lea ctx, [48+ctx] + + sub rsp, 3*16 + movdqu [rsp + 0*16], xmm6 + movdqu [rsp + 1*16], xmm7 + movdqu [rsp + 2*16], xmm8 + + + push rbp + mov rbp, rsp + sub rsp, 8*16 + and rsp, -16 + + + movdqu xmm0, [16+ctrCtx] + mov CTRSave, DWORD PTR [ctrCtx + 16 + 3*4] + bswap CTRSave + movdqu xmm1, [ctx + 0*16] + + pxor xmm0, xmm1 + + movdqa [rsp + 0*16], xmm0 + movdqa [rsp + 1*16], xmm0 + movdqa [rsp + 2*16], xmm0 + movdqa [rsp + 3*16], xmm0 + movdqa [rsp + 4*16], xmm0 + movdqa [rsp + 5*16], xmm0 + movdqa [rsp + 6*16], xmm0 + movdqa [rsp + 7*16], xmm0 + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 1*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 2*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 3*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 4*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 5*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 6*16 + 3*4], CTR + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + 7*16 + 3*4], CTR + + +loop8: + cmp inputLen, 8*16 + jb loop1 + + movdqu xmm0, [0*16 + rsp] + movdqu xmm1, [1*16 + rsp] + movdqu xmm2, [2*16 + rsp] + movdqu xmm3, [3*16 + rsp] + movdqu xmm4, [4*16 + rsp] + movdqu xmm5, [5*16 + rsp] + movdqu xmm6, [6*16 + rsp] + movdqu xmm7, [7*16 + rsp] + + i = 1 + WHILE i LE 8 + aes_rnd i + + inc CTRSave + mov CTR, CTRSave + bswap CTR + xor CTR, DWORD PTR [ctx + 3*4] + mov DWORD PTR [rsp + (i-1)*16 + 3*4], CTR + + i = i+1 + ENDM + WHILE i LT rnds + aes_rnd i + i = i+1 + ENDM + aes_last_rnd rnds + + movdqu xmm8, [0*16 + input] + pxor xmm0, xmm8 + movdqu xmm8, [1*16 + input] + pxor xmm1, xmm8 + movdqu xmm8, [2*16 + input] + pxor xmm2, xmm8 + movdqu xmm8, [3*16 + input] + pxor xmm3, xmm8 + movdqu xmm8, [4*16 + input] + pxor xmm4, xmm8 + movdqu xmm8, [5*16 + input] + pxor xmm5, xmm8 + movdqu xmm8, [6*16 + input] + pxor xmm6, xmm8 + movdqu xmm8, [7*16 + input] + pxor xmm7, xmm8 + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [7*16 + output], xmm7 + + lea input, [8*16 + input] + lea output, [8*16 + output] + sub inputLen, 8*16 + jmp loop8 + + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [rsp] + add rsp, 16 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu xmm7, [input] + pxor xmm0, xmm7 + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + + movdqu xmm0, [rsp] + movdqu xmm1, [ctx + 0*16] + pxor xmm0, xmm1 + movdqu [16+ctrCtx], xmm0 + + + xor rax, rax + mov rsp, rbp + pop rbp + + movdqu xmm6, [rsp + 0*16] + movdqu xmm7, [rsp + 1*16] + movdqu xmm8, [rsp + 2*16] + add rsp, 3*16 + + ret +ENDM + + +intel_aes_encrypt_ctr_128 PROC +gen_aes_ctr_func 10 +intel_aes_encrypt_ctr_128 ENDP + +intel_aes_encrypt_ctr_192 PROC +gen_aes_ctr_func 12 +intel_aes_encrypt_ctr_192 ENDP + +intel_aes_encrypt_ctr_256 PROC +gen_aes_ctr_func 14 +intel_aes_encrypt_ctr_256 ENDP + + +END diff --git a/security/nss/lib/freebl/intel-aes-x86-masm.asm b/security/nss/lib/freebl/intel-aes-x86-masm.asm new file mode 100644 index 00000000..7d805e76 --- /dev/null +++ b/security/nss/lib/freebl/intel-aes-x86-masm.asm @@ -0,0 +1,949 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias@intel.com + + +.MODEL FLAT, C +.XMM + +.DATA +ALIGN 16 +Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh +Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h +Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh +Lcon1 dd 1,1,1,1 +Lcon2 dd 1bh,1bh,1bh,1bh + +.CODE + +ctx textequ +output textequ +input textequ +inputLen textequ + + +aes_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + aesenc xmm1, xmm7 + aesenc xmm2, xmm7 + aesenc xmm3, xmm7 + aesenc xmm4, xmm7 + aesenc xmm5, xmm7 + aesenc xmm6, xmm7 + ENDM + +aes_last_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesenclast xmm0, xmm7 + aesenclast xmm1, xmm7 + aesenclast xmm2, xmm7 + aesenclast xmm3, xmm7 + aesenclast xmm4, xmm7 + aesenclast xmm5, xmm7 + aesenclast xmm6, xmm7 + ENDM + +aes_dec_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + aesdec xmm1, xmm7 + aesdec xmm2, xmm7 + aesdec xmm3, xmm7 + aesdec xmm4, xmm7 + aesdec xmm5, xmm7 + aesdec xmm6, xmm7 + ENDM + +aes_dec_last_rnd MACRO i + movdqu xmm7, [i*16 + ctx] + aesdeclast xmm0, xmm7 + aesdeclast xmm1, xmm7 + aesdeclast xmm2, xmm7 + aesdeclast xmm3, xmm7 + aesdeclast xmm4, xmm7 + aesdeclast xmm5, xmm7 + aesdeclast xmm6, xmm7 + ENDM + + +gen_aes_ecb_func MACRO enc, rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + +loop7: + cmp inputLen, 7*16 + jb loop1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + pxor xmm1, xmm7 + pxor xmm2, xmm7 + pxor xmm3, xmm7 + pxor xmm4, xmm7 + pxor xmm5, xmm7 + pxor xmm6, xmm7 + +IF enc eq 1 + rnd textequ + lastrnd textequ + aesinst textequ + aeslastinst textequ +ELSE + rnd textequ + lastrnd textequ + aesinst textequ + aeslastinst textequ +ENDIF + + i = 1 + WHILE i LT rnds + rnd i + i = i+1 + ENDM + lastrnd rnds + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesinst xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aeslastinst xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + xor eax, eax + pop inputLen + ret + +ENDM + +ALIGN 16 +intel_aes_encrypt_ecb_128 PROC +gen_aes_ecb_func 1, 10 +intel_aes_encrypt_ecb_128 ENDP + +ALIGN 16 +intel_aes_encrypt_ecb_192 PROC +gen_aes_ecb_func 1, 12 +intel_aes_encrypt_ecb_192 ENDP + +ALIGN 16 +intel_aes_encrypt_ecb_256 PROC +gen_aes_ecb_func 1, 14 +intel_aes_encrypt_ecb_256 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_128 PROC +gen_aes_ecb_func 0, 10 +intel_aes_decrypt_ecb_128 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_192 PROC +gen_aes_ecb_func 0, 12 +intel_aes_decrypt_ecb_192 ENDP + +ALIGN 16 +intel_aes_decrypt_ecb_256 PROC +gen_aes_ecb_func 0, 14 +intel_aes_decrypt_ecb_256 ENDP + + +KEY textequ +KS textequ +ITR textequ + +ALIGN 16 +intel_aes_encrypt_init_128 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + + movdqu xmm1, [KEY] + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + lea ITR, Lcon1 + movdqa xmm0, [ITR] + lea ITR, Lmask + movdqa xmm4, [ITR] + + mov ITR, 8 + +Lenc_128_ks_loop: + lea KS, [16 + KS] + dec ITR + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [KS], xmm1 + movdqa xmm2, xmm1 + + jne Lenc_128_ks_loop + + lea ITR, Lcon2 + movdqa xmm0, [ITR] + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [16 + KS], xmm1 + movdqa xmm2, xmm1 + + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + movdqa xmm3, xmm1 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pslldq xmm3, 4 + pxor xmm1, xmm3 + pxor xmm1, xmm2 + movdqu [32 + KS], xmm1 + movdqa xmm2, xmm1 + + ret +intel_aes_encrypt_init_128 ENDP + + +ALIGN 16 +intel_aes_decrypt_init_128 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_128 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [10*16 + KS] + movdqu [10*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 5 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(10-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(10-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [5*16 + KS] + aesimc xmm0, xmm0 + movdqu [5*16 + KS], xmm0 + ret +intel_aes_decrypt_init_128 ENDP + + +ALIGN 16 +intel_aes_encrypt_init_192 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + pxor xmm3, xmm3 + movdqu xmm1, [KEY] + pinsrd xmm3, DWORD PTR [16 + KEY], 0 + pinsrd xmm3, DWORD PTR [20 + KEY], 1 + + movdqu [KS], xmm1 + movdqa xmm5, xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask192 + movdqu xmm4, [ITR] + + mov ITR, 4 + +Lenc_192_ks_loop: + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqa xmm6, xmm1 + shufpd xmm5, xmm1, 00h + shufpd xmm6, xmm3, 01h + + movdqu [16 + KS], xmm5 + movdqu [32 + KS], xmm6 + + movdqa xmm2, xmm3 + pshufb xmm2, xmm4 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + + movdqa xmm6, xmm1 + movdqa xmm7, xmm3 + pslldq xmm6, 4 + pslldq xmm7, 4 + pxor xmm1, xmm6 + pxor xmm3, xmm7 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pslldq xmm6, 4 + pxor xmm1, xmm6 + pxor xmm1, xmm2 + pshufd xmm2, xmm1, 0ffh + pxor xmm3, xmm2 + + movdqu [48 + KS], xmm1 + movdqa xmm5, xmm3 + + lea KS, [48 + KS] + + dec ITR + jnz Lenc_192_ks_loop + + movdqu [16 + KS], xmm5 +ret +intel_aes_encrypt_init_192 ENDP + +ALIGN 16 +intel_aes_decrypt_init_192 PROC + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_192 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [12*16 + KS] + movdqu [12*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 6 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(12-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(12-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [6*16 + KS] + aesimc xmm0, xmm0 + movdqu [6*16 + KS], xmm0 + ret +intel_aes_decrypt_init_192 ENDP + +ALIGN 16 +intel_aes_encrypt_init_256 PROC + + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + movdqu xmm1, [16*0 + KEY] + movdqu xmm3, [16*1 + KEY] + + movdqu [16*0 + KS], xmm1 + movdqu [16*1 + KS], xmm3 + + lea ITR, Lcon1 + movdqu xmm0, [ITR] + lea ITR, Lmask256 + movdqu xmm5, [ITR] + + pxor xmm6, xmm6 + + mov ITR, 6 + +Lenc_256_ks_loop: + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + pslld xmm0, 1 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + pshufd xmm2, xmm1, 0ffh + aesenclast xmm2, xmm6 + movdqa xmm4, xmm3 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pslldq xmm4, 4 + pxor xmm3, xmm4 + pxor xmm3, xmm2 + movdqu [16*3 + KS], xmm3 + + lea KS, [32 + KS] + dec ITR + jnz Lenc_256_ks_loop + + movdqa xmm2, xmm3 + pshufb xmm2, xmm5 + aesenclast xmm2, xmm0 + movdqa xmm4, xmm1 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pslldq xmm4, 4 + pxor xmm1, xmm4 + pxor xmm1, xmm2 + movdqu [16*2 + KS], xmm1 + + ret +intel_aes_encrypt_init_256 ENDP + +ALIGN 16 +intel_aes_decrypt_init_256 PROC + mov KEY, [esp + 1*4 + 0*4] + mov KS, [esp + 1*4 + 1*4] + + push KS + push KEY + + call intel_aes_encrypt_init_256 + + pop KEY + pop KS + + movdqu xmm0, [0*16 + KS] + movdqu xmm1, [14*16 + KS] + movdqu [14*16 + KS], xmm0 + movdqu [0*16 + KS], xmm1 + + i = 1 + WHILE i LT 7 + movdqu xmm0, [i*16 + KS] + movdqu xmm1, [(14-i)*16 + KS] + + aesimc xmm0, xmm0 + aesimc xmm1, xmm1 + + movdqu [(14-i)*16 + KS], xmm0 + movdqu [i*16 + KS], xmm1 + + i = i+1 + ENDM + + movdqu xmm0, [7*16 + KS] + aesimc xmm0, xmm0 + movdqu [7*16 + KS], xmm0 + ret +intel_aes_decrypt_init_256 ENDP + + + +gen_aes_cbc_enc_func MACRO rnds + +LOCAL loop1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + + movdqu xmm0, [-32+ctx] + + movdqu xmm2, [0*16 + ctx] + movdqu xmm3, [1*16 + ctx] + movdqu xmm4, [2*16 + ctx] + movdqu xmm5, [3*16 + ctx] + movdqu xmm6, [4*16 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm1, [input] + pxor xmm1, xmm2 + pxor xmm0, xmm1 + + aesenc xmm0, xmm3 + aesenc xmm0, xmm4 + aesenc xmm0, xmm5 + aesenc xmm0, xmm6 + + i = 5 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32+ctx], xmm0 + + xor eax, eax + pop inputLen + ret + +ENDM + +gen_aes_cbc_dec_func MACRO rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL dec1 +LOCAL bail + + push inputLen + + mov ctx, [esp + 2*4 + 0*4] + mov output, [esp + 2*4 + 1*4] + mov input, [esp + 2*4 + 4*4] + mov inputLen, [esp + 2*4 + 5*4] + + lea ctx, [44+ctx] + +loop7: + cmp inputLen, 7*16 + jb dec1 + + movdqu xmm0, [0*16 + input] + movdqu xmm1, [1*16 + input] + movdqu xmm2, [2*16 + input] + movdqu xmm3, [3*16 + input] + movdqu xmm4, [4*16 + input] + movdqu xmm5, [5*16 + input] + movdqu xmm6, [6*16 + input] + + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + pxor xmm1, xmm7 + pxor xmm2, xmm7 + pxor xmm3, xmm7 + pxor xmm4, xmm7 + pxor xmm5, xmm7 + pxor xmm6, xmm7 + + i = 1 + WHILE i LT rnds + aes_dec_rnd i + i = i+1 + ENDM + aes_dec_last_rnd rnds + + movdqu xmm7, [-32 + ctx] + pxor xmm0, xmm7 + movdqu xmm7, [0*16 + input] + pxor xmm1, xmm7 + movdqu xmm7, [1*16 + input] + pxor xmm2, xmm7 + movdqu xmm7, [2*16 + input] + pxor xmm3, xmm7 + movdqu xmm7, [3*16 + input] + pxor xmm4, xmm7 + movdqu xmm7, [4*16 + input] + pxor xmm5, xmm7 + movdqu xmm7, [5*16 + input] + pxor xmm6, xmm7 + movdqu xmm7, [6*16 + input] + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + movdqu [-32 + ctx], xmm7 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 +dec1: + + movdqu xmm3, [-32 + ctx] + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [input] + movdqa xmm4, xmm0 + movdqu xmm7, [0*16 + ctx] + pxor xmm0, xmm7 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesdec xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesdeclast xmm0, xmm7 + pxor xmm3, xmm0 + + movdqu [output], xmm3 + movdqa xmm3, xmm4 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + movdqu [-32 + ctx], xmm3 + xor eax, eax + pop inputLen + ret +ENDM + +ALIGN 16 +intel_aes_encrypt_cbc_128 PROC +gen_aes_cbc_enc_func 10 +intel_aes_encrypt_cbc_128 ENDP + +ALIGN 16 +intel_aes_encrypt_cbc_192 PROC +gen_aes_cbc_enc_func 12 +intel_aes_encrypt_cbc_192 ENDP + +ALIGN 16 +intel_aes_encrypt_cbc_256 PROC +gen_aes_cbc_enc_func 14 +intel_aes_encrypt_cbc_256 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_128 PROC +gen_aes_cbc_dec_func 10 +intel_aes_decrypt_cbc_128 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_192 PROC +gen_aes_cbc_dec_func 12 +intel_aes_decrypt_cbc_192 ENDP + +ALIGN 16 +intel_aes_decrypt_cbc_256 PROC +gen_aes_cbc_dec_func 14 +intel_aes_decrypt_cbc_256 ENDP + + + +ctrCtx textequ +CTR textequ + +gen_aes_ctr_func MACRO rnds + +LOCAL loop7 +LOCAL loop1 +LOCAL enc1 +LOCAL bail + + push inputLen + push ctrCtx + push CTR + push ebp + + mov ctrCtx, [esp + 4*5 + 0*4] + mov output, [esp + 4*5 + 1*4] + mov input, [esp + 4*5 + 4*4] + mov inputLen, [esp + 4*5 + 5*4] + + mov ctx, [4+ctrCtx] + lea ctx, [44+ctx] + + mov ebp, esp + sub esp, 7*16 + and esp, -16 + + movdqu xmm0, [8+ctrCtx] + mov ctrCtx, [ctrCtx + 8 + 3*4] + bswap ctrCtx + movdqu xmm1, [ctx + 0*16] + + pxor xmm0, xmm1 + + movdqa [esp + 0*16], xmm0 + movdqa [esp + 1*16], xmm0 + movdqa [esp + 2*16], xmm0 + movdqa [esp + 3*16], xmm0 + movdqa [esp + 4*16], xmm0 + movdqa [esp + 5*16], xmm0 + movdqa [esp + 6*16], xmm0 + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 1*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 2*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 3*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 4*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 5*16 + 3*4], CTR + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + 6*16 + 3*4], CTR + + +loop7: + cmp inputLen, 7*16 + jb loop1 + + movdqu xmm0, [0*16 + esp] + movdqu xmm1, [1*16 + esp] + movdqu xmm2, [2*16 + esp] + movdqu xmm3, [3*16 + esp] + movdqu xmm4, [4*16 + esp] + movdqu xmm5, [5*16 + esp] + movdqu xmm6, [6*16 + esp] + + i = 1 + WHILE i LE 7 + aes_rnd i + + inc ctrCtx + mov CTR, ctrCtx + bswap CTR + xor CTR, [ctx + 3*4] + mov [esp + (i-1)*16 + 3*4], CTR + + i = i+1 + ENDM + WHILE i LT rnds + aes_rnd i + i = i+1 + ENDM + aes_last_rnd rnds + + movdqu xmm7, [0*16 + input] + pxor xmm0, xmm7 + movdqu xmm7, [1*16 + input] + pxor xmm1, xmm7 + movdqu xmm7, [2*16 + input] + pxor xmm2, xmm7 + movdqu xmm7, [3*16 + input] + pxor xmm3, xmm7 + movdqu xmm7, [4*16 + input] + pxor xmm4, xmm7 + movdqu xmm7, [5*16 + input] + pxor xmm5, xmm7 + movdqu xmm7, [6*16 + input] + pxor xmm6, xmm7 + + movdqu [0*16 + output], xmm0 + movdqu [1*16 + output], xmm1 + movdqu [2*16 + output], xmm2 + movdqu [3*16 + output], xmm3 + movdqu [4*16 + output], xmm4 + movdqu [5*16 + output], xmm5 + movdqu [6*16 + output], xmm6 + + lea input, [7*16 + input] + lea output, [7*16 + output] + sub inputLen, 7*16 + jmp loop7 + + +loop1: + cmp inputLen, 1*16 + jb bail + + movdqu xmm0, [esp] + add esp, 16 + + i = 1 + WHILE i LT rnds + movdqu xmm7, [i*16 + ctx] + aesenc xmm0, xmm7 + i = i+1 + ENDM + movdqu xmm7, [rnds*16 + ctx] + aesenclast xmm0, xmm7 + + movdqu xmm7, [input] + pxor xmm0, xmm7 + movdqu [output], xmm0 + + lea input, [1*16 + input] + lea output, [1*16 + output] + sub inputLen, 1*16 + jmp loop1 + +bail: + + mov ctrCtx, [ebp + 4*5 + 0*4] + movdqu xmm0, [esp] + movdqu xmm1, [ctx + 0*16] + pxor xmm0, xmm1 + movdqu [8+ctrCtx], xmm0 + + + xor eax, eax + mov esp, ebp + pop ebp + pop CTR + pop ctrCtx + pop inputLen + ret +ENDM + + +ALIGN 16 +intel_aes_encrypt_ctr_128 PROC +gen_aes_ctr_func 10 +intel_aes_encrypt_ctr_128 ENDP + +ALIGN 16 +intel_aes_encrypt_ctr_192 PROC +gen_aes_ctr_func 12 +intel_aes_encrypt_ctr_192 ENDP + +ALIGN 16 +intel_aes_encrypt_ctr_256 PROC +gen_aes_ctr_func 14 +intel_aes_encrypt_ctr_256 ENDP + + +END diff --git a/security/nss/lib/freebl/intel-aes.h b/security/nss/lib/freebl/intel-aes.h index 1e180072..3b71e5fa 100644 --- a/security/nss/lib/freebl/intel-aes.h +++ b/security/nss/lib/freebl/intel-aes.h @@ -33,6 +33,12 @@ SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, @@ -57,6 +63,12 @@ SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, @@ -81,6 +93,12 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output, const unsigned char *input, unsigned int inputLen, unsigned int blocksize); +SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen, + unsigned int blocksize); #define intel_aes_ecb_worker(encrypt, keysize) \ @@ -102,6 +120,11 @@ SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output, (keysize) == 24 ? intel_aes_decrypt_cbc_192 : \ intel_aes_decrypt_cbc_256)) +#define intel_aes_ctr_worker(nr) \ + ((nr) == 10 ? intel_aes_encrypt_ctr_128 : \ + (nr) == 12 ? intel_aes_encrypt_ctr_192 : \ + intel_aes_encrypt_ctr_256) + #define intel_aes_init(encrypt, keysize) \ do { \ diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c index b2f6f5e4..9b0a542d 100644 --- a/security/nss/lib/freebl/intel-gcm-wrap.c +++ b/security/nss/lib/freebl/intel-gcm-wrap.c @@ -3,7 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* Copyright(c) 2013, Intel Corp. */ -/* Wrapper funcions for Intel optimized implementation of AES-GCM */ +/* Wrapper functions for Intel optimized implementation of AES-GCM */ #ifdef USE_HW_AES @@ -24,12 +24,8 @@ #include "intel-gcm.h" #include "rijndael.h" -#if defined(__INTEL_COMPILER) -#include -#elif defined(__GNUC__) #include #include -#endif struct intel_AES_GCMContextStr{ @@ -43,21 +39,21 @@ struct intel_AES_GCMContextStr{ unsigned long Mlen; }; -intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, +intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher, - const unsigned char *params, + const unsigned char *params, unsigned int blocksize) { intel_AES_GCMContext *gcm = NULL; AESContext *aes = (AESContext*)context; const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params; unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */ - - int IV_whole_len = gcmParams->ulIvLen&(~0xf); - int IV_remainder_len = gcmParams->ulIvLen&0xf; - int AAD_whole_len = gcmParams->ulAADLen&(~0xf); - int AAD_remainder_len = gcmParams->ulAADLen&0xf; - + + unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful); + unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful; + unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful); + unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful; + __m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0); __m128i ONE = _mm_set_epi32(0,0,0,1); unsigned int j; @@ -68,66 +64,80 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, return NULL; } gcm = PORT_ZNew(intel_AES_GCMContext); - + if (gcm == NULL) { return NULL; } + /* initialize context fields */ gcm->aes_context = aes; gcm->tagBits = gcmParams->ulTagBits; gcm->Alen = 0; gcm->Mlen = 0; + /* first prepare H and its derivatives for ghash */ intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr); - /* Initial TAG value is zero*/ + + /* Initial TAG value is zero */ _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128()); _mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128()); + /* Init the counter */ - if(gcmParams->ulIvLen == 12) { - _mm_storeu_si128((__m128i*)gcm->CTR, _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], ((unsigned int*)gcmParams->pIv)[1], ((unsigned int*)gcmParams->pIv)[2], 0x01000000)); + if (gcmParams->ulIvLen == 12) { + _mm_storeu_si128((__m128i*)gcm->CTR, + _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0], + ((unsigned int*)gcmParams->pIv)[1], + ((unsigned int*)gcmParams->pIv)[2], + 0x01000000)); } else { - /* If IV size is not 96 bits, then the initial counter value is GHASH of the IV */ + /* If IV size is not 96 bits, then the initial counter value is GHASH + * of the IV */ intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T); + /* Partial block */ - if(IV_remainder_len) { + if (IV_remainder_len) { PORT_Memset(buff, 0, AES_BLOCK_SIZE); PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len); intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T); - } - - intel_aes_gcmTAG - ( + } + + intel_aes_gcmTAG( gcm->Htbl, gcm->T, gcmParams->ulIvLen, 0, gcm->X0, - gcm->CTR - ); + gcm->CTR); + /* TAG should be zero again */ _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128()); } - /* Encrypt the initial counter, will be used to encrypt the GHASH value, in the end */ - rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + /* Encrypt the initial counter, will be used to encrypt the GHASH value, + * in the end */ + rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR, + AES_BLOCK_SIZE, AES_BLOCK_SIZE); if (rv != SECSuccess) { goto loser; } + /* Promote the counter by 1 */ _mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK)); -/* Now hash AAD - it would actually make sense to seperate the context creation from the AAD, - * because that would allow to reuse the H, which only changes when the AES key changes, - * and not every package, like the IV and AAD */ + /* Now hash AAD - it would actually make sense to seperate the context + * creation from the AAD, because that would allow to reuse the H, which + * only changes when the AES key changes, and not every package, like the + * IV and AAD */ intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T); - if(AAD_remainder_len) { + if (AAD_remainder_len) { PORT_Memset(buff, 0, AES_BLOCK_SIZE); PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len); intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T); } gcm->Alen += gcmParams->ulAADLen; return gcm; - - loser: + +loser: if (gcm) { PORT_Free(gcm); } @@ -141,17 +151,17 @@ void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit) } } -SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, +SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, - unsigned int *outlen, unsigned int maxout, - const unsigned char *inbuf, unsigned int inlen, - unsigned int blocksize) + unsigned int *outlen, unsigned int maxout, + const unsigned char *inbuf, unsigned int inlen, + unsigned int blocksize) { unsigned int tagBytes; unsigned char T[AES_BLOCK_SIZE]; - int j; + unsigned int j; - tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE; + tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; if (UINT_MAX - inlen < tagBytes) { PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; @@ -169,7 +179,7 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, inlen); gcm->Mlen += inlen; - + intel_aes_gcmTAG( gcm->Htbl, gcm->T, @@ -180,34 +190,39 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, *outlen = inlen + tagBytes; - for(j=0; jtagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE; - + tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; + /* get the authentication block */ if (inlen < tagBytes) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); + PORT_SetError(SEC_ERROR_INPUT_LEN); return SECFailure; } inlen -= tagBytes; intag = inbuf + inlen; + if (maxout < inlen) { + *outlen = inlen; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + intel_aes_gcmDEC( inbuf, outbuf, @@ -224,6 +239,8 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, T); if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) { + memset(outbuf, 0, inlen); + *outlen = 0; /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ PORT_SetError(SEC_ERROR_BAD_DATA); return SECFailure; diff --git a/security/nss/lib/freebl/intel-gcm-x64-masm.asm b/security/nss/lib/freebl/intel-gcm-x64-masm.asm new file mode 100644 index 00000000..8b68b76e --- /dev/null +++ b/security/nss/lib/freebl/intel-gcm-x64-masm.asm @@ -0,0 +1,1295 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias@intel.com + + +.DATA +ALIGN 16 +Lone dq 1,0 +Ltwo dq 2,0 +Lbswap_mask db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +Lshuff_mask dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh +Lpoly dq 01h, 0c200000000000000h + +.CODE + + +GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4 + vpclmulqdq TMP1, SRC2, SRC1, 0h + vpclmulqdq TMP4, SRC2, SRC1, 011h + + vpshufd TMP2, SRC2, 78 + vpshufd TMP3, SRC1, 78 + vpxor TMP2, TMP2, SRC2 + vpxor TMP3, TMP3, SRC1 + + vpclmulqdq TMP2, TMP2, TMP3, 0h + vpxor TMP2, TMP2, TMP1 + vpxor TMP2, TMP2, TMP4 + + vpslldq TMP3, TMP2, 8 + vpsrldq TMP2, TMP2, 8 + + vpxor TMP1, TMP1, TMP3 + vpxor TMP4, TMP4, TMP2 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpxor DST, TMP1, TMP4 + + ENDM + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the final GCM tag +; void intel_aes_gcmTAG(unsigned char Htbl[16*16], +; unsigned char *Tp, +; unsigned int Mlen, +; unsigned int Alen, +; unsigned char *X0, +; unsigned char *TAG); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmTAG PROC + +Htbl textequ +Tp textequ +Mlen textequ +Alen textequ +X0 textequ +TAG textequ + +T textequ +TMP0 textequ + + mov X0, [rsp + 1*8 + 4*8] + mov TAG, [rsp + 1*8 + 5*8] + + vzeroupper + vmovdqu T, XMMWORD PTR[Tp] + vpxor TMP0, TMP0, TMP0 + + shl Mlen, 3 + shl Alen, 3 + + ;vpinsrq TMP0, TMP0, Mlen, 0 + ;vpinsrq TMP0, TMP0, Alen, 1 + ; workaround the ml64.exe vpinsrq issue + vpinsrd TMP0, TMP0, r8d, 0 + vpinsrd TMP0, TMP0, r9d, 2 + shr Mlen, 32 + shr Alen, 32 + vpinsrd TMP0, TMP0, r8d, 1 + vpinsrd TMP0, TMP0, r9d, 3 + + vpxor T, T, TMP0 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + + vpshufb T, T, [Lbswap_mask] + vpxor T, T, [X0] + vmovdqu XMMWORD PTR[TAG], T + vzeroupper + + ret + +intel_aes_gcmTAG ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the H table +; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmINIT PROC + +Htbl textequ +KS textequ +NR textequ + +T textequ +TMP0 textequ + + vzeroupper + ; AES-ENC(0) + vmovdqu T, XMMWORD PTR[KS] + lea KS, [16 + KS] + dec NR +Lenc_loop: + vaesenc T, T, [KS] + lea KS, [16 + KS] + dec NR + jnz Lenc_loop + + vaesenclast T, T, [KS] + vpshufb T, T, [Lbswap_mask] + + ;Calculate H` = GFMUL(H, 2) + vpsrad xmm3, T, 31 + vpshufd xmm3, xmm3, 0ffh + vpand xmm5, xmm3, [Lpoly] + vpsrld xmm3, T, 31 + vpslld xmm4, T, 1 + vpslldq xmm3, xmm3, 4 + vpxor T, xmm4, xmm3 + vpxor T, T, xmm5 + + vmovdqu TMP0, T + vmovdqu XMMWORD PTR[Htbl + 0*16], T + + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2 + + i = 1 + WHILE i LT 8 + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + vmovdqu XMMWORD PTR[Htbl + i*16], T + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2 + i = i+1 + ENDM + vzeroupper + ret +intel_aes_gcmINIT ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Authenticate only +; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmAAD PROC + +Htbl textequ +inp textequ +len textequ +Tp textequ +hlp0 textequ + +DATA textequ +T textequ +TMP0 textequ +TMP1 textequ +TMP2 textequ +TMP3 textequ +TMP4 textequ +Xhi textequ + +KARATSUBA_AAD MACRO i + vpclmulqdq TMP3, DATA, [Htbl + i*16], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + i*16], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + i*16], 0h + vpxor TMP2, TMP2, TMP3 +ENDM + + test len, len + jnz LbeginAAD + ret + +LbeginAAD: + vzeroupper + + sub rsp, 2*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + + vpxor Xhi, Xhi, Xhi + + vmovdqu T, XMMWORD PTR[Tp] + ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first + mov hlp0, len + and hlp0, 128-1 + jz Lmod_loop + + and len, -128 + sub hlp0, 16 + + ; Prefix block + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + + vpclmulqdq TMP0, DATA, [Htbl + hlp0], 0h + vpclmulqdq TMP1, DATA, [Htbl + hlp0], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h + + lea inp, [inp+16] + test hlp0, hlp0 + jnz Lpre_loop + jmp Lred1 + + ;hash remaining prefix bocks (up to 7 total prefix blocks) +Lpre_loop: + + sub hlp0, 16 + + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP3, DATA, [Htbl + hlp0], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + hlp0], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h + vpxor TMP2, TMP2, TMP3 + + test hlp0, hlp0 + lea inp, [inp+16] + jnz Lpre_loop + +Lred1: + + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + +Lmod_loop: + + sub len, 16*8 + jb Ldone + ; Block #0 + vmovdqu DATA, XMMWORD PTR[inp + 16*7] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP0, DATA, [Htbl + 0*16], 0h + vpclmulqdq TMP1, DATA, [Htbl + 0*16], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h + + ; Block #1 + vmovdqu DATA, XMMWORD PTR[inp + 16*6] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 1 + + ; Block #2 + vmovdqu DATA, XMMWORD PTR[inp + 16*5] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 1a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 2 + + vpxor T, T, TMP4 ;reduction stage 1b + + ; Block #3 + vmovdqu DATA, XMMWORD PTR[inp + 16*4] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 3 + ; Block #4 + vmovdqu DATA, XMMWORD PTR[inp + 16*3] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 2a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 4 + + vpxor T, T, TMP4 ;reduction stage 2b + ; Block #5 + vmovdqu DATA, XMMWORD PTR[inp + 16*2] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 5 + + vpxor T, T, Xhi ;reduction finalize + ; Block #6 + vmovdqu DATA, XMMWORD PTR[inp + 16*1] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 6 + ; Block #7 + vmovdqu DATA, XMMWORD PTR[inp + 16*0] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + KARATSUBA_AAD 7 + ; Aggregated 8 blocks, now karatsuba fixup + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + lea inp, [inp + 16*8] + jmp Lmod_loop + +Ldone: + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpxor T, T, Xhi + vmovdqu XMMWORD PTR[Tp], T + vzeroupper + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + add rsp, 16*2 + + ret + +intel_aes_gcmAAD ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Encrypt and Authenticate +; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmENC PROC + +PT textequ +CT textequ +Htbl textequ +Gctx textequ +len textequ +KS textequ +NR textequ + +aluCTR textequ +aluKSl textequ +aluTMP textequ + +T textequ +TMP0 textequ +TMP1 textequ +TMP2 textequ +TMP3 textequ +TMP4 textequ +TMP5 textequ +CTR0 textequ +CTR1 textequ +CTR2 textequ +CTR3 textequ +CTR4 textequ +CTR5 textequ +CTR6 textequ +CTR7 textequ +BSWAPMASK textequ + +ROUND MACRO i + vmovdqu TMP3, XMMWORD PTR[i*16 + KS] + vaesenc CTR0, CTR0, TMP3 + vaesenc CTR1, CTR1, TMP3 + vaesenc CTR2, CTR2, TMP3 + vaesenc CTR3, CTR3, TMP3 + vaesenc CTR4, CTR4, TMP3 + vaesenc CTR5, CTR5, TMP3 + vaesenc CTR6, CTR6, TMP3 + vaesenc CTR7, CTR7, TMP3 +ENDM +ROUNDMUL MACRO i + vmovdqu TMP3, XMMWORD PTR[i*16 + KS] + + vaesenc CTR0, CTR0, TMP3 + vaesenc CTR1, CTR1, TMP3 + vaesenc CTR2, CTR2, TMP3 + vaesenc CTR3, CTR3, TMP3 + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + + vaesenc CTR4, CTR4, TMP3 + vaesenc CTR5, CTR5, TMP3 + vaesenc CTR6, CTR6, TMP3 + vaesenc CTR7, CTR7, TMP3 + + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM +KARATSUBA MACRO i + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [3*4 + 8*16 + i*16 + rsp], aluTMP +ENDM + + + test len, len + jnz LbeginENC + ret + +LbeginENC: + + vzeroupper + push r11 + push r12 + push r13 + push rbp + sub rsp, 10*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + vmovdqu XMMWORD PTR[rsp + 2*16], xmm8 + vmovdqu XMMWORD PTR[rsp + 3*16], xmm9 + vmovdqu XMMWORD PTR[rsp + 4*16], xmm10 + vmovdqu XMMWORD PTR[rsp + 5*16], xmm11 + vmovdqu XMMWORD PTR[rsp + 6*16], xmm12 + vmovdqu XMMWORD PTR[rsp + 7*16], xmm13 + vmovdqu XMMWORD PTR[rsp + 8*16], xmm14 + vmovdqu XMMWORD PTR[rsp + 9*16], xmm15 + + mov rbp, rsp + sub rsp, 16*16 + and rsp, -16 + + vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx] + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask] + mov KS, [16*16 + 3*16 + Gctx] + mov NR, [4 + KS] + lea KS, [48 + KS] + + vpshufb CTR0, CTR0, BSWAPMASK + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + mov aluKSl, [3*4 + KS] + bswap aluCTR + bswap aluKSl + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0 + + cmp len, 128 + jb LEncDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0 + +; Encrypt the initial 8 blocks + sub len, 128 + vpaddd CTR1, CTR0, XMMWORD PTR[Lone] + vpaddd CTR2, CTR0, XMMWORD PTR[Ltwo] + vpaddd CTR3, CTR2, XMMWORD PTR[Lone] + vpaddd CTR4, CTR2, XMMWORD PTR[Ltwo] + vpaddd CTR5, CTR4, XMMWORD PTR[Lone] + vpaddd CTR6, CTR4, XMMWORD PTR[Ltwo] + vpaddd CTR7, CTR6, XMMWORD PTR[Lone] + + vpshufb CTR0, CTR0, BSWAPMASK + vpshufb CTR1, CTR1, BSWAPMASK + vpshufb CTR2, CTR2, BSWAPMASK + vpshufb CTR3, CTR3, BSWAPMASK + vpshufb CTR4, CTR4, BSWAPMASK + vpshufb CTR5, CTR5, BSWAPMASK + vpshufb CTR6, CTR6, BSWAPMASK + vpshufb CTR7, CTR7, BSWAPMASK + + vmovdqu TMP3, XMMWORD PTR[0*16 + KS] + vpxor CTR0, CTR0, TMP3 + vpxor CTR1, CTR1, TMP3 + vpxor CTR2, CTR2, TMP3 + vpxor CTR3, CTR3, TMP3 + vpxor CTR4, CTR4, TMP3 + vpxor CTR5, CTR5, TMP3 + vpxor CTR6, CTR6, TMP3 + vpxor CTR7, CTR7, TMP3 + + ROUND 1 + + add aluCTR, 8 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [8*16 + 0*16 + 3*4 + rsp], aluTMP + + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + ROUND 8 + NEXTCTR 7 + ROUND 9 + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + PT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + PT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + PT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + PT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + PT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + PT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + PT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + PT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vpshufb CTR0, CTR0, BSWAPMASK + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vpshufb CTR1, CTR1, BSWAPMASK + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vpshufb CTR2, CTR2, BSWAPMASK + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vpshufb CTR3, CTR3, BSWAPMASK + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vpshufb CTR4, CTR4, BSWAPMASK + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vpshufb CTR5, CTR5, BSWAPMASK + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + vpshufb CTR6, CTR6, BSWAPMASK + vmovdqu XMMWORD PTR[7*16 + CT], CTR7 + vpshufb TMP5, CTR7, BSWAPMASK + + vmovdqa XMMWORD PTR[1*16 + rsp], CTR6 + vmovdqa XMMWORD PTR[2*16 + rsp], CTR5 + vmovdqa XMMWORD PTR[3*16 + rsp], CTR4 + vmovdqa XMMWORD PTR[4*16 + rsp], CTR3 + vmovdqa XMMWORD PTR[5*16 + rsp], CTR2 + vmovdqa XMMWORD PTR[6*16 + rsp], CTR1 + vmovdqa XMMWORD PTR[7*16 + rsp], CTR0 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LEncDataOctets + +LEncDataOctets: + cmp len, 128 + jb LEndEncOctets + sub len, 128 + + vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp] + vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp] + vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp] + vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp] + vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp] + vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp] + vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp] + vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp] + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + rsp] + ROUNDMUL 1 + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[2*16 + rsp] + ROUNDMUL 2 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[3*16 + rsp] + ROUNDMUL 3 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[4*16 + rsp] + ROUNDMUL 4 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[5*16 + rsp] + ROUNDMUL 5 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[6*16 + rsp] + ROUNDMUL 6 + NEXTCTR 5 + vpxor TMP5, T, XMMWORD PTR[7*16 + rsp] + ROUNDMUL 7 + NEXTCTR 6 + + ROUND 8 + NEXTCTR 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + ROUND 9 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + PT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + PT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + PT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + PT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + PT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + PT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + PT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + PT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vpshufb CTR0, CTR0, BSWAPMASK + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vpshufb CTR1, CTR1, BSWAPMASK + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vpshufb CTR2, CTR2, BSWAPMASK + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vpshufb CTR3, CTR3, BSWAPMASK + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vpshufb CTR4, CTR4, BSWAPMASK + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vpshufb CTR5, CTR5, BSWAPMASK + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + vpshufb CTR6, CTR6, BSWAPMASK + vmovdqu XMMWORD PTR[7*16 + CT], CTR7 + vpshufb TMP5, CTR7, BSWAPMASK + + vmovdqa XMMWORD PTR[1*16 + rsp], CTR6 + vmovdqa XMMWORD PTR[2*16 + rsp], CTR5 + vmovdqa XMMWORD PTR[3*16 + rsp], CTR4 + vmovdqa XMMWORD PTR[4*16 + rsp], CTR3 + vmovdqa XMMWORD PTR[5*16 + rsp], CTR2 + vmovdqa XMMWORD PTR[6*16 + rsp], CTR1 + vmovdqa XMMWORD PTR[7*16 + rsp], CTR0 + + vpxor T, T, TMP4 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LEncDataOctets + +LEndEncOctets: + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + rsp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + rsp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + rsp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + rsp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + rsp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + rsp] + KARATSUBA 6 + vpxor TMP5, T, XMMWORD PTR[7*16 + rsp] + KARATSUBA 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vpxor T, T, TMP4 + + sub aluCTR, 7 + +LEncDataSingles: + + cmp len, 16 + jb LEncDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[PT] + vmovdqu XMMWORD PTR[CT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP1, TMP1, BSWAPMASK + vpxor T, T, TMP1 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + + jmp LEncDataSingles + +LEncDataTail: + + test len, len + jz LEncDataEnd + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp] + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; zero a temp location + vpxor TMP2, TMP2, TMP2 + vmovdqa XMMWORD PTR[rsp], TMP2 +; copy as many bytes as needed + xor KS, KS + +@@: + cmp len, KS + je @f + mov al, [PT + KS] + mov [rsp + KS], al + inc KS + jmp @b +@@: + vpxor TMP1, TMP1, XMMWORD PTR[rsp] + vmovdqa XMMWORD PTR[rsp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [rsp + KS] + mov [CT + KS], al + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[rsp + KS], 0 + inc KS + jmp @b +@@: +BAIL: + vmovdqa TMP1, XMMWORD PTR[rsp] + vpshufb TMP1, TMP1, BSWAPMASK + vpxor T, T, TMP1 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + +LEncDataEnd: + + vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov rsp, rbp + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + vmovdqu xmm8, XMMWORD PTR[rsp + 2*16] + vmovdqu xmm9, XMMWORD PTR[rsp + 3*16] + vmovdqu xmm10, XMMWORD PTR[rsp + 4*16] + vmovdqu xmm11, XMMWORD PTR[rsp + 5*16] + vmovdqu xmm12, XMMWORD PTR[rsp + 6*16] + vmovdqu xmm13, XMMWORD PTR[rsp + 7*16] + vmovdqu xmm14, XMMWORD PTR[rsp + 8*16] + vmovdqu xmm15, XMMWORD PTR[rsp + 9*16] + + add rsp, 10*16 + pop rbp + pop r13 + pop r12 + pop r11 + + vzeroupper + + ret +intel_aes_gcmENC ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Decrypt and Authenticate +; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmDEC PROC + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + xor aluTMP, aluKSl + bswap aluTMP + mov [3*4 + i*16 + rsp], aluTMP +ENDM + +PT textequ +CT textequ + + test len, len + jnz LbeginDEC + ret + +LbeginDEC: + + vzeroupper + push r11 + push r12 + push r13 + push rbp + sub rsp, 10*16 + vmovdqu XMMWORD PTR[rsp + 0*16], xmm6 + vmovdqu XMMWORD PTR[rsp + 1*16], xmm7 + vmovdqu XMMWORD PTR[rsp + 2*16], xmm8 + vmovdqu XMMWORD PTR[rsp + 3*16], xmm9 + vmovdqu XMMWORD PTR[rsp + 4*16], xmm10 + vmovdqu XMMWORD PTR[rsp + 5*16], xmm11 + vmovdqu XMMWORD PTR[rsp + 6*16], xmm12 + vmovdqu XMMWORD PTR[rsp + 7*16], xmm13 + vmovdqu XMMWORD PTR[rsp + 8*16], xmm14 + vmovdqu XMMWORD PTR[rsp + 9*16], xmm15 + + mov rbp, rsp + sub rsp, 8*16 + and rsp, -16 + + vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx] + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask] + mov KS, [16*16 + 3*16 + Gctx] + mov NR, [4 + KS] + lea KS, [48 + KS] + + vpshufb CTR0, CTR0, BSWAPMASK + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + mov aluKSl, [3*4 + KS] + bswap aluCTR + bswap aluKSl + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[0*16 + rsp], TMP0 + + cmp len, 128 + jb LDecDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[1*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[2*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[3*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[4*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[5*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[6*16 + rsp], TMP0 + vmovdqu XMMWORD PTR[7*16 + rsp], TMP0 + + NEXTCTR 1 + NEXTCTR 2 + NEXTCTR 3 + NEXTCTR 4 + NEXTCTR 5 + NEXTCTR 6 + NEXTCTR 7 + +LDecDataOctets: + cmp len, 128 + jb LEndDecOctets + sub len, 128 + + vmovdqa CTR0, XMMWORD PTR[0*16 + rsp] + vmovdqa CTR1, XMMWORD PTR[1*16 + rsp] + vmovdqa CTR2, XMMWORD PTR[2*16 + rsp] + vmovdqa CTR3, XMMWORD PTR[3*16 + rsp] + vmovdqa CTR4, XMMWORD PTR[4*16 + rsp] + vmovdqa CTR5, XMMWORD PTR[5*16 + rsp] + vmovdqa CTR6, XMMWORD PTR[6*16 + rsp] + vmovdqa CTR7, XMMWORD PTR[7*16 + rsp] + + vmovdqu TMP5, XMMWORD PTR[7*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[6*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 1 + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[5*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 2 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[4*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 3 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 4 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[2*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 5 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[1*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + ROUNDMUL 6 + NEXTCTR 5 + vmovdqu TMP5, XMMWORD PTR[0*16 + CT] + vpshufb TMP5, TMP5, BSWAPMASK + vpxor TMP5, TMP5, T + ROUNDMUL 7 + NEXTCTR 6 + + ROUND 8 + NEXTCTR 7 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor T, TMP2, TMP3 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + ROUND 9 + + vpclmulqdq TMP1, T, XMMWORD PTR[Lpoly], 010h + vpalignr T,T,T,8 + vpxor T, T, TMP1 + + vmovdqu TMP5, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu TMP5, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu TMP5, XMMWORD PTR[14*16 + KS] +@@: + vpxor TMP3, TMP5, XMMWORD PTR[0*16 + CT] + vaesenclast CTR0, CTR0, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[1*16 + CT] + vaesenclast CTR1, CTR1, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[2*16 + CT] + vaesenclast CTR2, CTR2, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[3*16 + CT] + vaesenclast CTR3, CTR3, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[4*16 + CT] + vaesenclast CTR4, CTR4, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[5*16 + CT] + vaesenclast CTR5, CTR5, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[6*16 + CT] + vaesenclast CTR6, CTR6, TMP3 + vpxor TMP3, TMP5, XMMWORD PTR[7*16 + CT] + vaesenclast CTR7, CTR7, TMP3 + + vmovdqu XMMWORD PTR[0*16 + PT], CTR0 + vmovdqu XMMWORD PTR[1*16 + PT], CTR1 + vmovdqu XMMWORD PTR[2*16 + PT], CTR2 + vmovdqu XMMWORD PTR[3*16 + PT], CTR3 + vmovdqu XMMWORD PTR[4*16 + PT], CTR4 + vmovdqu XMMWORD PTR[5*16 + PT], CTR5 + vmovdqu XMMWORD PTR[6*16 + PT], CTR6 + vmovdqu XMMWORD PTR[7*16 + PT], CTR7 + + vpxor T, T, TMP4 + + lea CT, [8*16 + CT] + lea PT, [8*16 + PT] + jmp LDecDataOctets + +LEndDecOctets: + + sub aluCTR, 7 + +LDecDataSingles: + + cmp len, 16 + jb LDecDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[0*16 + rsp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + + vmovdqu TMP2, XMMWORD PTR[CT] + vpxor TMP1, TMP1, TMP2 + vmovdqu XMMWORD PTR[PT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP2, TMP2, BSWAPMASK + vpxor T, T, TMP2 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP1, TMP2, TMP3, TMP4 + + jmp LDecDataSingles + +LDecDataTail: + + test len, len + jz LDecDataEnd + + vmovdqa TMP1, XMMWORD PTR[0*16 + rsp] + inc aluCTR + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; copy as many bytes as needed + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [CT + KS] + mov [rsp + KS], al + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[rsp + KS], 0 + inc KS + jmp @b +@@: + vmovdqa TMP2, XMMWORD PTR[rsp] + vpshufb TMP2, TMP2, BSWAPMASK + vpxor T, T, TMP2 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, TMP5, TMP2, TMP3, TMP4 + + + vpxor TMP1, TMP1, XMMWORD PTR[rsp] + vmovdqa XMMWORD PTR[rsp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov al, [rsp + KS] + mov [PT + KS], al + inc KS + jmp @b +@@: + +LDecDataEnd: + + vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov rsp, rbp + + vmovdqu xmm6, XMMWORD PTR[rsp + 0*16] + vmovdqu xmm7, XMMWORD PTR[rsp + 1*16] + vmovdqu xmm8, XMMWORD PTR[rsp + 2*16] + vmovdqu xmm9, XMMWORD PTR[rsp + 3*16] + vmovdqu xmm10, XMMWORD PTR[rsp + 4*16] + vmovdqu xmm11, XMMWORD PTR[rsp + 5*16] + vmovdqu xmm12, XMMWORD PTR[rsp + 6*16] + vmovdqu xmm13, XMMWORD PTR[rsp + 7*16] + vmovdqu xmm14, XMMWORD PTR[rsp + 8*16] + vmovdqu xmm15, XMMWORD PTR[rsp + 9*16] + + add rsp, 10*16 + pop rbp + pop r13 + pop r12 + pop r11 + + vzeroupper + + ret +ret +intel_aes_gcmDEC ENDP + + +END diff --git a/security/nss/lib/freebl/intel-gcm-x86-masm.asm b/security/nss/lib/freebl/intel-gcm-x86-masm.asm new file mode 100644 index 00000000..6362ad85 --- /dev/null +++ b/security/nss/lib/freebl/intel-gcm-x86-masm.asm @@ -0,0 +1,1209 @@ +; LICENSE: +; This submission to NSS is to be made available under the terms of the +; Mozilla Public License, v. 2.0. You can obtain one at http: +; //mozilla.org/MPL/2.0/. +;############################################################################### +; Copyright(c) 2014, Intel Corp. +; Developers and authors: +; Shay Gueron and Vlad Krasnov +; Intel Corporation, Israel Development Centre, Haifa, Israel +; Please send feedback directly to crypto.feedback.alias@intel.com + + +.MODEL FLAT, C +.XMM + +.DATA +ALIGN 16 +Lone dq 1,0 +Ltwo dq 2,0 +Lbswap_mask db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +Lshuff_mask dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh +Lpoly dq 01h, 0c200000000000000h + +.CODE + + +GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4 + vpclmulqdq TMP1, SRC2, SRC1, 0h + vpclmulqdq TMP4, SRC2, SRC1, 011h + + vpshufd TMP2, SRC2, 78 + vpshufd TMP3, SRC1, 78 + vpxor TMP2, TMP2, SRC2 + vpxor TMP3, TMP3, SRC1 + + vpclmulqdq TMP2, TMP2, TMP3, 0h + vpxor TMP2, TMP2, TMP1 + vpxor TMP2, TMP2, TMP4 + + vpslldq TMP3, TMP2, 8 + vpsrldq TMP2, TMP2, 8 + + vpxor TMP1, TMP1, TMP3 + vpxor TMP4, TMP4, TMP2 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpclmulqdq TMP2, TMP1, [Lpoly], 010h + vpshufd TMP3, TMP1, 78 + vpxor TMP1, TMP2, TMP3 + + vpxor DST, TMP1, TMP4 + + ENDM + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the final GCM tag +; void intel_aes_gcmTAG(unsigned char Htbl[16*16], +; unsigned char *Tp, +; unsigned int Mlen, +; unsigned int Alen, +; unsigned char* X0, +; unsigned char* TAG); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmTAG PROC + +Htbl textequ +Tp textequ +X0 textequ +TAG textequ + +T textequ +TMP0 textequ + + push ebx + + mov Htbl, [esp + 2*4 + 0*4] + mov Tp, [esp + 2*4 + 1*4] + mov X0, [esp + 2*4 + 4*4] + mov TAG, [esp + 2*4 + 5*4] + + vzeroupper + vmovdqu T, XMMWORD PTR[Tp] + + vpxor TMP0, TMP0, TMP0 + vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 2*4], 0 + vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 3*4], 2 + vpsllq TMP0, TMP0, 3 + + vpxor T, T, TMP0 + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + + vpshufb T, T, [Lbswap_mask] + vpxor T, T, [X0] + vmovdqu XMMWORD PTR[TAG], T + vzeroupper + + pop ebx + + ret + +intel_aes_gcmTAG ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Generates the H table +; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmINIT PROC + +Htbl textequ +KS textequ +NR textequ + +T textequ +TMP0 textequ + + mov Htbl, [esp + 4*1 + 0*4] + mov KS, [esp + 4*1 + 1*4] + mov NR, [esp + 4*1 + 2*4] + + vzeroupper + ; AES-ENC(0) + vmovdqu T, XMMWORD PTR[KS] + lea KS, [16 + KS] + dec NR +Lenc_loop: + vaesenc T, T, [KS] + lea KS, [16 + KS] + dec NR + jnz Lenc_loop + + vaesenclast T, T, [KS] + vpshufb T, T, [Lbswap_mask] + + ;Calculate H` = GFMUL(H, 2) + vpsrad xmm3, T, 31 + vpshufd xmm3, xmm3, 0ffh + vpand xmm5, xmm3, [Lpoly] + vpsrld xmm3, T, 31 + vpslld xmm4, T, 1 + vpslldq xmm3, xmm3, 4 + vpxor T, xmm4, xmm3 + vpxor T, T, xmm5 + + vmovdqu TMP0, T + vmovdqu XMMWORD PTR[Htbl + 0*16], T + + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2 + + i = 1 + WHILE i LT 8 + GFMUL T, T, TMP0, xmm2, xmm3, xmm4, xmm5 + vmovdqu XMMWORD PTR[Htbl + i*16], T + vpshufd xmm2, T, 78 + vpxor xmm2, xmm2, T + vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2 + i = i+1 + ENDM + vzeroupper + ret +intel_aes_gcmINIT ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Authenticate only +; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmAAD PROC + +Htbl textequ +inp textequ +len textequ +Tp textequ +hlp0 textequ + +DATA textequ +T textequ +TMP0 textequ +TMP1 textequ +TMP2 textequ +TMP3 textequ +TMP4 textequ +Xhi textequ + +KARATSUBA_AAD MACRO i + vpclmulqdq TMP3, DATA, [Htbl + i*16], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, [Htbl + i*16], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, [Htbl + 8*16 + i*16], 0h + vpxor TMP2, TMP2, TMP3 +ENDM + + cmp DWORD PTR[esp + 1*3 + 2*4], 0 + jnz LbeginAAD + ret + +LbeginAAD: + push ebx + push esi + + mov Htbl, [esp + 4*3 + 0*4] + mov inp, [esp + 4*3 + 1*4] + mov len, [esp + 4*3 + 2*4] + mov Tp, [esp + 4*3 + 3*4] + + vzeroupper + + vpxor Xhi, Xhi, Xhi + + vmovdqu T, XMMWORD PTR[Tp] + ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first + mov hlp0, len + and hlp0, 128-1 + jz Lmod_loop + + and len, -128 + sub hlp0, 16 + + ; Prefix block + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + + vpclmulqdq TMP0, DATA, XMMWORD PTR[Htbl + hlp0], 0h + vpclmulqdq TMP1, DATA, XMMWORD PTR[Htbl + hlp0], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h + + lea inp, [inp+16] + test hlp0, hlp0 + jnz Lpre_loop + jmp Lred1 + + ;hash remaining prefix bocks (up to 7 total prefix blocks) +Lpre_loop: + + sub hlp0, 16 + + vmovdqu DATA, XMMWORD PTR[inp] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 0h + vpxor TMP0, TMP0, TMP3 + vpclmulqdq TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 011h + vpxor TMP1, TMP1, TMP3 + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP3, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h + vpxor TMP2, TMP2, TMP3 + + test hlp0, hlp0 + lea inp, [inp+16] + jnz Lpre_loop + +Lred1: + + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + +Lmod_loop: + + sub len, 16*8 + jb Ldone + ; Block #0 + vmovdqu DATA, XMMWORD PTR[inp + 16*7] + vpshufb DATA, DATA, XMMWORD PTR[Lbswap_mask] + + vpclmulqdq TMP0, DATA, XMMWORD PTR[Htbl + 0*16], 0h + vpclmulqdq TMP1, DATA, XMMWORD PTR[Htbl + 0*16], 011h + vpshufd TMP3, DATA, 78 + vpxor TMP3, TMP3, DATA + vpclmulqdq TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + 0*16], 0h + + ; Block #1 + vmovdqu DATA, XMMWORD PTR[inp + 16*6] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 1 + + ; Block #2 + vmovdqu DATA, XMMWORD PTR[inp + 16*5] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 1a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 2 + + vpxor T, T, TMP4 ;reduction stage 1b + + ; Block #3 + vmovdqu DATA, XMMWORD PTR[inp + 16*4] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 3 + ; Block #4 + vmovdqu DATA, XMMWORD PTR[inp + 16*3] + vpshufb DATA, DATA, [Lbswap_mask] + + vpclmulqdq TMP4, T, [Lpoly], 010h ;reduction stage 2a + vpalignr T, T, T, 8 + + KARATSUBA_AAD 4 + + vpxor T, T, TMP4 ;reduction stage 2b + ; Block #5 + vmovdqu DATA, XMMWORD PTR[inp + 16*2] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 5 + + vpxor T, T, Xhi ;reduction finalize + ; Block #6 + vmovdqu DATA, XMMWORD PTR[inp + 16*1] + vpshufb DATA, DATA, [Lbswap_mask] + KARATSUBA_AAD 6 + ; Block #7 + vmovdqu DATA, XMMWORD PTR[inp + 16*0] + vpshufb DATA, DATA, [Lbswap_mask] + vpxor DATA, DATA, T + KARATSUBA_AAD 7 + ; Aggregated 8 blocks, now karatsuba fixup + vpxor TMP2, TMP2, TMP0 + vpxor TMP2, TMP2, TMP1 + vpsrldq TMP3, TMP2, 8 + vpslldq TMP2, TMP2, 8 + + vpxor Xhi, TMP1, TMP3 + vpxor T, TMP0, TMP2 + + lea inp, [inp + 16*8] + jmp Lmod_loop + +Ldone: + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpclmulqdq TMP4, T, [Lpoly], 010h + vpalignr T, T, T, 8 + vpxor T, T, TMP4 + + vpxor T, T, Xhi + vmovdqu XMMWORD PTR[Tp], T + vzeroupper + + pop esi + pop ebx + ret + +intel_aes_gcmAAD ENDP + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Encrypt and Authenticate +; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +ALIGN 16 +intel_aes_gcmENC PROC + +PT textequ +CT textequ +Htbl textequ +Gctx textequ +len textequ +KS textequ +NR textequ + +aluCTR textequ +aluTMP textequ + +T textequ +TMP0 textequ +TMP1 textequ +TMP2 textequ +TMP3 textequ +TMP4 textequ +TMP5 textequ + +CTR0 textequ +CTR1 textequ +CTR2 textequ +CTR3 textequ +CTR4 textequ +CTR5 textequ +CTR6 textequ + +ROUND MACRO i + vmovdqu xmm7, XMMWORD PTR[i*16 + KS] + vaesenc CTR0, CTR0, xmm7 + vaesenc CTR1, CTR1, xmm7 + vaesenc CTR2, CTR2, xmm7 + vaesenc CTR3, CTR3, xmm7 + vaesenc CTR4, CTR4, xmm7 + vaesenc CTR5, CTR5, xmm7 + vaesenc CTR6, CTR6, xmm7 +ENDM + +KARATSUBA MACRO i + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h + vpxor TMP0, TMP0, TMP3 + vmovdqu TMP4, XMMWORD PTR[i*16 + Htbl] + vpclmulqdq TMP3, TMP5, TMP4, 011h + vpxor TMP1, TMP1, TMP3 + vpclmulqdq TMP3, TMP5, TMP4, 000h + vpxor TMP2, TMP2, TMP3 +ENDM + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [3*4 + KS] + mov [3*4 + 8*16 + i*16 + esp], aluTMP +ENDM + + cmp DWORD PTR[1*4 + 3*4 + esp], 0 + jne LbeginENC + ret + +LbeginENC: + + vzeroupper + push ebp + push ebx + push esi + push edi + + mov ebp, esp + sub esp, 16*16 + and esp, -16 + + mov PT, [ebp + 5*4 + 0*4] + mov CT, [ebp + 5*4 + 1*4] + mov Gctx, [ebp + 5*4 + 2*4] + + mov KS, [16*16 + 3*16 + Gctx] + lea KS, [44 + KS] + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + bswap aluCTR + + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0 + + cmp len, 16*7 + jb LEncDataSingles +; Prepare the "top" counters + vmovdqu XMMWORD PTR[8*16 + 1*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 2*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 3*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 4*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 5*16 + esp], TMP0 + vmovdqu XMMWORD PTR[8*16 + 6*16 + esp], TMP0 + + vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] +; Encrypt the initial 7 blocks + sub len, 16*7 + vpaddd CTR1, CTR0, XMMWORD PTR[Lone] + vpaddd CTR2, CTR0, XMMWORD PTR[Ltwo] + vpaddd CTR3, CTR2, XMMWORD PTR[Lone] + vpaddd CTR4, CTR2, XMMWORD PTR[Ltwo] + vpaddd CTR5, CTR4, XMMWORD PTR[Lone] + vpaddd CTR6, CTR4, XMMWORD PTR[Ltwo] + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb CTR6, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqu xmm7, XMMWORD PTR[0*16 + KS] + vpxor CTR0, CTR0, xmm7 + vpxor CTR1, CTR1, xmm7 + vpxor CTR2, CTR2, xmm7 + vpxor CTR3, CTR3, xmm7 + vpxor CTR4, CTR4, xmm7 + vpxor CTR5, CTR5, xmm7 + vpxor CTR6, CTR6, xmm7 + + ROUND 1 + + add aluCTR, 7 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [KS + 3*4] + mov [8*16 + 0*16 + 3*4 + esp], aluTMP + + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + ROUND 8 + ROUND 9 + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + PT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + PT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + PT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + PT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + PT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + PT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + PT] + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqa XMMWORD PTR[1*16 + esp], CTR5 + vmovdqa XMMWORD PTR[2*16 + esp], CTR4 + vmovdqa XMMWORD PTR[3*16 + esp], CTR3 + vmovdqa XMMWORD PTR[4*16 + esp], CTR2 + vmovdqa XMMWORD PTR[5*16 + esp], CTR1 + vmovdqa XMMWORD PTR[6*16 + esp], CTR0 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LEncData7 + +LEncData7: + cmp len, 16*7 + jb LEndEnc7 + sub len, 16*7 + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + esp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + esp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + esp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + esp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + esp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + esp] + vpxor TMP5, TMP5, T + KARATSUBA 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + esp] + vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + esp] + vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + esp] + vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + esp] + vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + esp] + vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + esp] + vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + esp] + + ROUND 1 + NEXTCTR 0 + ROUND 2 + NEXTCTR 1 + ROUND 3 + NEXTCTR 2 + ROUND 4 + NEXTCTR 3 + ROUND 5 + NEXTCTR 4 + ROUND 6 + NEXTCTR 5 + ROUND 7 + NEXTCTR 6 + + ROUND 8 + ROUND 9 + + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + PT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + PT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + PT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + PT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + PT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + PT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + PT] + + vmovdqu XMMWORD PTR[0*16 + CT], CTR0 + vmovdqu XMMWORD PTR[1*16 + CT], CTR1 + vmovdqu XMMWORD PTR[2*16 + CT], CTR2 + vmovdqu XMMWORD PTR[3*16 + CT], CTR3 + vmovdqu XMMWORD PTR[4*16 + CT], CTR4 + vmovdqu XMMWORD PTR[5*16 + CT], CTR5 + vmovdqu XMMWORD PTR[6*16 + CT], CTR6 + + vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask] + vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask] + vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask] + vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask] + vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask] + vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask] + vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask] + + vmovdqa XMMWORD PTR[1*16 + esp], CTR5 + vmovdqa XMMWORD PTR[2*16 + esp], CTR4 + vmovdqa XMMWORD PTR[3*16 + esp], CTR3 + vmovdqa XMMWORD PTR[4*16 + esp], CTR2 + vmovdqa XMMWORD PTR[5*16 + esp], CTR1 + vmovdqa XMMWORD PTR[6*16 + esp], CTR0 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LEncData7 + +LEndEnc7: + + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[0*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + vmovdqu TMP5, XMMWORD PTR[1*16 + esp] + KARATSUBA 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + esp] + KARATSUBA 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + esp] + KARATSUBA 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + esp] + KARATSUBA 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + esp] + KARATSUBA 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + esp] + vpxor TMP5, TMP5, T + KARATSUBA 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + sub aluCTR, 6 + +LEncDataSingles: + + cmp len, 16 + jb LEncDataTail + sub len, 16 + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[PT] + vmovdqu XMMWORD PTR[CT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + jmp LEncDataSingles + +LEncDataTail: + + cmp len, 0 + je LEncDataEnd + + vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp] + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 +; zero a temp location + vpxor TMP2, TMP2, TMP2 + vmovdqa XMMWORD PTR[esp], TMP2 +; copy as many bytes as needed + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[PT + KS] + mov BYTE PTR[esp + KS], dl + inc KS + jmp @b +@@: + vpxor TMP1, TMP1, XMMWORD PTR[esp] + vmovdqa XMMWORD PTR[esp], TMP1 + xor KS, KS +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[esp + KS] + mov BYTE PTR[CT + KS], dl + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[esp + KS], 0 + inc KS + jmp @b +@@: + mov edx, aluTMP + vmovdqa TMP1, XMMWORD PTR[esp] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + +LEncDataEnd: + inc aluCTR + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov esp, ebp + pop edi + pop esi + pop ebx + pop ebp + + + vzeroupper + + ret +intel_aes_gcmENC ENDP + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; +; Decrypt and Authenticate +; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len); +; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + + +NEXTCTR MACRO i + add aluCTR, 1 + mov aluTMP, aluCTR + bswap aluTMP + xor aluTMP, [3*4 + KS] + mov [3*4 + i*16 + esp], aluTMP +ENDM + +intel_aes_gcmDEC PROC + + cmp DWORD PTR[1*4 + 3*4 + esp], 0 + jne LbeginDEC + ret + +LbeginDEC: + + vzeroupper + push ebp + push ebx + push esi + push edi + + mov ebp, esp + sub esp, 8*16 + and esp, -16 + + mov CT, [ebp + 5*4 + 0*4] + mov PT, [ebp + 5*4 + 1*4] + mov Gctx, [ebp + 5*4 + 2*4] + + mov KS, [16*16 + 3*16 + Gctx] + lea KS, [44 + KS] + + mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx] + bswap aluCTR + + + vmovdqu TMP0, XMMWORD PTR[0*16 + KS] + vpxor TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx] + vmovdqu XMMWORD PTR[0*16 + esp], TMP0 + + cmp len, 16*7 + jb LDecDataSingles + vmovdqu XMMWORD PTR[1*16 + esp], TMP0 + vmovdqu XMMWORD PTR[2*16 + esp], TMP0 + vmovdqu XMMWORD PTR[3*16 + esp], TMP0 + vmovdqu XMMWORD PTR[4*16 + esp], TMP0 + vmovdqu XMMWORD PTR[5*16 + esp], TMP0 + vmovdqu XMMWORD PTR[6*16 + esp], TMP0 + dec aluCTR + +LDecData7: + cmp len, 16*7 + jb LDecData7End + sub len, 16*7 + + vmovdqu TMP5, XMMWORD PTR[0*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + vpxor TMP5, TMP5, T + vpshufd TMP4, TMP5, 78 + vpxor TMP4, TMP4, TMP5 + vpclmulqdq TMP0, TMP4, XMMWORD PTR[6*16 + 8*16 + Htbl], 000h + vmovdqu TMP4, XMMWORD PTR[6*16 + Htbl] + vpclmulqdq TMP1, TMP5, TMP4, 011h + vpclmulqdq TMP2, TMP5, TMP4, 000h + + NEXTCTR 0 + vmovdqu TMP5, XMMWORD PTR[1*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 5 + NEXTCTR 1 + vmovdqu TMP5, XMMWORD PTR[2*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 4 + NEXTCTR 2 + vmovdqu TMP5, XMMWORD PTR[3*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 3 + NEXTCTR 3 + vmovdqu TMP5, XMMWORD PTR[4*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 2 + NEXTCTR 4 + vmovdqu TMP5, XMMWORD PTR[5*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 1 + NEXTCTR 5 + vmovdqu TMP5, XMMWORD PTR[6*16 + CT] + vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask] + KARATSUBA 0 + NEXTCTR 6 + + vpxor TMP0, TMP0, TMP1 + vpxor TMP0, TMP0, TMP2 + vpsrldq TMP3, TMP0, 8 + vpxor TMP4, TMP1, TMP3 + vpslldq TMP3, TMP0, 8 + vpxor TMP5, TMP2, TMP3 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpclmulqdq TMP1, TMP5, XMMWORD PTR[Lpoly], 010h + vpalignr TMP5,TMP5,TMP5,8 + vpxor TMP5, TMP5, TMP1 + + vpxor TMP5, TMP5, TMP4 + vmovdqu T, TMP5 + + vmovdqa CTR0, XMMWORD PTR[0*16 + esp] + vmovdqa CTR1, XMMWORD PTR[1*16 + esp] + vmovdqa CTR2, XMMWORD PTR[2*16 + esp] + vmovdqa CTR3, XMMWORD PTR[3*16 + esp] + vmovdqa CTR4, XMMWORD PTR[4*16 + esp] + vmovdqa CTR5, XMMWORD PTR[5*16 + esp] + vmovdqa CTR6, XMMWORD PTR[6*16 + esp] + + ROUND 1 + ROUND 2 + ROUND 3 + ROUND 4 + ROUND 5 + ROUND 6 + ROUND 7 + ROUND 8 + ROUND 9 + vmovdqu xmm7, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + + ROUND 10 + ROUND 11 + vmovdqu xmm7, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + + ROUND 12 + ROUND 13 + vmovdqu xmm7, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast CTR0, CTR0, xmm7 + vaesenclast CTR1, CTR1, xmm7 + vaesenclast CTR2, CTR2, xmm7 + vaesenclast CTR3, CTR3, xmm7 + vaesenclast CTR4, CTR4, xmm7 + vaesenclast CTR5, CTR5, xmm7 + vaesenclast CTR6, CTR6, xmm7 + + vpxor CTR0, CTR0, XMMWORD PTR[0*16 + CT] + vpxor CTR1, CTR1, XMMWORD PTR[1*16 + CT] + vpxor CTR2, CTR2, XMMWORD PTR[2*16 + CT] + vpxor CTR3, CTR3, XMMWORD PTR[3*16 + CT] + vpxor CTR4, CTR4, XMMWORD PTR[4*16 + CT] + vpxor CTR5, CTR5, XMMWORD PTR[5*16 + CT] + vpxor CTR6, CTR6, XMMWORD PTR[6*16 + CT] + + vmovdqu XMMWORD PTR[0*16 + PT], CTR0 + vmovdqu XMMWORD PTR[1*16 + PT], CTR1 + vmovdqu XMMWORD PTR[2*16 + PT], CTR2 + vmovdqu XMMWORD PTR[3*16 + PT], CTR3 + vmovdqu XMMWORD PTR[4*16 + PT], CTR4 + vmovdqu XMMWORD PTR[5*16 + PT], CTR5 + vmovdqu XMMWORD PTR[6*16 + PT], CTR6 + + lea CT, [7*16 + CT] + lea PT, [7*16 + PT] + jmp LDecData7 + +LDecData7End: + + NEXTCTR 0 + +LDecDataSingles: + + cmp len, 16 + jb LDecDataTail + sub len, 16 + + vmovdqu TMP1, XMMWORD PTR[CT] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + vmovdqa TMP1, XMMWORD PTR[0*16 + esp] + NEXTCTR 0 + + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast TMP1, TMP1, TMP2 + vpxor TMP1, TMP1, XMMWORD PTR[CT] + vmovdqu XMMWORD PTR[PT], TMP1 + + lea PT, [16+PT] + lea CT, [16+CT] + jmp LDecDataSingles + +LDecDataTail: + + cmp len, 0 + je LDecDataEnd + + vmovdqa TMP1, XMMWORD PTR[0*16 + esp] + inc aluCTR + vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS] + vmovdqu TMP2, XMMWORD PTR[10*16 + KS] + cmp NR, 10 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS] + vmovdqu TMP2, XMMWORD PTR[12*16 + KS] + cmp NR, 12 + je @f + vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS] + vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS] + vmovdqu TMP2, XMMWORD PTR[14*16 + KS] +@@: + vaesenclast xmm7, TMP1, TMP2 + +; copy as many bytes as needed + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[CT + KS] + mov BYTE PTR[esp + KS], dl + inc KS + jmp @b +@@: + cmp KS, 16 + je @f + mov BYTE PTR[esp + KS], 0 + inc KS + jmp @b +@@: + mov edx, aluTMP + vmovdqa TMP1, XMMWORD PTR[esp] + vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask] + vpxor TMP1, TMP1, T + + vmovdqu TMP0, XMMWORD PTR[Htbl] + GFMUL TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4 + vmovdqu T, TMP1 + + vpxor xmm7, xmm7, XMMWORD PTR[esp] + vmovdqa XMMWORD PTR[esp], xmm7 + xor KS, KS + mov aluTMP, edx +@@: + cmp len, KS + je @f + mov dl, BYTE PTR[esp + KS] + mov BYTE PTR[PT + KS], dl + inc KS + jmp @b +@@: + mov edx, aluTMP + +LDecDataEnd: + + bswap aluCTR + mov [16*16 + 2*16 + 3*4 + Gctx], aluCTR + + mov esp, ebp + pop edi + pop esi + pop ebx + pop ebp + + vzeroupper + + ret +intel_aes_gcmDEC ENDP + + +END diff --git a/security/nss/lib/freebl/intel-gcm.h b/security/nss/lib/freebl/intel-gcm.h index 9360ff14..22f364db 100644 --- a/security/nss/lib/freebl/intel-gcm.h +++ b/security/nss/lib/freebl/intel-gcm.h @@ -31,7 +31,7 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFun void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit); -SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, +SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf, unsigned int *outlen, unsigned int maxout, const unsigned char *inbuf, unsigned int inlen, unsigned int blocksize); diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 36239e3d..deb6770f 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -280,12 +280,18 @@ static const struct FREEBLVectorStr vector = RSA_CheckSignPSS, RSA_Sign, RSA_CheckSign, - RSA_CheckSignRecover + RSA_CheckSignRecover, /* End of Version 3.016 */ + + EC_FillParams, + EC_DecodeParams, + EC_CopyParams + + /* End of Version 3.017 */ }; -const FREEBLVector * +const FREEBLVector * FREEBL_GetVector(void) { extern const char __nss_freebl_rcsid[]; @@ -294,7 +300,7 @@ FREEBL_GetVector(void) /* force a reference that won't get optimized away */ volatile char c; - c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; + c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 374c472a..3c08f893 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -80,6 +80,8 @@ getLibName(void) } #elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64) +#include + /* This code tests to see if we're running on a PA2.x CPU. ** It returns true (1) if so, and false (0) otherwise. */ @@ -2091,3 +2093,29 @@ SECStatus RSA_CheckSignRecover(RSAPublicKey *key, return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen, sig, sigLen); } + +SECStatus EC_FillParams(PLArenaPool *arena, + const SECItem *encodedParams, + ECParams *params) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_FillParams)(arena, encodedParams, params); +} + +SECStatus EC_DecodeParams(const SECItem *encodedParams, + ECParams **ecparams) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_DecodeParams)(encodedParams, ecparams); +} + +SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_EC_CopyParams)(arena, dstParams, srcParams); +} + diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index c51669f1..bda18a69 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -10,7 +10,7 @@ #include "blapi.h" -#define FREEBL_VERSION 0x0310 +#define FREEBL_VERSION 0x0311 struct FREEBLVectorStr { @@ -698,6 +698,15 @@ struct FREEBLVectorStr { /* Version 3.016 came to here */ + SECStatus (* p_EC_FillParams)(PLArenaPool *arena, + const SECItem *encodedParams, ECParams *params); + SECStatus (* p_EC_DecodeParams)(const SECItem *encodedParams, + ECParams **ecparams); + SECStatus (* p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams); + + /* Version 3.017 came to here */ + /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ }; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index eb4f8b13..1137e852 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -69,7 +69,7 @@ MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h -ifdef NSS_ENABLE_ECC +ifndef NSS_DISABLE_ECC ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \ ecp_aff.c ecp_jac.c ecp_mont.c \ ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \ @@ -110,6 +110,7 @@ CSRCS = \ camellia.c \ dh.c \ ec.c \ + ecdecode.c \ pqg.c \ dsa.c \ rsa.c \ diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index ba215ba5..a556c17e 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -56,11 +56,11 @@ typedef int mp_err; #error "USHRT_MAX not defined" #endif -#if defined(ULONG_LONG_MAX) /* GCC, HPUX */ -#define MP_ULONG_LONG_MAX ULONG_LONG_MAX -#elif defined(ULLONG_MAX) /* Solaris */ +#if defined(ULLONG_MAX) /* C99, Solaris */ #define MP_ULONG_LONG_MAX ULLONG_MAX /* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */ +#elif defined(ULONG_LONG_MAX) /* HPUX */ +#define MP_ULONG_LONG_MAX ULONG_LONG_MAX #elif defined(ULONGLONG_MAX) /* IRIX, AIX */ #define MP_ULONG_LONG_MAX ULONGLONG_MAX #endif diff --git a/security/nss/lib/freebl/mpi/target.mk b/security/nss/lib/freebl/mpi/target.mk index 2392faff..dbd2fb9e 100644 --- a/security/nss/lib/freebl/mpi/target.mk +++ b/security/nss/lib/freebl/mpi/target.mk @@ -205,7 +205,7 @@ ifeq ($(TARGET),WIN32) ifeq ($(CPU_ARCH),x86_64) AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm @@ -220,7 +220,7 @@ MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE MPICMN += -DMP_MONT_USE_MP_MUL MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN CFLAGS = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER) -CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC +CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC CFLAGS += $(MPICMN) $(AS_OBJS): %.obj : %.asm diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c index 8bb89051..4e4be79f 100644 --- a/security/nss/lib/freebl/rijndael.c +++ b/security/nss/lib/freebl/rijndael.c @@ -18,17 +18,20 @@ #include "ctr.h" #include "gcm.h" -#if USE_HW_AES -#include "intel-gcm.h" +#ifdef USE_HW_AES #include "intel-aes.h" #include "mpi.h" static int has_intel_aes = 0; +static PRBool use_hw_aes = PR_FALSE; + +#ifdef INTEL_GCM +#include "intel-gcm.h" static int has_intel_avx = 0; static int has_intel_clmul = 0; -static PRBool use_hw_aes = PR_FALSE; static PRBool use_hw_gcm = PR_FALSE; #endif +#endif /* USE_HW_AES */ /* * There are currently five ways to build this code, varying in performance @@ -833,7 +836,6 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output, SECStatus rv; AESBlockFunc *encryptor; - encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) ? &rijndael_encryptBlock128 : &rijndael_encryptBlock; @@ -966,17 +968,28 @@ AESContext * AES_AllocateContext(void) } -#if USE_HW_AES +#ifdef INTEL_GCM /* * Adapted from the example code in "How to detect New Instruction support in * the 4th generation Intel Core processor family" by Max Locktyukhin. + * + * XGETBV: + * Reads an extended control register (XCR) specified by ECX into EDX:EAX. */ static PRBool check_xcr0_ymm() { PRUint32 xcr0; #if defined(_MSC_VER) +#if defined(_M_IX86) + __asm { + mov ecx, 0 + xgetbv + mov xcr0, eax + } +#else xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */ +#endif #else __asm__ ("xgetbv" : "=a" (xcr0) : "c" (0) : "%edx"); #endif @@ -1022,7 +1035,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } -#if USE_HW_AES +#ifdef USE_HW_AES if (has_intel_aes == 0) { unsigned long eax, ebx, ecx, edx; char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES"); @@ -1030,6 +1043,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, if (disable_hw_aes == NULL) { freebl_cpuid(1, &eax, &ebx, &ecx, &edx); has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1; +#ifdef INTEL_GCM has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1; if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 && check_xcr0_ymm()) { @@ -1037,17 +1051,22 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, } else { has_intel_avx = -1; } +#endif } else { has_intel_aes = -1; +#ifdef INTEL_GCM has_intel_avx = -1; has_intel_clmul = -1; +#endif } } use_hw_aes = (PRBool) (has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16); +#ifdef INTEL_GCM use_hw_gcm = (PRBool) (use_hw_aes && has_intel_avx>0 && has_intel_clmul>0); #endif +#endif /* USE_HW_AES */ /* Nb = (block size in bits) / 32 */ cx->Nb = blocksize / 4; /* Nk = (key size in bits) / 32 */ @@ -1057,23 +1076,27 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, /* copy in the iv, if neccessary */ if (mode == NSS_AES_CBC) { memcpy(cx->iv, iv, blocksize); -#if USE_HW_AES +#ifdef USE_HW_AES if (use_hw_aes) { cx->worker = (freeblCipherFunc) intel_aes_cbc_worker(encrypt, keysize); } else #endif + { cx->worker = (freeblCipherFunc) (encrypt ? &rijndael_encryptCBC : &rijndael_decryptCBC); + } } else { -#if USE_HW_AES +#ifdef USE_HW_AES if (use_hw_aes) { cx->worker = (freeblCipherFunc) intel_aes_ecb_worker(encrypt, keysize); } else #endif + { cx->worker = (freeblCipherFunc) (encrypt ? &rijndael_encryptECB : &rijndael_decryptECB); + } } PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE); if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) { @@ -1152,7 +1175,7 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, cx->isBlock = PR_FALSE; break; case NSS_AES_GCM: -#if USE_HW_AES +#ifdef INTEL_GCM if(use_hw_gcm) { cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize); cx->worker = (freeblCipherFunc) @@ -1171,7 +1194,14 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, break; case NSS_AES_CTR: cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize); - cx->worker = (freeblCipherFunc) CTR_Update ; +#if defined(USE_HW_AES) && defined(_MSC_VER) + if (use_hw_aes) { + cx->worker = (freeblCipherFunc) CTR_Update_HW_AES; + } else +#endif + { + cx->worker = (freeblCipherFunc) CTR_Update; + } cx->destroy = (freeblDestroyFunc) CTR_DestroyContext; cx->isBlock = PR_FALSE; break; diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c index a28e6c6a..c1e3d54d 100644 --- a/security/nss/lib/freebl/rsapkcs.c +++ b/security/nss/lib/freebl/rsapkcs.c @@ -24,16 +24,14 @@ /* * RSA block types * - * The actual values are important -- they are fixed, *not* arbitrary. - * The explicit value assignments are not needed (because C would give - * us those same values anyway) but are included as a reminder... + * The values of RSA_BlockPrivate and RSA_BlockPublic are fixed. + * The value of RSA_BlockRaw isn't fixed by definition, but we are keeping + * the value that NSS has been using in the past. */ typedef enum { - RSA_BlockUnused = 0, /* unused */ RSA_BlockPrivate = 1, /* pad for a private-key operation */ RSA_BlockPublic = 2, /* pad for a public-key operation */ - RSA_BlockRaw = 4, /* simply justify the block appropriately */ - RSA_BlockTotal + RSA_BlockRaw = 4 /* simply justify the block appropriately */ } RSA_BlockType; /* Needed for RSA-PSS functions */ diff --git a/security/nss/lib/freebl/sha-fast-amd64-sun.s b/security/nss/lib/freebl/sha-fast-amd64-sun.s index 71996f04..6430469a 100644 --- a/security/nss/lib/freebl/sha-fast-amd64-sun.s +++ b/security/nss/lib/freebl/sha-fast-amd64-sun.s @@ -1907,7 +1907,10 @@ SHA1_End: /NO_APP movq (%rsp), %rbx movl %eax, 16(%r13) + cmpq $0, %r14 + je .L133 movl $20, (%r14) +.L133: movq 16(%rsp), %r13 movq 24(%rsp), %r14 leave @@ -2108,3 +2111,41 @@ SHA1_TraceState: jmp PORT_SetError_Util@PLT .LFE16: .size SHA1_TraceState, .-SHA1_TraceState + .align 16 +.globl SHA1_EndRaw + .type SHA1_EndRaw, @function +SHA1_EndRaw: +.LFB50: + movq 72(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, (%rsi) + movq 80(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 4(%rsi) + movq 88(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 8(%rsi) + movq 96(%rdi), %rax +/APP + bswap %eax +/NO_APP + movl %eax, 12(%rsi) + movq 104(%rdi), %rax +/APP + bswap %eax +/NO_APP + testq %rdx, %rdx + movl %eax, 16(%rsi) + je .L14 + movl $20, (%rdx) +.L14: + rep + ret +.LFE50: + .size SHA1_EndRaw, .-SHA1_EndRaw diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index 163f07f9..1de9b497 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -105,6 +105,7 @@ STUB_DECLARE(void *,PORT_Alloc_Util,(size_t len)); +STUB_DECLARE(void *,PORT_ArenaAlloc_Util,(PLArenaPool *arena, size_t size)); STUB_DECLARE(void *,PORT_ArenaZAlloc_Util,(PLArenaPool *arena, size_t size)); STUB_DECLARE(void ,PORT_Free_Util,(void *ptr)); STUB_DECLARE(void ,PORT_FreeArena_Util,(PLArenaPool *arena, PRBool zero)); @@ -141,12 +142,13 @@ STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar, STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena, SECItem *item,unsigned int len)); -STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, +STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a, const SECItem *b)); STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena, SECItem *to,const SECItem *from)); STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit)); STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit)); +STUB_DECLARE(SECOidTag,SECOID_FindOIDTag_Util,(const SECItem *oid)); STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n)); @@ -212,13 +214,22 @@ PR_Free_stub(void *ptr) * */ extern PLArenaPool * -PORT_NewArena_stub(unsigned long chunksize) +PORT_NewArena_stub(unsigned long chunksize) { STUB_SAFE_CALL1(PORT_NewArena_Util, chunksize); abort(); return NULL; } +extern void * +PORT_ArenaAlloc_stub(PLArenaPool *arena, size_t size) +{ + + STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size); + abort(); + return NULL; +} + extern void * PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size) { @@ -500,7 +511,7 @@ SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b) return SECEqual; } -extern SECStatus +extern SECStatus SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from) { STUB_SAFE_CALL3(SECITEM_CopyItem_Util, arena, to, from); @@ -508,6 +519,14 @@ SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from) return SECFailure; } +extern SECOidTag +SECOID_FindOIDTag_stub(const SECItem *oid) +{ + STUB_SAFE_CALL1(SECOID_FindOIDTag_Util, oid); + abort(); + return SEC_OID_UNKNOWN; +} + extern void SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit) { @@ -560,6 +579,7 @@ freebl_InitNSSUtil(void *lib) STUB_FETCH_FUNCTION(PORT_ZAlloc_Util); STUB_FETCH_FUNCTION(PORT_ZFree_Util); STUB_FETCH_FUNCTION(PORT_NewArena_Util); + STUB_FETCH_FUNCTION(PORT_ArenaAlloc_Util); STUB_FETCH_FUNCTION(PORT_ArenaZAlloc_Util); STUB_FETCH_FUNCTION(PORT_FreeArena_Util); STUB_FETCH_FUNCTION(PORT_GetError_Util); @@ -569,6 +589,7 @@ freebl_InitNSSUtil(void *lib) STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util); STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util); STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util); + STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util); STUB_FETCH_FUNCTION(NSS_SecureMemcmp); return SECSuccess; } diff --git a/security/nss/lib/freebl/stubs.h b/security/nss/lib/freebl/stubs.h index 8f77e015..72f30000 100644 --- a/security/nss/lib/freebl/stubs.h +++ b/security/nss/lib/freebl/stubs.h @@ -14,13 +14,14 @@ #ifdef _LIBUTIL_H_ /* must be included before util */ /*#error stubs.h included too late */ -#define MP_DIGITES(x) "stubs included too late" +#define MP_DIGITES(x) "stubs included too late" #endif /* hide libutil rename */ #define _LIBUTIL_H_ 1 #define PORT_Alloc PORT_Alloc_stub +#define PORT_ArenaAlloc PORT_ArenaAlloc_stub #define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub #define PORT_Free PORT_Free_stub #define PORT_FreeArena PORT_FreeArena_stub @@ -35,6 +36,7 @@ #define SECITEM_CopyItem SECITEM_CopyItem_stub #define SECITEM_FreeItem SECITEM_FreeItem_stub #define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub +#define SECOID_FindOIDTag SECOID_FindOIDTag_stub #define NSS_SecureMemcmp NSS_SecureMemcmp_stub #define PR_Assert PR_Assert_stub diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index dedf98c5..c9910e7a 100644 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -576,7 +576,9 @@ PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed, PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0), PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0), PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0), +#ifndef NSS_PKIX_NO_LDAP PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), +#endif PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION), PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0), PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0), diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h index 1157916f..0a449b94 100644 --- a/security/nss/lib/libpkix/include/pkix_pl_pki.h +++ b/security/nss/lib/libpkix/include/pkix_pl_pki.h @@ -1269,6 +1269,9 @@ PKIX_PL_Cert_AreCertPoliciesCritical( * Must be non-NULL. * "nameConstraints" * Address of CertNameConstraints that need to be satisfied. + * "treatCommonNameAsDNSName" + * PKIX_TRUE if the subject common name should be considered a dNSName + * when evaluating name constraints. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: @@ -1282,6 +1285,7 @@ PKIX_Error * PKIX_PL_Cert_CheckNameConstraints( PKIX_PL_Cert *cert, PKIX_PL_CertNameConstraints *nameConstraints, + PKIX_Boolean treatCommonNameAsDNSName, void *plContext); /* @@ -1511,7 +1515,7 @@ typedef enum PKIX_PL_TrustAnchorModeEnum { * explicitly untrustworthy, explicitly configured trust anchors * MAY be ignored/rejected. */ - PKIX_PL_TrustAnchorMode_Exclusive, + PKIX_PL_TrustAnchorMode_Exclusive } PKIX_PL_TrustAnchorMode; /* @@ -1827,7 +1831,9 @@ PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert, #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0 #define PKIX_INFOACCESS_LOCATION_HTTP 1 +#ifndef NSS_PKIX_NO_LDAP #define PKIX_INFOACCESS_LOCATION_LDAP 2 +#endif /* * FUNCTION: PKIX_PL_InfoAccess_GetMethod diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h index c031a124..75d9618c 100644 --- a/security/nss/lib/libpkix/include/pkix_sample_modules.h +++ b/security/nss/lib/libpkix/include/pkix_sample_modules.h @@ -117,6 +117,7 @@ PKIX_PL_Pk11CertStore_Create( PKIX_CertStore **pPk11CertStore, void *plContext); +#ifndef NSS_PKIX_NO_LDAP /* PKIX_PL_LdapCertStore * * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server @@ -249,6 +250,7 @@ PKIX_PL_LdapCertStore_Create( PKIX_PL_LdapClient *client, PKIX_CertStore **pCertStore, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ /* PKIX_PL_NssContext * diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c index b9cde169..89bddd98 100644 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c +++ b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c @@ -425,9 +425,13 @@ pkix_CertSelector_Match_NameConstraints( PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED); if (nameConstraints != NULL) { - + /* As only the end-entity certificate should have + * the common name constrained as if it was a dNSName, + * do not constrain the common name when building a + * forward path. + */ PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints - (cert, nameConstraints, plContext), + (cert, nameConstraints, PKIX_FALSE, plContext), PKIX_CERTCHECKNAMECONSTRAINTSFAILED); } diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c index c04aa262..7c9430d3 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c @@ -167,6 +167,7 @@ pkix_NameConstraintsChecker_Check( PKIX_PL_CertNameConstraints *nameConstraints = NULL; PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL; PKIX_Boolean selfIssued = PKIX_FALSE; + PKIX_Boolean lastCert = PKIX_FALSE; PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check"); PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext); @@ -178,6 +179,7 @@ pkix_NameConstraintsChecker_Check( PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED); state->certsRemaining--; + lastCert = state->certsRemaining == 0; /* Get status of self issued */ PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext), @@ -185,13 +187,14 @@ pkix_NameConstraintsChecker_Check( /* Check on non self-issued and if so only for last cert */ if (selfIssued == PKIX_FALSE || - (selfIssued == PKIX_TRUE && state->certsRemaining == 0)) { + (selfIssued == PKIX_TRUE && lastCert)) { PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints - (cert, state->nameConstraints, plContext), + (cert, state->nameConstraints, lastCert, + plContext), PKIX_CERTCHECKNAMECONSTRAINTSFAILED); } - if (state->certsRemaining != 0) { + if (!lastCert) { PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints (cert, &nameConstraints, plContext), diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c deleted file mode 100644 index de5d203a..00000000 --- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c +++ /dev/null @@ -1,284 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * pkix_buildparams.c - * - * Build Params Object Functions - * - */ - -#include "pkix_buildparams.h" - -/* --Private-Functions-------------------------------------------- */ - -/* - * FUNCTION: pkix_BuildParams_Destroy - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Destroy( - PKIX_PL_Object *object, - void *plContext) -{ - PKIX_BuildParams *params = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy"); - PKIX_NULLCHECK_ONE(object); - - /* Check that this object is a build params object */ - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - "Object is not a build params object"); - - params = (PKIX_BuildParams *)object; - - PKIX_DECREF(params->procParams); - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_Equals - * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Equals( - PKIX_PL_Object *first, - PKIX_PL_Object *second, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_UInt32 secondType; - PKIX_Boolean cmpResult; - PKIX_BuildParams *firstBuildParams = NULL; - PKIX_BuildParams *secondBuildParams = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals"); - PKIX_NULLCHECK_THREE(first, second, pResult); - - PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext), - "First Argument is not a BuildParams object"); - - PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), - PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); - - *pResult = PKIX_FALSE; - - if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup; - - firstBuildParams = (PKIX_BuildParams *)first; - secondBuildParams = (PKIX_BuildParams *)second; - - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)firstBuildParams->procParams, - (PKIX_PL_Object *)secondBuildParams->procParams, - &cmpResult, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (!cmpResult) goto cleanup; - - *pResult = cmpResult; - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_Hashcode - * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_Hashcode( - PKIX_PL_Object *object, - PKIX_UInt32 *pHashcode, - void *plContext) -{ - PKIX_BuildParams *buildParams = NULL; - PKIX_UInt32 hash = 0; - PKIX_UInt32 procParamsHash = 0; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode"); - PKIX_NULLCHECK_TWO(object, pHashcode); - - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - "Object is not a processingParams object"); - - buildParams = (PKIX_BuildParams*)object; - - PKIX_CHECK(PKIX_PL_Object_Hashcode - ((PKIX_PL_Object *)buildParams->procParams, - &procParamsHash, - plContext), - PKIX_OBJECTHASHCODEFAILED); - - hash = 31 * procParamsHash; - - *pHashcode = hash; - -cleanup: - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_ToString - * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_BuildParams_ToString( - PKIX_PL_Object *object, - PKIX_PL_String **pString, - void *plContext) -{ - PKIX_BuildParams *buildParams = NULL; - char *asciiFormat = NULL; - PKIX_PL_String *formatString = NULL; - PKIX_PL_String *buildParamsString = NULL; - - PKIX_PL_String *procParamsString = NULL; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString"); - PKIX_NULLCHECK_TWO(object, pString); - - PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext), - PKIX_OBJECTNOTBUILDPARAMS); - - asciiFormat = - "[\n" - "\tProcessing Params: \n" - "\t********BEGIN PROCESSING PARAMS********\n" - "\t\t%s\n" - "\t********END PROCESSING PARAMS********\n" - "]\n"; - - PKIX_CHECK(PKIX_PL_String_Create - (PKIX_ESCASCII, - asciiFormat, - 0, - &formatString, - plContext), - PKIX_STRINGCREATEFAILED); - - buildParams = (PKIX_BuildParams*)object; - - PKIX_CHECK(PKIX_PL_Object_ToString - ((PKIX_PL_Object*)buildParams->procParams, - &procParamsString, - plContext), - PKIX_OBJECTTOSTRINGFAILED); - - PKIX_CHECK(PKIX_PL_Sprintf - (&buildParamsString, - plContext, - formatString, - procParamsString), - PKIX_SPRINTFFAILED); - - *pString = buildParamsString; - -cleanup: - - PKIX_DECREF(formatString); - PKIX_DECREF(procParamsString); - - PKIX_RETURN(BUILDPARAMS); -} - -/* - * FUNCTION: pkix_BuildParams_RegisterSelf - * DESCRIPTION: - * Registers PKIX_BUILDPARAMS_TYPE and its related functions with - * systemClasses[] - * THREAD SAFETY: - * Not Thread Safe - for performance and complexity reasons - * - * Since this function is only called by PKIX_PL_Initialize, which should - * only be called once, it is acceptable that this function is not - * thread-safe. - */ -PKIX_Error * -pkix_BuildParams_RegisterSelf(void *plContext) -{ - - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; - pkix_ClassTable_Entry entry; - - PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf"); - - entry.description = "BuildParams"; - entry.objCounter = 0; - entry.typeObjectSize = sizeof(PKIX_BuildParams); - entry.destructor = pkix_BuildParams_Destroy; - entry.equalsFunction = pkix_BuildParams_Equals; - entry.hashcodeFunction = pkix_BuildParams_Hashcode; - entry.toStringFunction = pkix_BuildParams_ToString; - entry.comparator = NULL; - entry.duplicateFunction = NULL; - - systemClasses[PKIX_BUILDPARAMS_TYPE] = entry; - - PKIX_RETURN(BUILDPARAMS); -} - -/* --Public-Functions--------------------------------------------- */ - -/* - * FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h) - */ -PKIX_Error * -PKIX_BuildParams_Create( - PKIX_ProcessingParams *procParams, - PKIX_BuildParams **pParams, - void *plContext) -{ - PKIX_BuildParams *params = NULL; - - PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create"); - PKIX_NULLCHECK_TWO(procParams, pParams); - - PKIX_CHECK(PKIX_PL_Object_Alloc - (PKIX_BUILDPARAMS_TYPE, - sizeof (PKIX_BuildParams), - (PKIX_PL_Object **)¶ms, - plContext), - PKIX_COULDNOTCREATEBUILDPARAMSOBJECT); - - /* initialize fields */ - PKIX_INCREF(procParams); - params->procParams = procParams; - - *pParams = params; - params = NULL; - -cleanup: - - PKIX_DECREF(params); - - PKIX_RETURN(BUILDPARAMS); - -} - -/* - * FUNCTION: PKIX_BuildParams_GetProcessingParams - * (see comments in pkix_params.h) - */ -PKIX_Error * -PKIX_BuildParams_GetProcessingParams( - PKIX_BuildParams *buildParams, - PKIX_ProcessingParams **pProcParams, - void *plContext) -{ - PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams"); - PKIX_NULLCHECK_TWO(buildParams, pProcParams); - - PKIX_INCREF(buildParams->procParams); - - *pProcParams = buildParams->procParams; - -cleanup: - PKIX_RETURN(BUILDPARAMS); -} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h deleted file mode 100644 index 4bf130b3..00000000 --- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h +++ /dev/null @@ -1,32 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * pkix_buildparams.h - * - * BuildParams Object Type Definition - * - */ - -#ifndef _PKIX_BUILDPARAMS_H -#define _PKIX_BUILDPARAMS_H - -#include "pkix_tools.h" - -#ifdef __cplusplus -extern "C" { -#endif - -struct PKIX_BuildParamsStruct { - PKIX_ProcessingParams *procParams; /* Never NULL */ -}; - -/* see source file for function documentation */ - -PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_BUILDPARAMS_H */ diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c index 5693569e..ced16d29 100644 --- a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c +++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c @@ -369,7 +369,11 @@ PKIX_TrustAnchor_CreateWithCert( anchor->caName = NULL; anchor->caPubKey = NULL; - anchor->nameConstraints = NULL; + + PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints + (anchor->trustedCert, &anchor->nameConstraints, plContext), + PKIX_CERTGETNAMECONSTRAINTSFAILED); + *pAnchor = anchor; anchor = NULL; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.h b/security/nss/lib/libpkix/pkix/top/pkix_build.h index 7fcd4731..eeba9239 100644 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.h +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.h @@ -11,7 +11,9 @@ #ifndef _PKIX_BUILD_H #define _PKIX_BUILD_H #include "pkix_tools.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapt.h" +#endif #include "pkix_ekuchecker.h" #ifdef __cplusplus diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk index b8c03de7..2926747a 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk @@ -13,3 +13,23 @@ SHARED_LIBRARY = IMPORT_LIBRARY = PROGRAM = +ifdef NSS_PKIX_NO_LDAP +LDAP_HEADERS = +LDAP_CSRCS = +else +LDAP_HEADERS = \ + pkix_pl_ldapt.h \ + pkix_pl_ldapcertstore.h \ + pkix_pl_ldapresponse.h \ + pkix_pl_ldaprequest.h \ + pkix_pl_ldapdefaultclient.h \ + $(NULL) + +LDAP_CSRCS = \ + pkix_pl_ldaptemplates.c \ + pkix_pl_ldapcertstore.c \ + pkix_pl_ldapresponse.c \ + pkix_pl_ldaprequest.c \ + pkix_pl_ldapdefaultclient.c \ + $(NULL) +endif diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn index 12d3ceea..63bfd707 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn @@ -12,11 +12,7 @@ PRIVATE_EXPORTS = \ pkix_pl_colcertstore.h \ pkix_pl_httpcertstore.h \ pkix_pl_httpdefaultclient.h \ - pkix_pl_ldapt.h \ - pkix_pl_ldapcertstore.h \ - pkix_pl_ldapresponse.h \ - pkix_pl_ldaprequest.h \ - pkix_pl_ldapdefaultclient.h \ + $(LDAP_HEADERS) \ pkix_pl_nsscontext.h \ pkix_pl_pk11certstore.h \ pkix_pl_socket.h \ @@ -32,11 +28,7 @@ CSRCS = \ pkix_pl_colcertstore.c \ pkix_pl_httpcertstore.c \ pkix_pl_httpdefaultclient.c \ - pkix_pl_ldaptemplates.c \ - pkix_pl_ldapcertstore.c \ - pkix_pl_ldapresponse.c \ - pkix_pl_ldaprequest.c \ - pkix_pl_ldapdefaultclient.c \ + $(LDAP_CSRCS) \ pkix_pl_nsscontext.c \ pkix_pl_pk11certstore.c \ pkix_pl_socket.c \ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c index ffbab7f2..148c2c19 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c @@ -11,6 +11,7 @@ #include "pkix_pl_aiamgr.h" extern PKIX_PL_HashTable *aiaConnectionCache; +#ifndef NSS_PKIX_NO_LDAP /* --Virtual-LdapClient-Functions------------------------------------ */ PKIX_Error * @@ -51,6 +52,7 @@ cleanup: PKIX_RETURN(LDAPCLIENT); } +#endif /* !NSS_PKIX_NO_LDAP */ /* --Private-AIAMgr-Functions----------------------------------*/ @@ -81,7 +83,9 @@ pkix_pl_AIAMgr_Destroy( PKIX_DECREF(aiaMgr->aia); PKIX_DECREF(aiaMgr->location); PKIX_DECREF(aiaMgr->results); +#ifndef NSS_PKIX_NO_LDAP PKIX_DECREF(aiaMgr->client.ldapClient); +#endif cleanup: @@ -114,6 +118,7 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext) PKIX_RETURN(AIAMGR); } +#ifndef NSS_PKIX_NO_LDAP /* * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient * DESCRIPTION: @@ -212,6 +217,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#endif /* !NSS_PKIX_NO_LDAP */ PKIX_Error * pkix_pl_AIAMgr_GetHTTPCerts( @@ -388,6 +394,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#ifndef NSS_PKIX_NO_LDAP PKIX_Error * pkix_pl_AIAMgr_GetLDAPCerts( PKIX_PL_AIAMgr *aiaMgr, @@ -496,6 +503,7 @@ cleanup: PKIX_RETURN(AIAMGR); } +#endif /* !NSS_PKIX_NO_LDAP */ /* * FUNCTION: PKIX_PL_AIAMgr_Create @@ -632,10 +640,12 @@ PKIX_PL_AIAMgr_GetAIACerts( PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETHTTPCERTSFAILED); +#ifndef NSS_PKIX_NO_LDAP } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) { PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts (aiaMgr, ia, &nbio, &certs, plContext), PKIX_AIAMGRGETLDAPCERTSFAILED); +#endif } else { /* We only support http and ldap requests. */ PKIX_DECREF(ia); @@ -677,7 +687,9 @@ cleanup: if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(aiaMgr->aia); PKIX_DECREF(aiaMgr->results); +#ifndef NSS_PKIX_NO_LDAP PKIX_DECREF(aiaMgr->client.ldapClient); +#endif } PKIX_DECREF(certs); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h index 00b872f5..356c1ecd 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h @@ -27,7 +27,9 @@ struct PKIX_PL_AIAMgrStruct { PKIX_PL_GeneralName *location; PKIX_List *results; union { +#ifndef NSS_PKIX_NO_LDAP PKIX_PL_LdapClient *ldapClient; +#endif struct { const SEC_HttpClientFcn *httpClient; SEC_HTTP_SERVER_SESSION serverSession; @@ -41,6 +43,7 @@ struct PKIX_PL_AIAMgrStruct { PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext); +#ifndef NSS_PKIX_NO_LDAP PKIX_Error *PKIX_PL_LdapClient_InitiateRequest( PKIX_PL_LdapClient *client, LDAPRequestParams *requestParams, @@ -53,6 +56,7 @@ PKIX_Error *PKIX_PL_LdapClient_ResumeRequest( void **pPollDesc, PKIX_List **pResponse, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ #ifdef __cplusplus } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index f13c8356..2036f5c9 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -3135,6 +3135,7 @@ PKIX_Error * PKIX_PL_Cert_CheckNameConstraints( PKIX_PL_Cert *cert, PKIX_PL_CertNameConstraints *nameConstraints, + PKIX_Boolean treatCommonNameAsDNSName, void *plContext) { PKIX_Boolean checkPass = PKIX_TRUE; @@ -3151,11 +3152,14 @@ PKIX_PL_Cert_CheckNameConstraints( PKIX_ERROR(PKIX_OUTOFMEMORY); } - /* This NSS call returns both Subject and Subject Alt Names */ + /* This NSS call returns Subject Alt Names. If + * treatCommonNameAsDNSName is true, it also returns the + * Subject Common Name + */ PKIX_CERT_DEBUG ("\t\tCalling CERT_GetConstrainedCertificateNames\n"); nssSubjectNames = CERT_GetConstrainedCertificateNames - (cert->nssCert, arena, PR_TRUE); + (cert->nssCert, arena, treatCommonNameAsDNSName); PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames (nssSubjectNames, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c index 3ce6cbec..9fa8e926 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c @@ -481,9 +481,11 @@ PKIX_PL_InfoAccess_GetLocationType( PKIX_STRINGGETENCODEDFAILED); PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n"); +#ifndef NSS_PKIX_NO_LDAP if (PORT_Strncmp(location, "ldap:", 5) == 0){ type = PKIX_INFOACCESS_LOCATION_LDAP; } else +#endif if (PORT_Strncmp(location, "http:", 5) == 0){ type = PKIX_INFOACCESS_LOCATION_HTTP; } @@ -499,6 +501,7 @@ cleanup: PKIX_RETURN(INFOACCESS); } +#ifndef NSS_PKIX_NO_LDAP /* * FUNCTION: pkix_pl_InfoAccess_ParseTokens * DESCRIPTION: @@ -868,3 +871,4 @@ cleanup: PKIX_RETURN(INFOACCESS); } +#endif /* !NSS_PKIX_NO_LDAP */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h index f56bfe1c..e69d7b41 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h @@ -32,6 +32,7 @@ pkix_pl_InfoAccess_CreateList( PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */ void *plContext); +#ifndef NSS_PKIX_NO_LDAP PKIX_Error * pkix_pl_InfoAccess_ParseLocation( PKIX_PL_GeneralName *generalName, @@ -39,6 +40,7 @@ pkix_pl_InfoAccess_ParseLocation( LDAPRequestParams *request, char **pDomainName, void *plContext); +#endif /* !NSS_PKIX_NO_LDAP */ #ifdef __cplusplus } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h index e1cb0283..2946e07a 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h @@ -38,7 +38,9 @@ /* private PKIX_PL_NSS system headers */ #include "pkix_pl_object.h" #include "pkix_pl_string.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapt.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_aiamgr.h" #include "pkix_pl_bigint.h" #include "pkix_pl_oid.h" @@ -62,9 +64,11 @@ #include "pkix_pl_ocspresponse.h" #include "pkix_pl_pk11certstore.h" #include "pkix_pl_socket.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapcertstore.h" #include "pkix_pl_ldaprequest.h" #include "pkix_pl_ldapresponse.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_nsscontext.h" #include "pkix_pl_httpcertstore.h" #include "pkix_pl_httpdefaultclient.h" diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 33381e63..6bc74b61 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -204,9 +204,11 @@ PKIX_PL_Initialize( pkix_ForwardBuilderState_RegisterSelf(plContext); pkix_SignatureCheckerState_RegisterSelf(plContext); pkix_NameConstraintsCheckerState_RegisterSelf(plContext); +#ifndef NSS_PKIX_NO_LDAP pkix_pl_LdapRequest_RegisterSelf(plContext); pkix_pl_LdapResponse_RegisterSelf(plContext); pkix_pl_LdapDefaultClient_RegisterSelf(plContext); +#endif pkix_pl_Socket_RegisterSelf(plContext); pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h index 21c20333..9660af12 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h @@ -33,10 +33,12 @@ #include "pkix_pl_crlentry.h" #include "pkix_pl_crl.h" #include "pkix_pl_colcertstore.h" +#ifndef NSS_PKIX_NO_LDAP #include "pkix_pl_ldapcertstore.h" #include "pkix_pl_ldapdefaultclient.h" #include "pkix_pl_ldaprequest.h" #include "pkix_pl_ldapresponse.h" +#endif /* !NSS_PKIX_NO_LDAP */ #include "pkix_pl_socket.h" #include "pkix_pl_infoaccess.h" #include "pkix_store.h" diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 9804777e..fdb1cd08 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1045,3 +1045,11 @@ CERT_GetSubjectPublicKeyDigest; ;+ local: ;+ *; ;+}; +;+NSS_3.16.1 { # NSS 3.16.1 release +;+ global: +PK11_ExportDERPrivateKeyInfo; +PK11_ExportPrivKeyInfo; +SECMOD_InternaltoPubMechFlags; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 6a4d4636..c293db34 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -9,7 +9,7 @@ #define __nss_h_ /* The private macro _NSS_ECC_STRING is for NSS internal use only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define _NSS_ECC_STRING " Extended ECC" #else diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 13cdaeec..6218a7e9 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -1091,14 +1091,6 @@ nss_Shutdown(void) shutdownRV = SECFailure; } pk11sdr_Shutdown(); - /* - * A thread's error stack is automatically destroyed when the thread - * terminates, except for the primordial thread, whose error stack is - * destroyed by PR_Cleanup. Since NSS is usually shut down by the - * primordial thread and many NSS-based apps don't call PR_Cleanup, - * we destroy the calling thread's error stack here. - */ - nss_DestroyErrorStack(); nssArena_Shutdown(); if (status == PR_FAILURE) { if (NSS_GetError() == NSS_ERROR_BUSY) { @@ -1106,6 +1098,16 @@ nss_Shutdown(void) } shutdownRV = SECFailure; } + /* + * A thread's error stack is automatically destroyed when the thread + * terminates, except for the primordial thread, whose error stack is + * destroyed by PR_Cleanup. Since NSS is usually shut down by the + * primordial thread and many NSS-based apps don't call PR_Cleanup, + * we destroy the calling thread's error stack here. This must be + * done after any NSS_GetError call, otherwise NSS_GetError will + * create the error stack again. + */ + nss_DestroyErrorStack(); nssIsInitted = PR_FALSE; temp = nssInitContextList; nssInitContextList = NULL; diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 12e2149f..5ad45a59 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1713,7 +1713,13 @@ done: SECKEYPrivateKeyInfo * PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx) { - return NULL; + SECKEYPrivateKeyInfo *pki = NULL; + SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx); + if (pk != NULL) { + pki = PK11_ExportPrivKeyInfo(pk, wincx); + SECKEY_DestroyPrivateKey(pk); + } + return pki; } SECKEYEncryptedPrivateKeyInfo * @@ -1892,7 +1898,7 @@ PK11_ExportEncryptedPrivateKeyInfo( } SECItem* -PK11_DEREncodePublicKey(SECKEYPublicKey *pubk) +PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk) { return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk); } diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c index 8aeb63ef..d626ba72 100644 --- a/security/nss/lib/pk11wrap/pk11cxt.c +++ b/security/nss/lib/pk11wrap/pk11cxt.c @@ -754,6 +754,9 @@ PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen) CK_RV crv = CKR_OK; SECStatus rv = SECSuccess; + if (inLen == 0) { + return SECSuccess; + } if (!in) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 2db8e8e8..84268ab4 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -81,6 +81,9 @@ PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object) { * Read in a single attribute into a SECItem. Allocate space for it with * PORT_Alloc unless an arena is supplied. In the latter case use the arena * to allocate the space. + * + * PK11_ReadAttribute sets the 'data' and 'len' fields of the SECItem but + * does not modify its 'type' field. */ SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 806b3876..471e57b3 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -18,6 +18,7 @@ #include "secoid.h" #include "secasn1.h" #include "secerr.h" +#include "prerror.h" @@ -516,3 +517,112 @@ PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, } +SECItem * +PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx) +{ + SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx); + SECItem *derPKI; + + if (!pki) { + return NULL; + } + derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki, + SECKEY_PrivateKeyInfoTemplate); + SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE); + return derPKI; +} + +static PRBool +ReadAttribute(SECKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, + PLArenaPool *arena, SECItem *output) +{ + SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type, + arena, output); + return rv == SECSuccess; +} + +/* + * The caller is responsible for freeing the return value by passing it to + * SECKEY_DestroyPrivateKeyInfo(..., PR_TRUE). + */ +SECKEYPrivateKeyInfo * +PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx) +{ + /* PrivateKeyInfo version (always zero) */ + const unsigned char pkiVersion = 0; + /* RSAPrivateKey version (always zero) */ + const unsigned char rsaVersion = 0; + PLArenaPool *arena = NULL; + SECKEYRawPrivateKey rawKey; + SECKEYPrivateKeyInfo *pki; + SECItem *encoded; + SECStatus rv; + + if (pk->keyType != rsaKey) { + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + goto loser; + } + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + goto loser; + } + memset(&rawKey, 0, sizeof(rawKey)); + rawKey.keyType = pk->keyType; + rawKey.u.rsa.version.type = siUnsignedInteger; + rawKey.u.rsa.version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1); + if (!rawKey.u.rsa.version.data) { + goto loser; + } + rawKey.u.rsa.version.data[0] = rsaVersion; + rawKey.u.rsa.version.len = 1; + + /* Read the component attributes of the private key */ + prepare_rsa_priv_key_export_for_asn1(&rawKey); + if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey.u.rsa.modulus) || + !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena, + &rawKey.u.rsa.publicExponent) || + !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena, + &rawKey.u.rsa.privateExponent) || + !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey.u.rsa.prime1) || + !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey.u.rsa.prime2) || + !ReadAttribute(pk, CKA_EXPONENT_1, arena, + &rawKey.u.rsa.exponent1) || + !ReadAttribute(pk, CKA_EXPONENT_2, arena, + &rawKey.u.rsa.exponent2) || + !ReadAttribute(pk, CKA_COEFFICIENT, arena, + &rawKey.u.rsa.coefficient)) { + goto loser; + } + + pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo); + if (!pki) { + goto loser; + } + encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, &rawKey, + SECKEY_RSAPrivateKeyExportTemplate); + if (!encoded) { + goto loser; + } + rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, + SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); + if (rv != SECSuccess) { + goto loser; + } + pki->version.type = siUnsignedInteger; + pki->version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1); + if (!pki->version.data) { + goto loser; + } + pki->version.data[0] = pkiVersion; + pki->version.len = 1; + pki->arena = arena; + + return pki; + +loser: + if (arena) { + PORT_FreeArena(arena, PR_TRUE); + } + return NULL; +} diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index 2c083246..ce9769a4 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -559,6 +559,9 @@ SECStatus PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, KeyType type, unsigned int usage, SECKEYPrivateKey** privk, void *wincx); +SECItem *PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx); +SECKEYPrivateKeyInfo *PK11_ExportPrivKeyInfo( + SECKEYPrivateKey *pk, void *wincx); SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo( CERTCertificate *cert, void *wincx); SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo( @@ -585,7 +588,7 @@ SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, * The caller of PK11_DEREncodePublicKey should free the returned SECItem with * a SECITEM_FreeItem(..., PR_TRUE) call. */ -SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk); +SECItem* PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk); PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech); SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, @@ -770,9 +773,10 @@ PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, /********************************************************************** * Functions to manage secmod flags **********************************************************************/ -PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size); +const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size); SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot, - PK11DefaultArrayEntry *entry, PRBool add); + const PK11DefaultArrayEntry *entry, + PRBool add); /********************************************************************** * Functions to look at PKCS #11 dependent data diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 4e26e44a..4c5b9f16 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -2229,7 +2229,9 @@ PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, return pk11_PubDeriveECKeyWithKDF( privKey, pubKey, isSender, randomA, randomB, derive, target, operation, keySize, kdf, sharedData, wincx); - default: break; + default: + PORT_SetError(SEC_ERROR_BAD_KEY); + break; } return NULL; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index dede1e21..1f6597b5 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -29,9 +29,10 @@ * to make the config files understand more entries, add them * to this table. */ -PK11DefaultArrayEntry PK11_DefaultArray[] = { +const PK11DefaultArrayEntry PK11_DefaultArray[] = { { "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS }, { "DSA", SECMOD_DSA_FLAG, CKM_DSA }, + { "ECC", SECMOD_ECC_FLAG, CKM_ECDSA }, { "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE }, { "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC }, { "RC4", SECMOD_RC4_FLAG, CKM_RC4 }, @@ -56,7 +57,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = { const int num_pk11_default_mechanisms = sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]); -PK11DefaultArrayEntry * +const PK11DefaultArrayEntry * PK11_GetDefaultArray(int *size) { if (size) { @@ -948,9 +949,10 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count) * returns: SECSuccess if nothing to do or add/delete is successful */ SECStatus -PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry, - PRBool add) - /* add: PR_TRUE if want to turn on */ +PK11_UpdateSlotAttribute(PK11SlotInfo *slot, + const PK11DefaultArrayEntry *entry, + PRBool add) + /* add: PR_TRUE if want to turn on */ { SECStatus result = SECSuccess; PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism); @@ -1501,6 +1503,12 @@ PK11_GetDisabledReason(PK11SlotInfo *slot) /* returns PR_FALSE otherwise */ PRBool PK11_UserDisableSlot(PK11SlotInfo *slot) { + /* Prevent users from disabling the internal module. */ + if (slot->isInternal) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return PR_FALSE; + } + slot->defaultFlags |= PK11_DISABLE_FLAG; slot->disabled = PR_TRUE; slot->reason = PK11_DIS_USER_SELECTED; diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 35cef9e4..58ff5da9 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -27,8 +27,8 @@ static SECMODListLock *moduleLock = NULL; int secmod_PrivateModuleCount = 0; -extern PK11DefaultArrayEntry PK11_DefaultArray[]; -extern int num_pk11_default_mechanisms; +extern const PK11DefaultArrayEntry PK11_DefaultArray[]; +extern const int num_pk11_default_mechanisms; void diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 05573349..9cc4cfb5 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -28,6 +28,7 @@ #define PUBLIC_MECH_SHA512_FLAG 0x00008000ul #define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul #define PUBLIC_MECH_SEED_FLAG 0x00020000ul +#define PUBLIC_MECH_ECC_FLAG 0x00040000ul #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul @@ -138,6 +139,7 @@ PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod); /* Functions used to convert between internal & public representation * of Mechanism Flags and Cipher Enable Flags */ extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags); +extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); PRBool SECMOD_HasRemovableSlots(SECMODModule *mod); diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h index 4a86756d..830fb67b 100644 --- a/security/nss/lib/pk11wrap/secmodi.h +++ b/security/nss/lib/pk11wrap/secmodi.h @@ -50,7 +50,6 @@ extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *); extern void SECMOD_DestroyModuleList(SECMODModuleList *); extern SECStatus SECMOD_AddModule(SECMODModule *newModule); -extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags); /* Library functions */ diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index 73d2a7eb..33e7f1b2 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -127,12 +127,12 @@ typedef enum { } PK11CertListType; /* - * Entry into the Array which lists all the legal bits for the default flags - * in the slot, their definition, and the PKCS #11 mechanism the represent - * Always Statically allocated. + * Entry into the array which lists all the legal bits for the default flags + * in the slot, their definition, and the PKCS #11 mechanism they represent. + * Always statically allocated. */ struct PK11DefaultArrayEntryStr { - char *name; + const char *name; unsigned long flag; unsigned long mechanism; /* this is a long so we don't include the * whole pkcs 11 world to use this header */ diff --git a/security/nss/lib/pkcs12/p12creat.c b/security/nss/lib/pkcs12/p12creat.c index 235ddfbe..65bf0862 100644 --- a/security/nss/lib/pkcs12/p12creat.c +++ b/security/nss/lib/pkcs12/p12creat.c @@ -54,7 +54,7 @@ sec_pkcs12_new_asafe(PLArenaPool *poolp) if(asafe == NULL) goto loser; asafe->poolp = poolp; - PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS7ContentInfo)); + PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD)); PORT_ArenaUnmark(poolp, mark); return asafe; diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 826ba6b6..0842d8b2 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -468,10 +468,10 @@ nssTrustDomain_UpdateCachedTokenCerts ( if (count > 0) { cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1); if (!cached) { + nssList_Destroy(certList); return PR_FAILURE; } nssList_GetArray(certList, (void **)cached, count); - nssList_Destroy(certList); for (cp = cached; *cp; cp++) { nssCryptokiObject *instance; NSSCertificate *c = *cp; @@ -490,6 +490,7 @@ nssTrustDomain_UpdateCachedTokenCerts ( } nssCertificateArray_Destroy(cached); } + nssList_Destroy(certList); return PR_SUCCESS; } diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 57c9b1c7..a5e1a37d 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -273,3 +273,9 @@ SEC_PKCS7VerifyDetachedSignatureAtTime; ;+ local: ;+ *; ;+}; +;+NSS_3.16 { # NSS 3.16 release +;+ global: +NSS_CMSSignerInfo_Verify; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk index 3c735166..5b860be0 100644 --- a/security/nss/lib/softoken/config.mk +++ b/security/nss/lib/softoken/config.mk @@ -63,7 +63,3 @@ endif ifeq ($(OS_TARGET),AIX) OS_LIBS += -lpthread endif - -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c index 6fc424fd..aed33bb0 100644 --- a/security/nss/lib/softoken/fipstest.c +++ b/security/nss/lib/softoken/fipstest.c @@ -13,7 +13,7 @@ #include "pkcs11.h" /* Required for PKCS #11. */ #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "ec.h" /* Required for ECDSA */ #endif @@ -1612,7 +1612,7 @@ rsa_loser: return( CKR_DEVICE_ERROR ); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, @@ -1795,7 +1795,7 @@ sftk_fips_ECDSA_PowerUpSelfTest() { return( CKR_OK ); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV sftk_fips_DSA_PowerUpSelfTest( void ) @@ -2080,7 +2080,7 @@ sftk_fipsPowerUpSelfTest( void ) if( rv != CKR_OK ) return rv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDSA Power-Up SelfTest(s). */ rv = sftk_fips_ECDSA_PowerUpSelfTest(); diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 1381e6a9..9435e71c 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -33,11 +33,6 @@ #include #endif -#ifdef SOLARIS -#include -#define AUE_FIPS_AUDIT 34444 -#endif - #ifdef LINUX #include #include @@ -407,34 +402,6 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType, PR_smprintf_free(message); } #endif /* LINUX */ -#ifdef SOLARIS - { - int rd; - char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg); - - if (!message) { - return; - } - - /* open the record descriptor */ - if ((rd = au_open()) == -1) { - PR_smprintf_free(message); - return; - } - - /* write the audit tokens to the audit record */ - if (au_write(rd, au_to_text(message))) { - (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT); - PR_smprintf_free(message); - return; - } - - /* close the record and send it to the audit trail */ - (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT); - - PR_smprintf_free(message); - } -#endif /* SOLARIS */ #else /* do nothing */ #endif diff --git a/security/nss/lib/softoken/legacydb/config.mk b/security/nss/lib/softoken/legacydb/config.mk index 4835ae2e..ac7240e4 100644 --- a/security/nss/lib/softoken/legacydb/config.mk +++ b/security/nss/lib/softoken/legacydb/config.mk @@ -55,7 +55,3 @@ EXTRA_SHARED_LIBS += \ -lnspr4 \ $(NULL) endif - -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index 4778bfbe..085b2be2 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1143,12 +1143,12 @@ nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cer namekey.data = pubkey->u.dh.publicValue.data; namekey.size = pubkey->u.dh.publicValue.len; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: namekey.data = pubkey->u.ec.publicValue.data; namekey.size = pubkey->u.ec.publicValue.len; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* XXX We don't do Fortezza or DH yet. */ return PR_FALSE; @@ -1475,7 +1475,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *der_item = NULL; SECItem *cipherText = NULL; SECItem *dummy = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; int savelen; #endif @@ -1555,7 +1555,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: lg_prepare_low_ec_priv_key_for_asn1(pk); /* Public value is encoded as a bit string so adjust length @@ -1594,7 +1594,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, pk->keyType, fordebug); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* We don't support DH or Fortezza private keys yet */ PORT_Assert(PR_FALSE); @@ -1704,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; #endif @@ -1812,7 +1812,7 @@ seckey_decrypt_private_key(SECItem*epki, lg_nsslowkey_DHPrivateKeyTemplate, &newPrivateKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); @@ -1849,7 +1849,7 @@ seckey_decrypt_private_key(SECItem*epki, } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index abdbeff5..fbe6c319 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -423,11 +423,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { case NSSLOWKEYDHKey: pubItem = &pubKey->u.dh.publicValue; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubItem = &pubKey->u.ec.publicValue; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -551,7 +551,7 @@ lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) @@ -601,7 +601,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV @@ -653,10 +653,10 @@ lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPublicKeyAttribute(key,type,attribute); case NSSLOWKEYDHKey: return lg_FindDHPublicKeyAttribute(key,type,attribute); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPublicKeyAttribute(key,type,attribute); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } @@ -945,7 +945,7 @@ lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, return lg_invalidAttribute(attribute); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static CK_RV lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute, SDB *sdbpw) @@ -983,7 +983,7 @@ lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type, } return lg_invalidAttribute(attribute); } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ static CK_RV lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, @@ -1030,10 +1030,10 @@ lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type, return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb); case NSSLOWKEYDHKey: return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: break; } diff --git a/security/nss/lib/softoken/legacydb/lgcreate.c b/security/nss/lib/softoken/legacydb/lgcreate.c index ac400316..c5ce99e1 100644 --- a/security/nss/lib/softoken/legacydb/lgcreate.c +++ b/security/nss/lib/softoken/legacydb/lgcreate.c @@ -399,10 +399,10 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, NSSLOWKEYPrivateKey *priv; SECItem pubKeySpace = {siBuffer, NULL, 0}; SECItem *pubKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem pubKey2Space = {siBuffer, NULL, 0}; PLArenaPool *arena = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ NSSLOWKEYDBHandle *keyHandle = NULL; @@ -410,11 +410,11 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, case CKK_RSA: pubKeyAttr = CKA_MODULUS; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKeyAttr = CKA_EC_POINT; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_DSA: case CKK_DH: break; @@ -427,7 +427,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, crv = lg_Attribute2SSecItem(NULL,pubKeyAttr,templ,count,pubKey); if (crv != CKR_OK) return crv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (key_type == CKK_EC) { SECStatus rv; /* @@ -450,7 +450,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, pubKey = &pubKey2Space; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PORT_Assert(pubKey->data); if (pubKey->data == NULL) { @@ -471,7 +471,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, /* make sure the associated private key already exists */ /* only works if we are logged in */ priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (priv == NULL && pubKey == &pubKey2Space) { /* no match on the decoded key, match the original pubkey */ pubKey = &pubKeySpace; @@ -492,7 +492,7 @@ lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type, done: PORT_Free(pubKeySpace.data); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (arena) PORT_FreeArena(arena, PR_FALSE); #endif @@ -599,7 +599,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS,templ,count, @@ -628,7 +628,7 @@ lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count, NSSLOWKEY_EC_PRIVATE_KEY_VERSION); if (rv != SECSuccess) crv = CKR_HOST_MEMORY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c index f0869db9..0b0540bc 100644 --- a/security/nss/lib/softoken/legacydb/lowcert.c +++ b/security/nss/lib/softoken/legacydb/lowcert.c @@ -793,7 +793,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) nsslowcert_DHPublicKeyTemplate, &os); if (rv == SECSuccess) return pubk; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: pubk->keyType = NSSLOWKEYECKey; /* Since PKCS#11 directly takes the DER encoding of EC params @@ -814,7 +814,7 @@ nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os); if (rv == SECSuccess) return pubk; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; break; diff --git a/security/nss/lib/softoken/legacydb/lowkey.c b/security/nss/lib/softoken/legacydb/lowkey.c index f455cf9c..7521dac8 100644 --- a/security/nss/lib/softoken/legacydb/lowkey.c +++ b/security/nss/lib/softoken/legacydb/lowkey.c @@ -99,7 +99,7 @@ const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -216,7 +216,7 @@ LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams, loser: return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -266,7 +266,7 @@ lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void lg_prepare_low_ecparams_for_asn1(ECParams *params) { @@ -283,7 +283,7 @@ lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -378,7 +378,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -397,7 +397,7 @@ lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: diff --git a/security/nss/lib/softoken/legacydb/lowkeyi.h b/security/nss/lib/softoken/legacydb/lowkeyi.h index 8054cc86..67398885 100644 --- a/security/nss/lib/softoken/legacydb/lowkeyi.h +++ b/security/nss/lib/softoken/legacydb/lowkeyi.h @@ -26,10 +26,10 @@ extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params); extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void lg_prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion); @@ -135,7 +135,7 @@ extern char * nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, SDB *sdb); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* * smaller version of EC_FillParams. In this code, we only need * oid and DER data. diff --git a/security/nss/lib/softoken/legacydb/lowkeyti.h b/security/nss/lib/softoken/legacydb/lowkeyti.h index 5be6b0a5..47fff7dc 100644 --- a/security/nss/lib/softoken/legacydb/lowkeyti.h +++ b/security/nss/lib/softoken/legacydb/lowkeyti.h @@ -43,11 +43,11 @@ extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[]; extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template lg_nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/security/nss/lib/softoken/lowkey.c b/security/nss/lib/softoken/lowkey.c index d7f97133..d0433421 100644 --- a/security/nss/lib/softoken/lowkey.c +++ b/security/nss/lib/softoken/lowkey.c @@ -9,7 +9,7 @@ #include "secasn1.h" #include "secerr.h" -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #include "softoken.h" #endif @@ -91,7 +91,7 @@ const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = { { 0, } }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX This is just a placeholder for later when we support * generic curves and need full-blown support for parsing EC @@ -140,7 +140,7 @@ const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = { SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0, } }; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * See bugzilla bug 125359 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, @@ -196,7 +196,7 @@ prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.dh.privateValue.type = siUnsignedInteger; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC void prepare_low_ecparams_for_asn1(ECParams *params) { @@ -213,7 +213,7 @@ prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key) key->u.ec.privateValue.type = siUnsignedInteger; key->u.ec.publicValue.type = siUnsignedInteger; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk) @@ -341,7 +341,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); @@ -360,7 +360,7 @@ nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk) if (rv == SECSuccess) return pubk; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* No Fortezza in Low Key implementations (Fortezza keys aren't * stored in our data base */ default: @@ -459,7 +459,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.dh.base)); if(rv != SECSuccess) break; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version), &(privKey->u.ec.version)); @@ -476,7 +476,7 @@ nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey) &(privKey->u.ec.ecParams)); if (rv != SECSuccess) break; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; } diff --git a/security/nss/lib/softoken/lowkeyi.h b/security/nss/lib/softoken/lowkeyi.h index 1420abbc..7282ffe0 100644 --- a/security/nss/lib/softoken/lowkeyi.h +++ b/security/nss/lib/softoken/lowkeyi.h @@ -25,10 +25,10 @@ extern void prepare_low_pqg_params_for_asn1(PQGParams *params); extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key); extern void prepare_low_ecparams_for_asn1(ECParams *params); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ** Destroy a private key object. diff --git a/security/nss/lib/softoken/lowkeyti.h b/security/nss/lib/softoken/lowkeyti.h index 76c15aa0..a4c94d81 100644 --- a/security/nss/lib/softoken/lowkeyti.h +++ b/security/nss/lib/softoken/lowkeyti.h @@ -20,11 +20,11 @@ extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[]; extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[]; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */ extern const SEC_ASN1Template nsslowkey_ECParamsTemplate[]; extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[]; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[]; extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[]; diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn index ed52b3d9..25f1b0d3 100644 --- a/security/nss/lib/softoken/manifest.mn +++ b/security/nss/lib/softoken/manifest.mn @@ -34,7 +34,6 @@ PRIVATE_EXPORTS = \ $(NULL) CSRCS = \ - ecdecode.c \ fipsaudt.c \ fipstest.c \ fipstokn.c \ diff --git a/security/nss/lib/softoken/manifest.mn.orig b/security/nss/lib/softoken/manifest.mn.orig new file mode 100644 index 00000000..ed52b3d9 --- /dev/null +++ b/security/nss/lib/softoken/manifest.mn.orig @@ -0,0 +1,63 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. + +MODULE = nss +DIRS = legacydb + +LIBRARY_NAME = softokn +LIBRARY_VERSION = 3 +MAPFILE = $(OBJDIR)/softokn.def + +DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" + +SQLITE_INCLUDE_DIR=$(DIST)/include/sqlite3 +ifdef SQLITE_INCLUDE_DIR +INCLUDES += -I$(SQLITE_INCLUDE_DIR) +endif + +EXPORTS = \ + $(NULL) + +PRIVATE_EXPORTS = \ + lgglue.h \ + lowkeyi.h \ + lowkeyti.h \ + pkcs11ni.h \ + softoken.h \ + softoknt.h \ + softkver.h \ + sdb.h \ + sftkdbt.h \ + $(NULL) + +CSRCS = \ + ecdecode.c \ + fipsaudt.c \ + fipstest.c \ + fipstokn.c \ + lgglue.c \ + lowkey.c \ + lowpbe.c \ + padbuf.c \ + pkcs11.c \ + pkcs11c.c \ + pkcs11u.c \ + sdb.c \ + sftkdb.c \ + sftkhmac.c \ + sftkpars.c \ + sftkpwd.c \ + softkver.c \ + tlsprf.c \ + jpakesftk.c \ + $(NULL) + +ifdef SQLITE_UNSAFE_THREADS +DEFINES += -DSQLITE_UNSAFE_THREADS +endif + +# This part of the code, including all sub-dirs, can be optimized for size +export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index db0ead40..d1dd73af 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -302,7 +302,7 @@ static const struct mechanismList mechanisms[] = { CKF_GENERATE_KEY_PAIR}, PR_TRUE}, {CKM_DH_PKCS_DERIVE, {DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_DERIVE}, PR_TRUE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* -------------------- Elliptic Curve Operations --------------------- */ {CKM_EC_KEY_PAIR_GEN, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, @@ -312,7 +312,7 @@ static const struct mechanismList mechanisms[] = { CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, {CKM_ECDSA_SHA1, {EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* ------------------------- RC2 Operations --------------------------- */ {CKM_RC2_KEY_GEN, {1, 128, CKF_GENERATE}, PR_TRUE}, {CKM_RC2_ECB, {1, 128, CKF_EN_DE_WR_UN}, PR_TRUE}, @@ -927,7 +927,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -941,7 +941,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: return CKR_ATTRIBUTE_VALUE_INVALID; } @@ -1088,7 +1088,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: if ( !sftk_hasAttribute(object, CKA_EC_PARAMS)) { return CKR_TEMPLATE_INCOMPLETE; @@ -1101,7 +1101,7 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE recover = CK_FALSE; wrap = CK_FALSE; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case CKK_NSS_JPAKE_ROUND1: if (!sftk_hasAttribute(object, CKA_PRIME) || !sftk_hasAttribute(object, CKA_SUBPRIME) || @@ -1708,7 +1708,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.dh.publicValue, object,CKA_VALUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: pubKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1768,7 +1768,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = CKR_ATTRIBUTE_VALUE_INVALID; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -1877,7 +1877,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) * if we don't set it explicitly */ break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: privKey->keyType = NSSLOWKEYECKey; crv = sftk_Attribute2SSecItem(arena, @@ -1919,7 +1919,7 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) #endif } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index a0a3bea9..f5934ff6 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -62,7 +62,7 @@ static void sftk_Null(void *data, PRBool freeit) return; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef EC_DEBUG #define SEC_PRINT(str1, str2, num, sitem) \ printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \ @@ -74,7 +74,7 @@ static void sftk_Null(void *data, PRBool freeit) #else #define SEC_PRINT(a, b, c, d) #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* * free routines.... Free local type allocated data, and convert @@ -120,7 +120,7 @@ sftk_MapCryptError(int error) return CKR_KEY_SIZE_RANGE; /* the closest error code */ case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM: return CKR_TEMPLATE_INCONSISTENT; - /* EC functions set this error if NSS_ENABLE_ECC is not defined */ + /* EC functions set this error if NSS_DISABLE_ECC is defined */ case SEC_ERROR_UNSUPPORTED_KEYALG: return CKR_MECHANISM_INVALID; case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE: @@ -2242,7 +2242,7 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, return rv; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) @@ -2277,7 +2277,7 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, *sigLen = signature.len; return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: @@ -2429,7 +2429,7 @@ finish_rsa: break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -2452,7 +2452,7 @@ finish_rsa: context->maxLen = MAX_ECKEY_LEN * 2; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define INIT_HMAC_MECH(mmm) \ case CKM_ ## mmm ## _HMAC_GENERAL: \ @@ -3060,7 +3060,7 @@ finish_rsa: context->verify = (SFTKVerify) nsc_DSA_Verify_Stub; context->destroy = sftk_Null; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDSA_SHA1: context->multi = PR_TRUE; crv = sftk_doSubSHA1(context); @@ -3080,7 +3080,7 @@ finish_rsa: context->verify = (SFTKVerify) nsc_ECDSAVerifyStub; context->destroy = sftk_Null; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ INIT_HMAC_MECH(MD2) INIT_HMAC_MECH(MD5) @@ -4209,7 +4209,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, pairwise_digest_length = subPrimeLen; mech.mechanism = CKM_DSA; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: signature_length = MAX_ECKEY_LEN * 2; mech.mechanism = CKM_ECDSA; @@ -4332,12 +4332,12 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, int private_value_bits = 0; DHPrivateKey * dhPriv; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Elliptic Curve Cryptography */ SECItem ecEncodedParams; /* DER Encoded parameters */ ECPrivateKey * ecPriv; ECParams * ecParams; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ CHECK_FORK(); @@ -4667,7 +4667,7 @@ dhgn_done: PORT_FreeArena(dhPriv->arena, PR_TRUE); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_EC_KEY_PAIR_GEN: sftk_DeleteAttributeType(privateKey,CKA_EC_PARAMS); sftk_DeleteAttributeType(privateKey,CKA_VALUE); @@ -4730,7 +4730,7 @@ ecgn_done: /* should zeroize, since this function doesn't. */ PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_MECHANISM_INVALID; @@ -4850,7 +4850,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) void *dummy, *param = NULL; SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECItem *fordebug; int savelen; #endif @@ -4905,7 +4905,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PQGParamsTemplate); algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: prepare_low_ec_priv_key_for_asn1(lk); /* Public value is encoded as a bit string so adjust length @@ -4932,7 +4932,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case NSSLOWKEYDHKey: default: dummy = NULL; @@ -4965,7 +4965,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5191,7 +5191,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params); break; /* case NSSLOWKEYDHKey: */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keyTemplate = nsslowkey_ECPrivateKeyTemplate; paramTemplate = NULL; @@ -5200,7 +5200,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) prepare_low_ec_priv_key_for_asn1(lpk); prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keyTemplate = NULL; paramTemplate = NULL; @@ -5215,7 +5215,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) /* decode the private key and any algorithm parameters */ rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (lpk->keyType == NSSLOWKEYECKey) { /* convert length in bits to length in bytes */ lpk->u.ec.publicValue.len >>= 3; @@ -5226,7 +5226,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) goto loser; } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if(rv != SECSuccess) { goto loser; @@ -5321,7 +5321,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) break; #endif /* what about fortezza??? */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case NSSLOWKEYECKey: keyType = CKK_EC; crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : @@ -5347,7 +5347,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki) if(crv != CKR_OK) break; /* XXX Do we need to decode the EC Params here ?? */ break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -5657,7 +5657,7 @@ sftk_MapKeySize(CK_KEY_TYPE keyType) return 0; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Inputs: * key_len: Length of derived key to be generated. * SharedSecret: a shared secret that is the output of a key agreement primitive. @@ -5768,7 +5768,7 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, else return CKR_MECHANISM_INVALID; } -#endif +#endif /* NSS_DISABLE_ECC */ /* * SSL Key generation given pre master secret @@ -6714,7 +6714,7 @@ key_and_mac_derive_fail: break; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKM_ECDH1_DERIVE: case CKM_ECDH1_COFACTOR_DERIVE: { @@ -6872,7 +6872,7 @@ ec_loser: break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */ case CKM_NSS_HKDF_SHA1: hashType = HASH_AlgSHA1; goto hkdf; diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 770fb0e6..78e2fdc9 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1246,7 +1246,7 @@ static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = { }; static const CK_ULONG dhPubKeyAttrsCount = sizeof(dhPubKeyAttrs)/sizeof(dhPubKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = { CKA_EC_PARAMS, CKA_EC_POINT }; @@ -1279,7 +1279,7 @@ static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = { }; static const CK_ULONG dhPrivKeyAttrsCount = sizeof(dhPrivKeyAttrs)/sizeof(dhPrivKeyAttrs[0]); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = { CKA_EC_PARAMS, CKA_VALUE }; @@ -1390,7 +1390,7 @@ stfk_CopyTokenPrivateKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs, dhPrivKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs, ecPrivKeyAttrsCount); @@ -1452,7 +1452,7 @@ stfk_CopyTokenPublicKey(SFTKObject *destObject,SFTKTokenObject *src_to) crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs, dhPubKeyAttrsCount); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case CKK_EC: crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs, ecPubKeyAttrsCount); diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 5189eb26..5379c766 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -2012,7 +2012,17 @@ s_open(const char *directory, const char *certPrefix, const char *keyPrefix, /* how long does it take to test for a non-existant file in our working * directory? Allows us to test if we may be on a network file system */ - accessOps = sdb_measureAccess(directory); + accessOps = 1; + { + char *env; + env = PR_GetEnv("NSS_SDB_USE_CACHE"); + /* If the environment variable is set to yes or no, sdb_init() will + * ignore the value of accessOps, and we can skip the measuring.*/ + if (!env || ((PORT_Strcasecmp(env, "no") != 0) && + (PORT_Strcasecmp(env, "yes") != 0))){ + accessOps = sdb_measureAccess(directory); + } + } /* * open the cert data base diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 27184c51..0faf73be 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -8,7 +8,7 @@ #ifndef _SOFTKVER_H_ #define _SOFTKVER_H_ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifdef NSS_ECC_MORE_THAN_SUITE_B #define SOFTOKEN_ECC_STRING " Extended ECC" #else diff --git a/security/nss/lib/softoken/softoken.h b/security/nss/lib/softoken/softoken.h index f8606da9..fbd00b6c 100644 --- a/security/nss/lib/softoken/softoken.h +++ b/security/nss/lib/softoken/softoken.h @@ -35,19 +35,6 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, const unsigned char *hash, unsigned int hashLen); -#ifdef NSS_ENABLE_ECC -/* -** pepare an ECParam structure from DEREncoded params - */ -extern SECStatus EC_FillParams(PLArenaPool *arena, - const SECItem *encodedParams, ECParams *params); -extern SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); -#endif - - /* ** Prepare a buffer for padded CBC encryption, growing to the appropriate ** boundary, filling with the appropriate padding. diff --git a/security/nss/lib/sqlite/config.mk b/security/nss/lib/sqlite/config.mk index c7b93ed3..b0e9390f 100644 --- a/security/nss/lib/sqlite/config.mk +++ b/security/nss/lib/sqlite/config.mk @@ -22,10 +22,6 @@ OPTIMIZER= endif endif -ifeq ($(OS_TARGET),SunOS) -OS_LIBS += -lbsm -endif - ifeq ($(OS_TARGET),Darwin) # These version numbers come from the -version-info 8:6:8 libtool option in # sqlite upstream's Makefile.in. (Given -version-info current:revision:age, diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index 35cfe251..b7c38c30 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -617,7 +617,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PRBool testrsa_export = PR_FALSE; PRBool testecdh = PR_FALSE; PRBool testecdhe = PR_FALSE; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYECParams ecParams = { siBuffer, NULL, 0 }; #endif @@ -634,7 +634,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, rv = SECFailure; /* determine which KEAs to test */ - /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because + /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because * SSL3 and TLS specs forbid negotiating that cipher suite number. */ for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) { @@ -647,8 +647,8 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, switch (csdef.cipherSuite) { case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA: case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA: - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: + case TLS_RSA_EXPORT_WITH_RC4_40_MD5: + case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: testrsa_export = PR_TRUE; } if (!testrsa_export) @@ -755,7 +755,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC for (; (privKeytype == ecKey && ( testecdh || testecdhe)) || (privKeytype == rsaKey && testecdhe); ) { CK_MECHANISM_TYPE target; @@ -859,7 +859,7 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (pms) PK11_FreeSymKey(pms); } @@ -877,12 +877,12 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, if (enc_pms.data != NULL) { SECITEM_FreeItem(&enc_pms, PR_FALSE); } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ecParams.data != NULL) { PORT_Free(ecParams.data); ecParams.data = NULL; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ if (srvPubkey) { SECKEY_DestroyPublicKey(srvPubkey); diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 78371e62..704415cf 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -30,19 +30,19 @@ static const PRUint16 COMMON_MTU_VALUES[] = { /* List copied from ssl3con.c:cipherSuites */ static const ssl3CipherSuite nonDTLSSuites[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ - SSL_RSA_WITH_RC4_128_MD5, - SSL_RSA_WITH_RC4_128_SHA, +#endif /* NSS_DISABLE_ECC */ + TLS_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, 0 /* End of list marker */ }; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index cc303061..d5a707fb 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -89,7 +89,7 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around @@ -105,7 +105,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -118,11 +118,11 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -131,7 +131,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* RSA */ { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -143,34 +143,34 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { SSL_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, /* 56-bit DES "domestic" cipher suites */ - { SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* export ciphersuites with 1024-bit public key exchange keys */ { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* export ciphersuites with 512-bit public key exchange keys */ - { SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ - { SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +#endif /* NSS_DISABLE_ECC */ + { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, }; /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. @@ -224,9 +224,9 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_RSA_sign, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ct_ECDSA_sign, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ct_DSS_sign, }; @@ -238,7 +238,7 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { * CertificateVerify messages that use the handshake hash. */ static const PRUint8 supported_signature_algorithms[] = { tls_hash_sha256, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, @@ -299,13 +299,13 @@ static const ssl3KEADef kea_defs[] = {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; /* must use ssl_LookupCipherSuiteDef to access */ @@ -313,49 +313,49 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = { /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ - {SSL_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, - {SSL_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, - {SSL_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, + {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null}, + {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa}, + {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa}, {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa}, - {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, - {SSL_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, - {SSL_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, - {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export}, + {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa}, + {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa}, + {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, cipher_rc2_40, mac_md5, kea_rsa_export}, #if 0 /* not implemented */ - {SSL_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, - {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa}, + {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_rsa_export}, #endif - {SSL_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, - {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, - {SSL_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, - {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa}, + {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_dhe_dss}, {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss}, #if 0 /* not implemented */ - {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_dss_export}, - {SSL_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, - {SSL_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, - {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss}, + {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss}, + {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_rsa_export}, - {SSL_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, - {SSL_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, - {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa}, + {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa}, + {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_dss_export}, - {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_rsa_export}, #endif - {SSL_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, - {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa}, + {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_dhe_rsa}, #if 0 {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export}, - {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, cipher_des40, mac_sha, kea_dh_anon_export}, - {SSL_DH_ANON_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, - {SSL_DH_ANON_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon}, #endif @@ -373,10 +373,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = #if 0 {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss}, {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa}, - {TLS_DH_ANON_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon}, {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss}, {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa}, - {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, + {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, #endif {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, @@ -405,7 +405,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}, @@ -439,7 +439,7 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon}, {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon}, #endif -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ }; static const CK_MECHANISM_TYPE kea_alg_defs[] = { @@ -512,7 +512,7 @@ const char * const ssl3_cipherName[] = { "missing" }; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* The ECCWrappedKeyInfo structure defines how various pieces of * information are laid out within wrappedSymmetricWrappingkey * for ECDH key exchange. Since wrappedSymmetricWrappingkey is @@ -534,7 +534,7 @@ typedef struct ECCWrappedKeyInfoStr { PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */ /* EC public-key params, the EC public value and the wrapped key */ } ECCWrappedKeyInfo; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #if defined(TRACE) @@ -622,15 +622,15 @@ ssl3_CipherSuiteAllowedForVersionRange( * later. This set of cipher suites is similar to, but different from, the * set of cipher suites considered exportable by SSL_IsExportCipherSuite. */ - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: - /* SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented - * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented - * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented + case TLS_RSA_EXPORT_WITH_RC4_40_MD5: + case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: + /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: never implemented + * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: never implemented + * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented */ return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: @@ -731,7 +731,7 @@ ssl3_config_match_init(sslSocket *ss) cipher_mech = alg2Mech[cipher_alg].cmech; exchKeyType = kea_defs[cipher_def->key_exchange_alg].exchKeyType; -#ifndef NSS_ENABLE_ECC +#ifdef NSS_DISABLE_ECC svrAuth = ss->serverCerts + exchKeyType; #else /* XXX SSLKEAType isn't really a good choice for @@ -765,7 +765,7 @@ ssl3_config_match_init(sslSocket *ss) svrAuth = ss->serverCerts + exchKeyType; break; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* Mark the suites that are backed by real tokens, certs and keys */ suite->isPresent = (PRBool) @@ -924,7 +924,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -937,7 +937,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: PORT_SetError(SEC_ERROR_INVALID_KEY); goto done; @@ -1035,7 +1035,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, } break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. @@ -1053,7 +1053,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, hashItem.len = hash->len; } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: SECKEY_DestroyPublicKey(key); @@ -5078,12 +5078,12 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) total_exten_len += 2; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC if (!total_exten_len || !isTLS) { /* not sending the elliptic_curves and ec_point_formats extensions */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ } -#endif +#endif /* NSS_DISABLE_ECC */ if (IS_DTLS(ss)) { ssl3_DisableNonDTLSSuites(ss); @@ -5394,11 +5394,11 @@ ssl_UnwrapSymWrappingKey( { PK11SymKey * unwrappedWrappingKey = NULL; SECItem wrappedKey; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks; SECKEYPublicKey pubWrapKey; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* found the wrapping key on disk. */ PORT_Assert(pWswk->symWrapMechanism == masterWrapMech); @@ -5420,7 +5420,7 @@ ssl_UnwrapSymWrappingKey( masterWrapMech, CKA_UNWRAP, 0); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * For kt_ecdh, we first create an EC public key based on @@ -5559,12 +5559,12 @@ getWrappingKey( sslSocket * ss, SECStatus rv; SECItem wrappedKey; SSLWrappedSymWrappingKey wswk; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PK11SymKey * Ks = NULL; SECKEYPublicKey *pubWrapKey = NULL; SECKEYPrivateKey *privWrapKey = NULL; ECCWrappedKeyInfo *ecWrapped; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ svrPrivKey = ss->serverCerts[exchKeyType].SERVERKEY; PORT_Assert(svrPrivKey != NULL); @@ -5647,7 +5647,7 @@ getWrappingKey( sslSocket * ss, unwrappedWrappingKey, &wrappedKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* * We generate an ephemeral EC key pair. Perform an ECDH @@ -5733,7 +5733,7 @@ ec_cleanup: if (Ks) PK11_FreeSymKey(Ks); asymWrapMechanism = masterWrapMech; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: rv = SECFailure; @@ -6046,11 +6046,11 @@ ssl3_SendClientKeyExchange(sslSocket *ss) rv = sendDHClientKeyExchange(ss, serverKey); break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_SendECDHClientKeyExchange(ss, serverKey); break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: /* got an unknown or unsupported Key Exchange Algorithm. */ @@ -6778,11 +6778,11 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) return SECSuccess; } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: rv = ssl3_HandleECDHServerKeyExchange(ss, b, length); return rv; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: desc = handshake_failure; @@ -7520,14 +7520,14 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC } else if ((kea_def->kea == kea_ecdhe_rsa) || (kea_def->kea == kea_ecdhe_ecdsa)) { rv = ssl3_SendServerKeyExchange(ss); if (rv != SECSuccess) { return rv; /* err code was set. */ } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ } if (ss->opt.requestCertificate) { @@ -7815,7 +7815,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } } -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8432,7 +8432,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0], SSL3_RANDOM_LENGTH)); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* Disable any ECC cipher suites for which we have no cert. */ ssl3_FilterECCipherSuitesByServerCerts(ss); #endif @@ -8821,12 +8821,12 @@ ssl3_SendServerKeyExchange(sslSocket *ss) PORT_Free(signed_hash.data); return SECSuccess; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: { rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); return rv; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ case kt_dh: case kt_null: @@ -9249,9 +9249,9 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv; const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC SECKEYPublicKey *serverPubKey = NULL; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9281,7 +9281,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; } else skip: -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have * an indexing mechanism general enough for all key @@ -9327,7 +9327,7 @@ skip: break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case kt_ecdh: /* XXX We really ought to be able to store multiple * EC certs (a requirement if we wish to support both @@ -9349,7 +9349,7 @@ skip: return SECFailure; /* error code set */ } break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: (void) ssl3_HandshakeFailure(ss); @@ -9409,17 +9409,21 @@ ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length) (PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length); rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length); - if (length != 0 || rv != SECSuccess) { + if (rv != SECSuccess || length != 0) { (void)SSL3_SendAlert(ss, alert_fatal, decode_error); PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET); return SECFailure; /* malformed */ } - rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, - &ticketData); - if (rv != SECSuccess) { - return rv; + /* If the server sent a zero-length ticket, ignore it and keep the + * existing ticket. */ + if (ticketData.len != 0) { + rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket, + &ticketData); + if (rv != SECSuccess) { + return rv; + } + ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; } - ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE; ss->ssl3.hs.ws = wait_change_cipher; return SECSuccess; @@ -9954,7 +9958,7 @@ ssl3_AuthCertificate(sslSocket *ss) if (pubKey) { ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC if (ss->sec.keaType == kt_ecdh) { /* Get authKeyBits from signing key. * XXX The code below uses a quick approximation of @@ -9980,7 +9984,7 @@ ssl3_AuthCertificate(sslSocket *ss) */ } } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; } @@ -9988,10 +9992,10 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ if (ss->ssl3.hs.kea_def->is_limited || /* XXX OR server cert is signing only. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ } @@ -10565,7 +10569,7 @@ xmit_loser: sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite; sid->u.ssl3.compression = ss->ssl3.hs.compression; sid->u.ssl3.policy = ss->ssl3.policy; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC sid->u.ssl3.negotiatedECCurves = ss->ssl3.hs.negotiatedECCurves; #endif sid->u.ssl3.exchKeyType = effectiveExchKeyType; @@ -11701,7 +11705,7 @@ ssl3_InitState(sslSocket *ss) ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCurveMask(ss); #endif ssl_ReleaseSpecWriteLock(ss); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 6380cfe3..37743a64 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -30,7 +30,7 @@ #include -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ @@ -1258,4 +1258,4 @@ loser: return SECFailure; } -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 58ba1b45..607171c4 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -64,7 +64,7 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data); -static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss, +static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); @@ -230,7 +230,7 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, /* This table is used by the server, to handle client hello extensions. */ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_HandleSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn }, #endif @@ -272,7 +272,7 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, #endif @@ -2219,7 +2219,7 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) tls_hash_sha256, tls_sig_rsa, tls_hash_sha384, tls_sig_rsa, tls_hash_sha1, tls_sig_rsa, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, tls_hash_sha384, tls_sig_ecdsa, tls_hash_sha1, tls_sig_ecdsa, diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 2763654e..891b4099 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -3101,7 +3101,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) return rv; } -#if defined(NSS_ENABLE_ECC) +#ifndef NSS_DISABLE_ECC /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */ ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */ if (ss->cipherSpecs != NULL) { @@ -3109,7 +3109,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; } -#endif +#endif /* NSS_DISABLE_ECC */ if (!ss->cipherSpecs) { rv = ssl2_ConstructCipherSpecs(ss); diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 0122907a..09ce43f0 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -47,7 +47,7 @@ * the third one. */ const PRUint16 SSL_ImplementedCiphers[] = { -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before @@ -63,7 +63,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, @@ -76,11 +76,11 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, @@ -89,7 +89,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, @@ -100,34 +100,34 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_SEED_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - SSL_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_RSA_WITH_RC4_128_SHA, - SSL_RSA_WITH_RC4_128_MD5, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, /* 56-bit DES "domestic" cipher suites */ - SSL_DHE_RSA_WITH_DES_CBC_SHA, - SSL_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, - SSL_RSA_WITH_DES_CBC_SHA, + TLS_RSA_WITH_DES_CBC_SHA, /* export ciphersuites with 1024-bit public key exchange keys */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* export ciphersuites with 512-bit public key exchange keys */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + TLS_RSA_EXPORT_WITH_RC4_40_MD5, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* ciphersuites with no encryption */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, -#endif /* NSS_ENABLE_ECC */ - SSL_RSA_WITH_NULL_SHA, +#endif /* NSS_DISABLE_ECC */ + TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, - SSL_RSA_WITH_NULL_MD5, + TLS_RSA_WITH_NULL_MD5, /* SSL2 cipher suites. */ SSL_EN_RC4_128_WITH_MD5, diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c index 6c17eb00..bdf470b0 100644 --- a/security/nss/lib/ssl/sslgathr.c +++ b/security/nss/lib/ssl/sslgathr.c @@ -364,34 +364,6 @@ ssl2_GatherRecord(sslSocket *ss, int flags) return ssl2_GatherData(ss, &ss->gs, flags); } -/* - * Returns +1 when it has gathered a complete SSLV2 record. - * Returns 0 if it hits EOF. - * Returns -1 (SECFailure) on any error - * Returns -2 (SECWouldBlock) - * - * Called from SocksStartGather in sslsocks.c - * Caller must hold RecvBufLock. - */ -int -ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, unsigned int count) -{ - int rv; - - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); - gs->state = GS_DATA; - gs->remainder = count; - gs->count = count; - gs->offset = 0; - if (count > gs->buf.space) { - rv = sslBuffer_Grow(&gs->buf, count); - if (rv) { - return rv; - } - } - return ssl2_GatherData(ss, gs, 0); -} - /* Caller should hold RecvBufLock. */ SECStatus ssl_InitGather(sslGather *gs) diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 5f70d185..af3c1918 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -288,11 +288,11 @@ typedef struct { #endif } ssl3CipherSuiteCfg; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC #define ssl_V3_SUITES_IMPLEMENTED 61 #else #define ssl_V3_SUITES_IMPLEMENTED 37 -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 @@ -653,9 +653,9 @@ struct sslSessionIDStr { SSL3KEAType exchKeyType; /* key type used in exchange algorithm, * and to wrap the sym wrapping key. */ -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* The following values are NOT restored from the server's on-disk * session cache, but are restored from the client's cache. @@ -885,9 +885,9 @@ const ssl3CipherSuiteDef *suite_def; SSL3Finished sFinished[2]; SSL3Opaque data[72]; } finishedMsgs; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC PRUint32 negotiatedECCurves; /* bit mask */ -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ PRBool authCertificatePending; /* Which function should SSL_RestartHandshake* call if we're blocked? @@ -1380,8 +1380,6 @@ extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss); extern SECStatus ssl2_HandleClientHelloMessage(sslSocket *ss); extern SECStatus ssl2_HandleServerHelloMessage(sslSocket *ss); -extern int ssl2_StartGatherBytes(sslSocket *ss, sslGather *gs, - unsigned int count); extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss); extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os); @@ -1596,7 +1594,7 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); */ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); extern PRBool ssl3_IsECCEnabled(sslSocket *ss); extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, @@ -1651,7 +1649,7 @@ extern SECStatus ssl3_ECName2Params(PLArenaPool *arena, ECName curve, ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits); -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on); extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on); @@ -1686,7 +1684,7 @@ extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, extern SECStatus ssl_GetPeerInfo(sslSocket *ss); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECDH functions */ extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey); @@ -1771,7 +1769,7 @@ extern SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, const CERTCertificateList *certChain, ssl3KeyPair *keyPair, SSLKEAType kea); -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss, diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 89545e0c..00f2f380 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -148,30 +148,30 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, -{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, -{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, }, -{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, +{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, }, -{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, -{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, }, {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, }, -{0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, +{0,CS(TLS_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA), S_RSA, K_RSA, C_RC4, B_56, M_SHA, 0, 1, 0, }, {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, }, -{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, -{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, }, {0,CS(TLS_RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL,B_0, M_SHA256, 0, 1, 0, }, -{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, -{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, +{0,CS(TLS_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, }, +{0,CS(TLS_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, }, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, @@ -201,7 +201,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ /* SSL 2 table */ {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c index c2493cdc..2e861f15 100644 --- a/security/nss/lib/ssl/sslnonce.c +++ b/security/nss/lib/ssl/sslnonce.c @@ -483,6 +483,8 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid, { PORT_Assert(sid); PORT_Assert(newSessionTicket); + PORT_Assert(newSessionTicket->ticket.data); + PORT_Assert(newSessionTicket->ticket.len != 0); /* if sid->u.ssl3.lock, we are updating an existing entry that is already * cached or was once cached, so we need to acquire and release the write @@ -491,10 +493,6 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid, */ if (sid->u.ssl3.lock) { PR_RWLock_Wlock(sid->u.ssl3.lock); - - /* A server might have sent us an empty ticket, which has the - * effect of clearing the previously known ticket. - */ if (sid->u.ssl3.locked.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 53bba011..180b6ae7 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -81,58 +81,92 @@ #define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 -/* SSL v3 Cipher Suites */ -#define SSL_NULL_WITH_NULL_NULL 0x0000 +/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ +#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES +#define SSL_NULL_WITH_NULL_NULL TLS_NULL_WITH_NULL_NULL +#define SSL_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_MD5 +#define SSL_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_SHA +#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 +#define SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_MD5 +#define SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA +#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 +#define SSL_RSA_WITH_IDEA_CBC_SHA TLS_RSA_WITH_IDEA_CBC_SHA +#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA +#define SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA +#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA +#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA +#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA +#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA +#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_ANON_WITH_RC4_128_MD5 TLS_DH_anon_WITH_RC4_128_MD5 +#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA +#define SSL_DH_ANON_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA +#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA +#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 +#define TLS_DH_ANON_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA +#define TLS_DH_ANON_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA +#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA +#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA +#endif -#define SSL_RSA_WITH_NULL_MD5 0x0001 -#define SSL_RSA_WITH_NULL_SHA 0x0002 -#define SSL_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 -#define SSL_RSA_WITH_RC4_128_MD5 0x0004 -#define SSL_RSA_WITH_RC4_128_SHA 0x0005 -#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 -#define SSL_RSA_WITH_IDEA_CBC_SHA 0x0007 -#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 -#define SSL_RSA_WITH_DES_CBC_SHA 0x0009 -#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000a - -#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b -#define SSL_DH_DSS_WITH_DES_CBC_SHA 0x000c -#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d -#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e -#define SSL_DH_RSA_WITH_DES_CBC_SHA 0x000f -#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 - -#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 -#define SSL_DHE_DSS_WITH_DES_CBC_SHA 0x0012 -#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 -#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 -#define SSL_DHE_RSA_WITH_DES_CBC_SHA 0x0015 -#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 - -#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5 0x0017 -#define SSL_DH_ANON_WITH_RC4_128_MD5 0x0018 -#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA 0x0019 -#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a -#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b +#define TLS_NULL_WITH_NULL_NULL 0x0000 + +#define TLS_RSA_WITH_NULL_MD5 0x0001 +#define TLS_RSA_WITH_NULL_SHA 0x0002 +#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 +#define TLS_RSA_WITH_RC4_128_MD5 0x0004 +#define TLS_RSA_WITH_RC4_128_SHA 0x0005 +#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 +#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 +#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 +#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a + +#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b +#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d +#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e +#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 + +#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 +#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 +#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 + +#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 +#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 +#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 +#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a +#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b #define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ -/* New TLS cipher suites */ #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F #define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 -#define TLS_DH_ANON_WITH_AES_128_CBC_SHA 0x0034 +#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 -#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A +#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A #define TLS_RSA_WITH_NULL_SHA256 0x003B #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D @@ -142,7 +176,7 @@ #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 -#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046 +#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 @@ -158,7 +192,7 @@ #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 -#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089 +#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index 35658d7d..a32e3d54 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -696,11 +696,11 @@ NSS_FindCertKEAType(CERTCertificate * cert) case SEC_OID_X942_DIFFIE_HELMAN_KEY: keaType = kt_dh; break; -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC case SEC_OID_ANSIX962_EC_PUBLIC_KEY: keaType = kt_ecdh; break; -#endif /* NSS_ENABLE_ECC */ +#endif /* NSS_DISABLE_ECC */ default: keaType = kt_null; } diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index b0446adc..4d9ef380 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -522,7 +522,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) /* ** Convert shared memory cache-entry to local memory based one ** This is only called from ServerSessionIDLookup(). -** Caller must hold cache lock when calling this. */ static sslSessionID * ConvertToSID(sidCacheEntry * from, diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index e6b2387a..5144bc18 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -1348,10 +1348,13 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) SET_ERROR_CODE return NULL; } - ns = ssl_FindSocket(fd); - PORT_Assert(ns); - if (ns) - ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); +#if defined(DEBUG) || defined(FORCE_PR_ASSERT) + { + sslSocket * ss = ssl_FindSocket(fd); + PORT_Assert(ss == ns); + } +#endif + ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); return fd; } diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index fb25c6d7..c22c820c 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -181,16 +181,16 @@ typedef enum { typedef enum { ssl_server_name_xtn = 0, ssl_cert_status_xtn = 5, -#ifdef NSS_ENABLE_ECC +#ifndef NSS_DISABLE_ECC ssl_elliptic_curves_xtn = 10, ssl_ec_point_formats_xtn = 11, #endif ssl_signature_algorithms_xtn = 13, ssl_use_srtp_xtn = 14, ssl_app_layer_protocol_xtn = 16, + ssl_padding_xtn = 21, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, - ssl_padding_xtn = 35655, ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ } SSLExtensionType; diff --git a/security/nss/lib/util/secdig.h b/security/nss/lib/util/secdig.h index 94ff39ee..6f218ec3 100644 --- a/security/nss/lib/util/secdig.h +++ b/security/nss/lib/util/secdig.h @@ -1,5 +1,5 @@ /* - * crypto.h - public data structures and prototypes for the crypto library + * secdig.h - public prototypes for digest-info functions * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/security/nss/lib/util/secdigt.h b/security/nss/lib/util/secdigt.h index 65ca22f7..2414d79f 100644 --- a/security/nss/lib/util/secdigt.h +++ b/security/nss/lib/util/secdigt.h @@ -1,5 +1,5 @@ /* - * secdigt.h - public data structures for digestinfos from the util lib. + * secdigt.h - public data structures for digest-info objects * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -23,6 +23,4 @@ struct SGNDigestInfoStr { }; typedef struct SGNDigestInfoStr SGNDigestInfo; - - #endif /* _SECDIGT_H_ */ diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index e68d9505..0f5970f1 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -21,9 +21,37 @@ #include "secport.h" #include "utilpars.h" #include "secerr.h" + #if defined (_WIN32) #include #endif +#ifdef XP_UNIX +#include +#endif + +#include +#include +#include + +#if defined (_WIN32) +#define os_open _open +#define os_fdopen _fdopen +#define os_stat _stat +#define os_truncate_open_flags _O_CREAT|_O_RDWR|_O_TRUNC +#define os_append_open_flags _O_CREAT|_O_RDWR|_O_APPEND +#define os_open_permissions_type int +#define os_open_permissions_default _S_IREAD | _S_IWRITE +#define os_stat_type struct _stat +#else +#define os_open open +#define os_fdopen fdopen +#define os_stat stat +#define os_truncate_open_flags O_CREAT|O_RDWR|O_TRUNC +#define os_append_open_flags O_CREAT|O_RDWR|O_APPEND +#define os_open_permissions_type mode_t +#define os_open_permissions_default 0600 +#define os_stat_type struct stat +#endif /**************************************************************** * @@ -132,27 +160,26 @@ char *_NSSUTIL_GetOldSecmodName(const char *dbname,const char *filename) return file; } -static SECStatus nssutil_AddSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *module, PRBool rw); +static SECStatus nssutil_AddSecmodDBEntry(const char *appName, + const char *filename, + const char *dbname, + char *module, PRBool rw); -#ifdef XP_UNIX -#include -#endif -#include +enum lfopen_mode { lfopen_truncate, lfopen_append }; -/* same as fopen, except it doesn't use umask, but explicit */ FILE * -lfopen(const char *name, const char *mode, int flags) +lfopen(const char *name, enum lfopen_mode om, os_open_permissions_type open_perms) { int fd; FILE *file; - fd = open(name, flags, 0600); + fd = os_open(name, + (om == lfopen_truncate) ? os_truncate_open_flags : os_append_open_flags, + open_perms); if (fd < 0) { return NULL; } - file = fdopen(fd, mode); + file = os_fdopen(fd, (om == lfopen_truncate) ? "w+" : "a+"); if (!file) { close(fd); } @@ -416,7 +443,7 @@ loser: fclose(fd); } else if (!failed && rw) { /* update our internal module */ - nssutil_AddSecmodDB(appName,filename,dbname,moduleList[0],rw); + nssutil_AddSecmodDBEntry(appName, filename, dbname, moduleList[0], rw); } return moduleList; } @@ -437,11 +464,15 @@ nssutil_ReleaseSecmodDBData(const char *appName, * Delete a module from the Data Base */ static SECStatus -nssutil_DeleteSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *args, PRBool rw) +nssutil_DeleteSecmodDBEntry(const char *appName, + const char *filename, + const char *dbname, + char *args, + PRBool rw) { /* SHDB_FIXME implement */ + os_stat_type stat_existing; + os_open_permissions_type file_mode; FILE *fd = NULL; FILE *fd2 = NULL; char line[MAX_LINE_LENGTH]; @@ -467,10 +498,19 @@ nssutil_DeleteSecmodDB(const char *appName, if (dbname2 == NULL) goto loser; dbname2[strlen(dbname)-1]++; + /* get the permissions of the existing file, or use the default */ + if (!os_stat(dbname, &stat_existing)) { + file_mode = stat_existing.st_mode; + } else { + file_mode = os_open_permissions_default; + } + /* do we really want to use streams here */ fd = fopen(dbname, "r"); if (fd == NULL) goto loser; - fd2 = lfopen(dbname2, "w+", O_CREAT|O_RDWR|O_TRUNC); + + fd2 = lfopen(dbname2, lfopen_truncate, file_mode); + if (fd2 == NULL) goto loser; name = NSSUTIL_ArgGetParamValue("name",args); @@ -566,10 +606,12 @@ loser: * Add a module to the Data base */ static SECStatus -nssutil_AddSecmodDB(const char *appName, - const char *filename, const char *dbname, - char *module, PRBool rw) +nssutil_AddSecmodDBEntry(const char *appName, + const char *filename, const char *dbname, + char *module, PRBool rw) { + os_stat_type stat_existing; + os_open_permissions_type file_mode; FILE *fd = NULL; char *block = NULL; PRBool libFound = PR_FALSE; @@ -586,10 +628,16 @@ nssutil_AddSecmodDB(const char *appName, } /* remove the previous version if it exists */ - (void) nssutil_DeleteSecmodDB(appName, filename, - dbname, module, rw); + (void) nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw); - fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND); + /* get the permissions of the existing file, or use the default */ + if (!os_stat(dbname, &stat_existing)) { + file_mode = stat_existing.st_mode; + } else { + file_mode = os_open_permissions_default; + } + + fd = lfopen(dbname, lfopen_append, file_mode); if (fd == NULL) { return SECFailure; } @@ -665,16 +713,19 @@ NSSUTIL_DoModuleDBFunction(unsigned long function,char *parameters, void *args) secmod,(char *)parameters,rw); break; case SECMOD_MODULE_DB_FUNCTION_ADD: - rvstr = (nssutil_AddSecmodDB(appName,filename, - secmod,(char *)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_AddSecmodDBEntry(appName, filename, + secmod, (char *)args, rw) + == SECSuccess) ? &success: NULL; break; case SECMOD_MODULE_DB_FUNCTION_DEL: - rvstr = (nssutil_DeleteSecmodDB(appName,filename, - secmod,(char *)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_DeleteSecmodDBEntry(appName, filename, + secmod, (char *)args, rw) + == SECSuccess) ? &success: NULL; break; case SECMOD_MODULE_DB_FUNCTION_RELEASE: - rvstr = (nssutil_ReleaseSecmodDBData(appName,filename, - secmod, (char **)args,rw) == SECSuccess) ? &success: NULL; + rvstr = (nssutil_ReleaseSecmodDBData(appName, filename, + secmod, (char **)args, rw) + == SECSuccess) ? &success: NULL; break; } done: diff --git a/security/nss/lib/util/utilmodt.h b/security/nss/lib/util/utilmodt.h index 825e59f8..6adc5fb6 100644 --- a/security/nss/lib/util/utilmodt.h +++ b/security/nss/lib/util/utilmodt.h @@ -23,10 +23,11 @@ #define SECMOD_SSL_FLAG 0x00000800L #define SECMOD_TLS_FLAG 0x00001000L #define SECMOD_AES_FLAG 0x00002000L -#define SECMOD_SHA256_FLAG 0x00004000L +#define SECMOD_SHA256_FLAG 0x00004000L /* also for SHA224 */ #define SECMOD_SHA512_FLAG 0x00008000L /* also for SHA384 */ #define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */ #define SECMOD_SEED_FLAG 0x00020000L +#define SECMOD_ECC_FLAG 0x00040000L /* reserved bit for future, do not use */ #define SECMOD_RESERVED_FLAG 0X08000000L #define SECMOD_FRIENDLY_FLAG 0x10000000L diff --git a/security/nss/lib/zlib/config.mk b/security/nss/lib/zlib/config.mk index 0091d01b..696be5d4 100644 --- a/security/nss/lib/zlib/config.mk +++ b/security/nss/lib/zlib/config.mk @@ -14,3 +14,7 @@ IMPORT_LIBRARY = PROGRAM = EXTRA_LIBS = $(LIBRARY) + +ifeq ($(OS_TARGET),Linux) +DEFINES += -DHAVE_UNISTD_H +endif diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index ee108523..1af4faf8 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -59,7 +59,7 @@ # # Optional environment variables to enable specific NSS features: # --------------------------------------------------------------- -# NSS_ENABLE_ECC - enable ECC +# NSS_DISABLE_ECC - disable ECC # NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC # # Optional environment variables to select which cycles/suites to test: diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index b710b689..313c663f 100644 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -46,7 +46,7 @@ cert_init() fi SCRIPTNAME="cert.sh" CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"` - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Certutil and Crlutil Tests with ECC" else html_head "Certutil and Crlutil Tests" @@ -292,7 +292,7 @@ cert_create_cert() return $RET fi - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Import EC Root CA for $CERTNAME" certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1 @@ -340,7 +340,7 @@ cert_add_cert() # # Generate and add EC cert # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CURVE="secp384r1" CU_ACTION="Generate EC Cert Request for $CERTNAME" CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" @@ -430,7 +430,7 @@ cert_all_CA() # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last # in the chain - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Create EC version of TestCA CA_CURVE="secp521r1" @@ -671,7 +671,7 @@ cert_smime_client() certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \ -i ${R_EVEDIR}/Eve.cert 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Importing EC Certificates ==============================" CU_ACTION="Import Bob's EC cert into Alice's db" certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \ @@ -742,7 +742,7 @@ cert_extended_ssl() certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -830,7 +830,7 @@ cert_extended_ssl() certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs # @@ -920,7 +920,7 @@ cert_ssl() cert_add_cert CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" fi @@ -940,8 +940,8 @@ cert_ssl() fi echo "$SCRIPTNAME: Creating database for OCSP stapling tests ===============" - echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}" - cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR} + echo "cp -r ${SERVERDIR} ${STAPLINGDIR}" + cp -r ${R_SERVERDIR} ${R_STAPLINGDIR} pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR} pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR} } @@ -1028,7 +1028,7 @@ cert_eccurves() { ################# Creating Certs for EC curves test ######################## # - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Creating Server CA Issued Certificate for " echo " EC Curves Test Certificates ------------------------------------" @@ -1088,7 +1088,7 @@ cert_eccurves() fi done - fi # if NSS_ENABLE_ECC=1 + fi # $NSS_DISABLE_ECC } ########################### cert_extensions_test ############################# @@ -1227,7 +1227,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority" # Until Bug 292285 is resolved, do not encode x400 Addresses. After @@ -1260,7 +1260,7 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or1 TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify CRL (ECC) by adding one more cert" crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \ -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <9y3*xI4*J{(!7vUU%Cg%m?}Q}-e;C^`?AaJ~jWWE3lj@R;$Ks_VWP<~V zAD618LTg*34X#m&R;v0}NFk|)XMjGL-4oZU zQxE}7eFH1djsuIZw>S$V5_Cn7m6^8Io#HLJD34iJ8^J`Epx7|eLpW%cDL~I8VJU1) zZ6yA495gMy4IGQ}Z0iiy(8gSH%0YB6S(KfX1X*hOWyxpi&iWyKKm0Obd63=0XnhN6fhd5M|0ArVf(aVNG+J0G$JUVs^H;Jr7 zXUCtjk6T%SM{n15Y#(AQHz;YiyDV8dVL(-n`q$mph@hfI>X6TF-92T~J zJh5woJ#9B(FJuP;AFhJG%vj*a13+ CKZtbz diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert new file mode 100644 index 0000000000000000000000000000000000000000..539adcfee927bdd583c848eea16281217f5b958a GIT binary patch literal 888 zcmXqLVlFXgVv1S7%*4pV#LRE|)qt0cQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5 zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli zgFRt(6M%Tms zeyV=0_J5&bLP4Su-`@rQKlXN>GcV*^+^Bam&&P1X|J%10zvw<*YFKjd^;K4OgXu=O zUm21Vb21+3q~^-kpHKDb%C?Ev_MCf_ck%1B=@xtT6l&ZEX6q_9@2a16R72u&wpZ4Y zd)0;Ax38^z@_8D^?HM7Lw|*&jTo~h6oV4L#+cN`gUYVtpANE#wcif3d40n*KeOmjt z&-C2%GWC=j&9~nK=yzXatM6H>usd?nb&H%RnVk4$+f{p+m>C%u7aJJp83?j*CbW4l zw*7EoWMpAsW@0-4P6V>TjEw(Tm<$*UxPc)o%MX%b-hmvZz!U`xQ$~hd!yTGyUNUvQ z7hQJv*)wKg-=^>1ob-1E#HfWwov0{z%H%m&Y0{<}bywH;?%&g_!N1H}RHh{H{o>~7 zlRo7cG9EZ;owl%c`;@b+2PX9d9lo;e&xRKglV#p|Ec_I(Tp&4#LsnH~r{P`4jBmlp zB^SAu%BD;>a^1mN@$syOxxuIE%?+RCwWrsfUhCnf$q@3Qf@{4GyYlC$*J91CIQD4v zi;I<)P0M5dwbf<+KGExIZr+`uIaj-Q?*^VdWeg9jBM)e|AJ6}kn4Z=ceL2+3(Bu00 zk5aRC7P(JK(atz&Uy@(kl*FI^W5TSe7ZLjD5!e2{2-@}J<~o%om8t8`r0sX&$$UBY F69A`lM??Ss literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert b/security/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert new file mode 100644 index 0000000000000000000000000000000000000000..28f84919de2e82c0e0334e9da9c35b1c5482311b GIT binary patch literal 889 zcmXqLVlFjkVv1eB%*4pV#LRE|#ekQMQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5 zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli zgFRt;F{F zymyktd&BQqXC-Gi-MeM##-Ja=qVH1o#%7(`V&9#u8*J27ovuG+VrFDuTx?*VXCTPN znb79J*!IJTk&%UknThQHI2FhWGcx{XVKQJa;06YO`|MyF?b=b_AbFG>0`phSvPd(>+d!Xdx&Un5rT9KaTRcicf=XZ+N z@iy37u&=w_`;epNmb2!OKfQmaHMu@qY3Jae#NPD1Izr01!6x*34x~vR@>>Z0QWsn^v5E%q9MdryYxc&A%???e`jfsmu;tUwY+(*u-~^ zmwwO7U&XVCnq`-r>ErU73Aur=a-i0r4<>-iSrto7#JBC z8JZgz8kt9l^BN&@2aP+M7?qHNkdc*vxrvdV!Jvtei>Zl`k>S9j&w75d<9<99zZ_V| zKY#mfZ`+5)%YI&58)bMZcWv}r$tWY)m4?yH@2n-8CvA!0mnnJr^}W*K8%isL`6SHM zLRP=4x^~saDLtq0FOOU8jhowhx5<HqX z-fD4Y8Cwwr0sUkD4^6v#E`C1$l@8gh7dL)8uuh&!X8)Gyg7vx4%N~FGb9?VWt0u-6 zal@|~rhi;M=s)K8dV8~gKwNR{`^wn?b3TO_y%LWs*8F!#a^8*Y%A4%I`9D+L{Nd?m zNuzZy7QQw9IcM(~1GW*n=)Jj#+sq+lW^`8De$8vimBNHeZep zjr{W8S2fP*>x?eGzpa_|>Z?#vgy(@%$ROVejD1FJ>hLf$ow+onwW z)f3a7qNw=S?DR{&867nR`q1jI9qpTBbGMeH)(M|J!T#;t_6uirINY9{dh)>6qzOrhRZ+)_Pd!Z4 Ua?VcT7FesGx!AvW{(`D#0Hd~Fm7K!>#_Jlk(`+@jP`gwwJ_uyI1iJrs-O^+8N4&`wTtQyV4b=YzVx=b+SJ-d6 z@HIu`5U8; zUZ3Vs6v6r?UX^H8T5*HFB%>nNgaH$iumNU&fg%AonY*kp0Dl)h0_<*Edp0%A4C5DkEq3$0iq%SN7;t`&gvpz^FC66>W|B}vU;C@yRdOE_3aN83IRCfcA1&|! EyRw*%y^QwTPY9D!bWBA`_HXrDw99_j+(-_2x&S|K zb8CibhGj!NCflScq7cn(DWe~n8UfRjumNU&!_j4;9c)D2+S)#BLZ_dU)%twE+Z!6z6vM9;~oc-yk^07MCY){D}zCfA-4f18*?ZNn=n&ou%WPl zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV z_yq?W${0w2#F&MJfjkAzypq(S+|-oJ#FA76XGa4$ab81XLn8wd14APtQ;R5ZUL$0# zK^~P|BWEB3ag8Vz*C-enG|op34@Oo7=EhzIgT_v##zuyNZ$k>!t^9uSOtw{N#rD-H z#lk-?PKoKzEJ)0|xZ-?TNv4Rg}Rs&{6 z#{UM~ARa$RijfW3L%;}T2Kq!JtM}2lh7kAj6NBsj^QpVmB$eH6sq_{7V3ee7HD${4 zN_pv<%oolp{_o2?CZ;*#Vnzs|n5 zdD@b+{B4TbVOI@Kq)Ys6I<)d*fa~R3ZA<)&8oUZqt||$a`hRYebj(qhDr$e}Apj<% B%T@pY literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert new file mode 100644 index 0000000000000000000000000000000000000000..051e55e560daa28af0883e70aa6be06d324a4e22 GIT binary patch literal 716 zcmXqLVme{a#ALXDnTe5!iBZ&mmyJ`a&7D}zCbA-4f18*?ZNn=n&ou%WPl zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV z_yq?WiWmri#F&M-fjotf)Z!8aXGa4$ab80c149EKHZn4`h!W>DGB!kT4RWdM3Rweb zh$}=uuJFt&NiE7vP036wNd>yb*r0JfaxgHmGB7vxG8i;=GBq|bJgnU_+sN>HsfgT$ zj(J!7d!`%ZeZG_UFnaQljIs;DtyxKbH`cu}^qQ{f*|6AW?d)foyfb7T`)b@-XHs*2 zYMH=lh6d3~2@bxx8`ZweJ;$T=KS=xHu4P#^V)IzJbaU3X|4iC2%UQ(6V||*t%T=ZS z&N=m*9?!0PHJ!ohrO%WirsvAU%*epFxUs>Y4j2`j32h#XZ9kkC8Ch7EnHbm&{D9t) zm1A)?a9!YRAkf5}mY=VeT9KGrkdxZL$Y7wqM9V+}DJ)BiVH^%&rsPCJ9s@2&j4`|A z=YurxfXowSVKrc8Wc+Wy4dU^GtYTzC4k2JdVFm_`@Vfba5{zv3bAG2r2FyxlHC0Hd zc^fnP#%=qJvD-Ixge``oBvP{dk~%Z(d+%3A6lK?vu2dujlXAYQFl;Y Otyo@9?7dOH_eB6WAJyIf literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert new file mode 100644 index 0000000000000000000000000000000000000000..6e7efd53e3a8cceb376c976a68361fddff4b1ead GIT binary patch literal 607 zcmXqLVv06sVmz{dnTe5!iP6@8myJ`a&7D}zC2 zu7L-tbD(bH5N2|AG~_Yhf>_7wmY;7ZXCMQyNEC}j3PuKv^O3#E$jZRn*vnwh*vZt` z$gqd!{qmz4B1y}ptkhgPxkh1c+L^{_4$6V@@1`E@*H|I-y{;^OndRo~M%@jezgDGn z&M|x+Ca3VWY`$x{U^3syTRWaC-uP;t*n=mWMyF#Z89mzlpk%?5S;g}Rs&{6#{UM~ARa$RijfW3L%_IW2KvP1PsSU08R5+6VlLhj z%Vd(}KTWHDd&A}7aTSdn51Z#46^zb&UEtdnH&K`0__^WD}zC2 zu7NMAbD(bH5N2|AG!!)8hgiqqUy_kp%lMM_-1z^f-fN-e`&uSuMh3>k1_pY-Am>bI z^I&ZI;l#+u!otkNz;3_;^p>nJ3#$P$BjbMqZV->*$TG6Q{bC)(-R&54rT z8;@L;4Hv(Ve90oWCY{}7f1t(bB;BNC72-_`x*wNb3b>eG&aZRp)yCOER$(WS*S4+d zVlaz&+v=*?*6`WljkbPzndF8H=C76WA4lGO!Y{VM_f+)s+bw3(Me9#z-qL=)$LG_< agIs*F$q6TSGM(R=qO8w7$GA%_+yVfkYQ|as literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert b/security/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert new file mode 100644 index 0000000000000000000000000000000000000000..a2f17054ed2db8ca6c764ae24b48be9641837ef7 GIT binary patch literal 611 zcmXqLVv09tVmz^cnTe5!iP7GGmyJ`a&7D}zC%&LNe(ePXP0WqNz-zR&ebbcRZVrFDuTx?*VXCTPN znb79J*!IJTk&%UknTdhjfCuO+Sz#7d17=3X{|4M39zRHmkqy~H!1!YZ`ow774jzkQ z6{S+k&{OLUPThH7{_R5|?&mf<>SxWrGX3!S81XqxR{|`X**(t`?|l34-I~H(q1A!4 zLE^4cZhPjQ*u&*(FZ6Bxb#?D#kBwc literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert b/security/nss/tests/libpkix/certs/NameConstraints.ncca.cert new file mode 100644 index 0000000000000000000000000000000000000000..ecb24c7d5006ded15e110714f0cc3c70bdebbfcb GIT binary patch literal 672 zcmXqLVwz*n#KgLQnTe4JhzxkyIJMe5+P?ELGP1HV7~~pq8*s8QhqABkJkT{nxr<1>XXt07`aIm4Ofig&pSy%?h zQ}9d7O;vEt&nqq|0_sXlQ3%S{YLH8e3WGyq~FBU8&Lab6>1Lj;%J&S{*F z93G6U49tza3Q#n$Y znOr>G#l>{~BlE)Ez3*9k&nz(H{&PDwqTr-PqQ$per=;KUJ=`+0VroV4qjbgGm7lyc zWfHj*c`g?4TKt(>+Uohh`+;=kv|jd~>k2=gS2bC9DS7t=)oJ{Pmen6}w|y(k#LURR zxY)5ffO*XW#w3e4FnhP8}K%9=%rR9<`(3nHZU?6 z@POomSy&C285#c@aD#aKAZ?6n$esm8J~PmlEg`34xROO!ZssRnQ|fe`XngH++7Y%h z@fRk}d65=zw9{T7;|)hz1M8!2sy9U?zIM$nR9@du`Fimbwd)B1KGyf$3iPi8=I(s7 zCR{`7=n-A%6Q_Hfv;0=5&-Gq8hh6ZJU)+q_Z-VeD(a!_`96HoX literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server1.cert b/security/nss/tests/libpkix/certs/NameConstraints.server1.cert index 23088d1c82019e05069245854dfa1dff568048c9..60e8a1c698539c2806b32be68cbf65644fe8bb84 100644 GIT binary patch delta 306 zcmV-20nPrD1(XGlk{vWKGB7kSF)}hWI9eACGBYqaFf=eRGBPzdS}oU$d@Vfbbs{eBGsHF|1Z2J>-Pi;WP<;zW z3tpykg$*&JK_SyoINxqlp~m)a@$}y5P&j3b0gxC0BRm1(h_BCY588~@aLE8U^Mxpk z!;BE+XImC*8=Xwpd)nn8o+zDhR8O#kS4_x#k#v?kXLI&iWxLfHFhU71!j`=&RlQyT Ebdbh}yZ`_I delta 306 zcmV-20nPrD1(XGlk{vTJHZd|VFfcJOG+Gx8GBYqSF)}bPFflPSS}oU$lQm5kFldzmfA76r7{PjAuHm{pm};sQ z(iyZ#M)0wmpYe^fQzY`Srstul;sXCL4>4ZrL{^zH-oS)h2QSg@F~c~lC|}UhrxU5p zW3q4xu?~xmFOPnKNL)*VZ$~c-8UY$RUw8fo!cf=vh167wV$l{9{dCPS=F^Q8?eL-j E;u=GZ`2YX_ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server10.cert b/security/nss/tests/libpkix/certs/NameConstraints.server10.cert new file mode 100644 index 0000000000000000000000000000000000000000..21d9e876799ac65ec5deb3c584aee2e9b5cf4ac9 GIT binary patch literal 560 zcmXqLV$v~aVw}2wnTe5!iBZRZmyJ`a&7D}#ZDA-4f18*?ZNn=n&oFpR?? z%;fB7$Ya0-lHn3&cFWHwn8ChXQ#{Vo#1`Gz=ARa$Rig^dJhk%j64D<=F56AXX zc@i^iZ;e4Shgg_&9`J;zPx+$uOziq?^pLePSP?ox}YJsKuKO$qCE*^7B%s8nMp``j(C0yr0 d)Kw{?`cj{C^G|*5jZd!~X=;Sw*mkF literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server11.cert b/security/nss/tests/libpkix/certs/NameConstraints.server11.cert new file mode 100644 index 0000000000000000000000000000000000000000..c458c8ce73bbe8eec153983fa92ef314bc6d7947 GIT binary patch literal 585 zcmXqLVsbTTVqCX?nTe5!iBZ>pmyJ`a&7D}#ZDA-4f18*?ZNn=n&oFpR?? z%;fB7$Ya0-lHn3&cFWH4X`J@X|XB!;_nRY#WkmM1GjcwBaE+f=6e?$oY$#Ybg9hAzqLGHyyhTs1`ac!CrQM1`R-j{U>)4i~)4=44M#LQ$m4zYSq?etnTor#%|fpM{ift!IC z(CM;*Ec^z%P26eu`Eb_@vT-J~c`&y9aAIU+VPR%sJ7B;AQYy^I_@9NzfWd$p#N!7^ zG4DY3C@_|ofj&%BO!PjYEw;_{W#(n;eGX68atfJf&D5QEVdM4AuI~}2B2Vrtc{6>> zEvGHH7PD`~_)Ussz5V^HlZOiP;yH@~&m~U!qaa$4_ew4A{_Lq21mm>QcHGN7vi=`; umvp=RDWks$%a!-!W*)Y@pqU_azrAzkZvA<`D}#ZDA-4f18*?ZNn=n&oFpR?? z%;fB7$Ya0-lHn3&cFWHAUotT>GB7SSFwip) zWaCU|^I&ZI;l#+u!otkNcEErK=p9*MM#ldvOa=@F+#nu5NQ!v}vWI}t!3^|C;U@!; zH1VxZgYNJ7qyA^ID1*~}zI>&vho;0oKT~s9bP`u}*-^jjhTp6@`*o(}E;(K0b6>uz z(?ribF=%(t#-~e8?&`eVJ8#k7UHWI&sZ89(^O^aQ2Fp7|ZKpH2{Yu+g1iWWItyD}#ZrA-4f18*?ZNn=n&oFpR?? z%;fB7C}_YBlHn5O@Gr?oE%Gl)HYDHphK~Abc z<9uYFFtRc*H}*0ZG=3;@M&U@>_Il64Uc9| zt9#Z}XS4aW?Nu)81#GVE_tuvGH~GDLv3!H*gns9w;@tXk97Q@ewLhF!yUi83V(R)u o&*w*la4M)&txTvYde`yU@$}b1=E-qFX`lB@?S1PpBk!;!03bxdg#Z8m literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server14.cert b/security/nss/tests/libpkix/certs/NameConstraints.server14.cert new file mode 100644 index 0000000000000000000000000000000000000000..8a989f996ad6ad5f84d1946d521da448a2608746 GIT binary patch literal 574 zcmXqLVzM%5VqCm{nTe5!iHY%*0WTY;R+~rLcV0$DR#pZBUqfyKPB!LH7B*p~&|nyc zLzv0g(NNHUA0)#i%;8^>ky_+mlx`?zAOjL&78dmj4p#8YD@iTNO-;#6EJ;;xc2qDj zkQ3)MG%+wTFflMRGBUM{66ZBCHn49b(z4qY6;~8y9(Z)G zV9~W=j`=^1pO}73`I>OzwAdS>a;2>%Q+620a!)BSTxfDhWj4bX>D)Mtte;<8R3bjT zZapT_@H|wvdTNjmld7$5tcsUS^j~ocoA}L^+pYJl*ZlOWwT$({0r|HFpB>yAla;vp zR(VE@?K$TE_rEeRGcqtPHZagL5M<*_X!Brf`{BgM$il+R#CE`d2k0qTVMfOPEKCLr z2HYSXKS+vs2eOBNF~bb>iQvRD|4-&$TX9Qt->-UIqYd5lhi(*VUFelQC(v2y_A&Zm z^UavPEfVv+Gx$ZGJrz1-p3K3=p7^+UG5f)EZpSo}>j8WBEqm=)$;Wiv!ovQG^2K$U z$*+PwA2mAp`=W|M`rDV8F0nSRHMO*~#j<~XIKgh8o){~*H+cE{l`Tyrtr>yD}#ZLA-4f18*?ZNn=n&oFpR?? z%;fB7C}_YBlHn5O@Gr?oE%Gl)Hi}(cxD|qIWq!#6-rer3Tq$)T&ni

l7zQxa^*BK1n_OD95)2F|RGQuTMHC z<8!~EVROFt6z7|&AH5Y{v3Z-y^ey}_SK(sL)f>UBCg)G-e$QFE{9NM7w`tA=JeM|y zGBGnUFfR5n@G_7Bx?Wb01sD!Z7(NhW<4kDtU~K#0#K_3P!py{Wz<>v&T$qvZKMRuq zg8?^)#}ATX-hu2{V6-v=ed!Rry#7>&gibTdp{H5A_fz^U9uGqRhPEA>G$LQ4L z>j!7IHkAL7na>?tqbAC(eQX^=%@qE7{BiG_7ktQBlAGYl*13Gyj>8Ww_uUEq2>{C^ B()IuV literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server16.cert b/security/nss/tests/libpkix/certs/NameConstraints.server16.cert new file mode 100644 index 0000000000000000000000000000000000000000..0b24d7abb5179de92dfa1ea1693f53025037c355 GIT binary patch literal 612 zcmXqLVoES*Vm!HknTe5!iP6!3myJ`a&7D}#ZLA-4f18*?ZNn=n&oFpR?? z%;fB7C}_YBlHn5O@Gr?oE%Gl)Hi}(cxD|qIWq!#6-rer3Tq$)T&ni
>rLJ<)zxEbJzsCMA}0B+eLDS7 zsgL&OJ1?1-85tNC8yM&T1A#N4&4aP+hZ7?s3kx$7+W`X}ptod&85#exFc~lyaD#aK zASvb@$Q}YlAT!V>%;MrYk>akp^E#(FrOa-1C^huE!J(Zp?_|Ky>XP}ooYlo`6a7ll znDlIn8`Tst-lzF7UayE=a;)W&+Sz?JPfYIE%{W=O=AH2A^<_U4j7`F)bYJBO*rxO% u>U$Hrkgd|nRmCn}(sy_6KCu4I3FiNKEn&icxfN>`@XfR;x&A>nIRpUyn8<$s literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server17.cert b/security/nss/tests/libpkix/certs/NameConstraints.server17.cert new file mode 100644 index 0000000000000000000000000000000000000000..2fc9437cd1bec3c99d2fbc3713ca5a7a5487f4be GIT binary patch literal 630 zcmXqLVk$CdV!XY8nTe5!iP6b`myJ`a&7D}#ZLA-4f18*?ZNn=n&oFpR?? z%;fB7C}_YBlHn5O@Gr?oE%Gl)Hi}(cxD|qIWq!#6-rer3Tq$)T&ni
Db9;^y}$o-DDZdccjX$Sbv zCvK|Sb$;6;x1^h^l~Z^o3H+Y)^khf-|AX#Fo-3=)k-lqhzV_u}AFi$8F4Y&FJ?5UO z^(mJpa`nv{u6~MK(z<`Qd*1NTxIJx^9!Gk)#N4h%p<4+T3{x-8ICoZZ>$%r8*O{0Z z85kFP8F&~-0R1B?$N~)JCN%d8vT-J~c`&y9aAIU+VPR%sJ7B;AQY_5K_@9NzfWd$p z#N!7^G4DY3Dlkf!fqp!1H8G93;Kbv=+rt0c>XuC3J}czPh4yV`8#kn_D^^Ggf18#r z=3-dS{pZw!jfdAZzY;pjobmF~sk*fmY3UkjF8eolm9j7U{bf@AzW^@@=}ftm?0cD4 yzYu@KJiGL}ud|=nmL$H|$0tJO37nOko_}!Jw&T-$b0j}^@J1@#Z(Cm}v=RWo^v{z3 literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server2.cert b/security/nss/tests/libpkix/certs/NameConstraints.server2.cert index feac1139294801703731fb01204b5de0165fae2d..1c6e5510dd8bfd2dfbcf5c3c20f5245dc7444cbc 100644 GIT binary patch delta 306 zcmV-20nPq{1%m~Uk{vWKGB7kSF)}hWI9eACGBYqaFf=eRGBPzdS}<*qAy1M1JAcR3 z{IY6E&6|0-@R!nF@ls(}pz!*ccJLbP-+TK76{X2mvgJ&nUYF zL`>K4JUwT0Y#~AzUt;{Y=yTiYYym@)xdBRlt;fV0s}rnNU%5%w`kTGc*$AQ|-`UZ^ zy9Lq-^MJ2LllaRo1mR%~iMEL~a1`^35&Uk%F1#&MA%<>@q{GjeDpT0$hW86=#-uL< zk1HaG^xNKpG5@m$W{Szm8sMaB`xt4NQC{xa@O^e}X(eJ1frFFhEic2mVJZ%$e?_YS E5_D;m4*&oF delta 306 zcmV-20nPq{1%m~Uk{vTJHZd|VFfcJOG+Gx8GBYqSF)}bPFflPSS}<*qAy1M1JAbmD zWJ1A?n4tsc(0RcKUUO8-+(zLh`q-=(B_n{Ac>Y8b^oVs<@Dwm4a6r|rBk}roGiK=n zB?G>Qt|*>166w6jS~FOLjGi&3pu~~s#X*j=`R-_pUUx9P z3@nHM3jy}?gA3n44(ootrqcI4#Q|B9xdBRlbDkDK*R+keUh{kxUhA}2k-&PZrZStL z?WNaabDiaGz!ZcbdSJc`dSA^T0x6pFhJ@+?owkQeGz@WZKR2oH79^BM8;WOeO77m$!>Ya+XvjZ z?hHpNiuVqx{&=ud$cV9v*uQyZ2F1~D!@9qTnzt4x-hAJRps8M_t7RW3yfFzLO$oin z%6nfm#5qEO3uQT8H=mnd2;2j0_W>c3u>oU$7vu#2xegLJF{634v{W%KeLfOXm9t*Y zOi&{I;9Ns+blohqL!}&3Z&@-D1lp*Y`bt-;cW>Iq6RxpniNuk^k(YgDBO7IfJ?>B& zLFKDD7WM;f-}g4TCg5trYF&6qNFO#qTG|{PC%Bqe{a*kK#`7Cy9a{V`k*ps`c?CHE EYugZnWB>pF delta 306 zcmV-20nPrD1(XGlk{vTJHZd|VFfcJOG+Gx8GBYqSF)}bPFflPSS}c;-uQ8-6O`&;Y&`P?X-(ud#Qvt7&u>oU$0&&XGs*b^bnDoij#;(J;|3JFNb&zdn znZuUrdiwRhue^?SSLQZ9BF=N+9(cfmZaJYrq%3Fwj61^eClG7xP@|C$AkRrrKSkVt zKst?ap6SErI{_kOZe(62(qpaC)5dqu^ccu1K`1)gzwfVTSP*P?8#zzgL+_CgZ#j(t EJ2Uc(qyPW_ diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server4.cert b/security/nss/tests/libpkix/certs/NameConstraints.server4.cert new file mode 100644 index 0000000000000000000000000000000000000000..ca9d1b1c327abb8190859bc9c6e36568117b6ac1 GIT binary patch literal 663 zcmXqLVw!Bw#Q0|cGZP~d6QhvziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC# z@Cyz$lrxY4i7^X{0(lCac_pbuxv43ci6yBD&W;L326E!Oh9(9^1||lEMn(r1@ppj_aw-kMDf#s$k175KOo~RbcbW7zO?hoN{l{ z-M$3Ov(JfY&c#j>O zJ3IW0n1qPt#N_*ps*BQke`g4td~se+Hm_T}QY&QXrV_?bWv8qyd9D&Z92v0!ds=Ga d-b|@FBfj9_Y1I<D}zCvA-4f18*?ZNn=n&ou%WPl zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV z_yq?W${EOj#F&LefjkAzypq(S+|-oJ#FA76XGaAi137VCLlXld0}}&7BO_CbC~;mR zV*^V#muBwa5lzg?FUd$PiZ4kmE-})}%qs(WFvXy8K5~dKvNA9?_A(eWb}}_KGMwOi zvm$7^(KI$+X2!c0I{N)Sh(C-7iJ0G0t?=CK_8irWEUEOA+EVG&3)`&3G!m;7g+qDF zVz#j!?bmKv6&cAZb~9@CCgDf#cbmGXuQ)Tin&)Bt1=dK(gu7bTb3U!$m0EiC(t@ro zUv{Pn{npO6ma85;saRrq_#bb-@#~2KmtTc4F*7nSE;caG14asGLYoI;+Ycv3Miv%k zCbk0xJiuU<6=r1o&%$KDV89LH@q?t8cOZKR7{$y$pOh9}U&&N{cY()qEK*r02!kv;YF9{GEx>v-qykPmQ5-v81h#(2wzU6u1+uW7d5 zT{!#C+``nlUEPPYw)0(zx3qALo!8bk@ptxxq)NR9$(*q|!9VAG=bk9ZQ|}qN%)T?2 RZOxRk+y6JsQ!!hv0RZ@@&}RSu literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server6.cert b/security/nss/tests/libpkix/certs/NameConstraints.server6.cert new file mode 100644 index 0000000000000000000000000000000000000000..5698f8ebdba62ca9a0fa87bacf2d342cc1634bff GIT binary patch literal 663 zcmXqLVw!Bw#Q0|cGZP~d6QhX%FB_*;n@8JsUPeY%RtAGSLv903Hs(+kHesgFU_)U8 zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC# z@Cyz$lrxY4i7^X{0(lCac_pbuxv43ci6yBD&W;L326E!Oh9(9^1||lEMnij9FBs`P7NYiZyY|1lKp;N{SLXT)?V$dfqeN zO{;Qz)>po~xaly*8s6_UJ)hGyN{gHhR=df>%*epF*wet>KpYsBvVtrE27FCCAos(a zFUZE3(B{F|_QQ#hk%fhsiS2*^4@j*rBjbM-CIbcoZV- z#^n~vxyz+Z#hKRF#1skbo-ZIHf2ykY g-YtCG;JmKlrwxxSn)ohBep$QX$>L4hoL4Xa0N*jy!~g&Q literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server7.cert b/security/nss/tests/libpkix/certs/NameConstraints.server7.cert new file mode 100644 index 0000000000000000000000000000000000000000..3cf85d04777a07ab8738b23cbe8e4104a1be5c4e GIT binary patch literal 578 zcmXqLVzM)6VqCs}nTe5!iBZ#lmyJ`a&7D}#ZDA-4f18*?ZNn=n&oFpR?? z%;fB7$Ya0-lHn3&cFWHo{6#L7V7tDO!)GgnzG>rOo=ptUh@%G*8j=f*f#$No;b_T!Rx19zfBYs~zH zBS)E-85tNC8yM&r2(ob|w0SVL{cvJrWMN@uVmn~K1N4xrFeBrC7A6A*18xwHA0)-R z1KC5s=wSx>q(5}>O8)DI+$IX|vD&e~>Xp=qU27JG7|aVWowq&jY4nV*WuKm=?|jox z*7C1c{jNl3?c&EA(Pf)fUs*k&Q{(80=ekq<3=UuXcIcp|qYWoRMm4vL@j52|-0d=~ sKYjNnE&uVu@QhZ;GRt#oHnb_RI5^hLG0RMudX}|<{UF1dv*Ana0N$y-djJ3c literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/NameConstraints.server8.cert b/security/nss/tests/libpkix/certs/NameConstraints.server8.cert new file mode 100644 index 0000000000000000000000000000000000000000..f0694ed0390d4027bee4913d7438c4b2b45d4d3f GIT binary patch literal 564 zcmXqLVlpsjVw|~vnTe5!iBZddmyJ`a&7D}#ZDA-4f18*?ZNn=n&oFpR?? z%;fB7$Ya0-lHn3&cFWHt8}X*j>*FY`oZ=C55M3U7_?e3-c>UQYC-+%`A=e?}qi zclXtZRAL%;}O2KvNM ze$}E=kBnx$Oi^Mf=4O8O$XM6pZc102+PiTy{TMH|Lp;+K1bx-9K+Q+HNkh%45Tn55fv!Ti(k0FXM=UUCpOJ-_SnHW)%%&2jluDzFT(d0FNwdk`p@1T6I+M1I$r-< zOrj2+Ju@e8xzOo7!F=0I&&ln5qSY@XrET+lDc>K9*Gv!JgnTuy_jF1zelVGdnUR5U zv4Me}fgl@aLYoI;+Ycv3Miv%kCbk0xJU|c03NtePXJIm6FyIF9_(4+4JCHpDj00w% zPXr~jL9u69?6QNt$AZeXwUlV>*pLy{;%>FjIC-`6-%kra9&^d`Z7;g< zzd`@8N@Sc+j8$(?xeeRpi93HZ)-Da&cttn;*FK9J{pG)FPFq}>5fQseBC~_%{SFgV je!D1v4r^Ce|3i;6(s!`xS=pZrQWIbJ>$~MAmW=`cQfIXI literal 0 HcmV?d00001 diff --git a/security/nss/tests/libpkix/certs/make-nc b/security/nss/tests/libpkix/certs/make-nc index 3f312728..b32dd65e 100644 --- a/security/nss/tests/libpkix/certs/make-nc +++ b/security/nss/tests/libpkix/certs/make-nc @@ -94,10 +94,415 @@ y n CERTSCRIPT +certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 < NameConstraints.ca.cert certutil -d . -L -n ica -r > NameConstraints.intermediate.cert certutil -d . -L -n server1 -r > NameConstraints.server1.cert certutil -d . -L -n server2 -r > NameConstraints.server2.cert certutil -d . -L -n server3 -r > NameConstraints.server3.cert +certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert +certutil -d . -L -n server4 -r > NameConstraints.server4.cert +certutil -d . -L -n server5 -r > NameConstraints.server5.cert +certutil -d . -L -n server6 -r > NameConstraints.server6.cert +certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert +certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert +certutil -d . -L -n server7 -r > NameConstraints.server7.cert +certutil -d . -L -n server8 -r > NameConstraints.server8.cert +certutil -d . -L -n server9 -r > NameConstraints.server9.cert +certutil -d . -L -n server10 -r > NameConstraints.server10.cert +certutil -d . -L -n server11 -r > NameConstraints.server11.cert +certutil -d . -L -n server11 -r > NameConstraints.server11.cert +certutil -d . -L -n server12 -r > NameConstraints.server12.cert +certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert +certutil -d . -L -n server13 -r > NameConstraints.server13.cert +certutil -d . -L -n server14 -r > NameConstraints.server14.cert +certutil -d . -L -n ncca -r > NameConstraints.ncca.cert +certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert +certutil -d . -L -n server15 -r > NameConstraints.server15.cert +certutil -d . -L -n server16 -r > NameConstraints.server16.cert +certutil -d . -L -n server17 -r > NameConstraints.server17.cert +certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert +certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert +certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert -echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert" +echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert" diff --git a/security/nss/tests/remote/Makefile b/security/nss/tests/remote/Makefile index 126bcf48..efbd24e1 100644 --- a/security/nss/tests/remote/Makefile +++ b/security/nss/tests/remote/Makefile @@ -80,7 +80,7 @@ package_for_testing: echo 'export USE_64=$(USE_64)' >> $(RTSH) echo 'export BUILD_OPT=$(BUILD_OPT)' >> $(RTSH) echo 'export PKITS_DATA=$(PKITS_DATA)' >> $(RTSH) - echo 'export NSS_ENABLE_ECC=$(NSS_ENABLE_ECC)' >> $(RTSH) + echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)' >> $(RTSH) echo 'export NSS_ECC_MORE_THAN_SUITE_B=$(NSS_ECC_MORE_THAN_SUITE_B)' >> $(RTSH) echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)' >> $(RTSH) ifeq ($(OS_TARGET),Android) diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh index cebbc683..2360100d 100644 --- a/security/nss/tests/smime/smime.sh +++ b/security/nss/tests/smime/smime.sh @@ -40,7 +40,7 @@ smime_init() fi SCRIPTNAME=smime.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "S/MIME Tests with ECC" else html_head "S/MIME Tests" @@ -85,7 +85,7 @@ smime_sign() html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "." # Test ECDSA signing for all hash algorithms. - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------" echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}" ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG} diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 9f6cbbc0..a2bccdf3 100644 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -82,7 +82,7 @@ ssl_init() USER_NICKNAME=TestUser NORM_EXT="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then ECC_STRING=" - with ECC" else ECC_STRING="" @@ -202,7 +202,7 @@ start_selfserv() echo "$SCRIPTNAME: $testname ----" fi sparam=`echo $sparam | sed -e 's;_; ;g'` - if [ -n "$NSS_ENABLE_ECC" ] && \ + if [ -z "$NSS_DISABLE_ECC" ] && \ [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1" ] ; then ECC_OPTIONS="-e ${HOSTADDR}-ec" else @@ -258,7 +258,7 @@ ssl_cov() html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then sparam="$CLONG" else sparam="$CSHORT" @@ -292,7 +292,7 @@ ssl_cov() if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -374,7 +374,7 @@ ssl_auth() echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "`echo $ectype | cut -b 1`" != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` @@ -557,7 +557,7 @@ ssl_stress() echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" @@ -623,7 +623,7 @@ ssl_crl_ssl() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue @@ -816,7 +816,7 @@ ssl_crl_cache() while read ectype value sparam cparam testname do [ "$ectype" = "" ] && continue - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" = "SNI" ]; then continue diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index a8341771..26abf3e4 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -76,7 +76,7 @@ tools_init() fi SCRIPTNAME=tools.sh - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then html_head "Tools Tests with ECC" else html_head "Tools Tests" @@ -372,7 +372,7 @@ tools_p12_export_list_import_with_default_ciphers() export_list_import "DEFAULT" "DEFAULT" - if [ -n "$NSS_ENABLE_ECC" ] ; then + if [ -z "$NSS_DISABLE_ECC" ] ; then echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" echo " -w ${R_PWFILE}" From 5f6fb751670afc83cdfcfc21eb5018b345382496 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Wed, 11 Jul 2018 20:39:02 +0800 Subject: [PATCH 07/20] cherry-picked mozilla NSS upstream changes (to rev b07697c94038, which is on par with 3.16.2): bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171 --- security/nss/cmd/btoa/btoa.c | 20 +- security/nss/cmd/certutil/certext.c | 344 ++- security/nss/cmd/certutil/certutil.c | 205 +- security/nss/cmd/certutil/certutil.h | 7 +- security/nss/cmd/httpserv/httpserv.c | 4 +- security/nss/cmd/lib/secutil.c | 35 +- security/nss/cmd/lib/secutil.h | 3 + security/nss/cmd/pp/pp.c | 50 +- security/nss/coreconf/Linux.mk | 4 +- security/nss/doc/certutil.xml | 12 +- security/nss/doc/cmsutil.xml | 24 +- security/nss/doc/crlutil.xml | 111 +- security/nss/doc/html/certutil.html | 10 +- security/nss/doc/html/cmsutil.html | 9 +- security/nss/doc/html/crlutil.html | 39 +- security/nss/doc/html/modutil.html | 12 +- security/nss/doc/html/pk12util.html | 25 +- security/nss/doc/html/pp.html | 6 +- security/nss/doc/html/signtool.html | 40 +- security/nss/doc/html/signver.html | 8 +- security/nss/doc/html/ssltap.html | 27 +- security/nss/doc/html/vfychain.html | 2 +- security/nss/doc/html/vfyserv.html | 2 +- security/nss/doc/modutil.xml | 8 +- security/nss/doc/nroff/certutil.1 | 20 +- security/nss/doc/nroff/cmsutil.1 | 19 +- security/nss/doc/nroff/crlutil.1 | 69 +- security/nss/doc/nroff/modutil.1 | 18 +- security/nss/doc/nroff/pk12util.1 | 139 +- security/nss/doc/nroff/pp.1 | 4 +- security/nss/doc/nroff/signtool.1 | 26 +- security/nss/doc/nroff/signver.1 | 8 +- security/nss/doc/nroff/ssltap.1 | 50 +- security/nss/doc/nroff/vfychain.1 | 4 +- security/nss/doc/nroff/vfyserv.1 | 4 +- security/nss/doc/pk12util.xml | 220 +- security/nss/doc/signtool.xml | 99 +- security/nss/doc/signver.xml | 2 +- security/nss/doc/ssltap.xml | 60 +- security/nss/lib/certdb/alg1485.c | 10 +- security/nss/lib/certdb/certdb.h | 20 +- security/nss/lib/certdb/genname.c | 37 +- security/nss/lib/certdb/genname.h | 3 + security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/cryptohi/cryptohi.h | 2 +- security/nss/lib/cryptohi/secsign.c | 2 +- security/nss/lib/freebl/Makefile | 2 +- security/nss/lib/freebl/blapi.h | 2 +- security/nss/lib/freebl/loader.c | 2 +- security/nss/lib/freebl/loader.h | 2 +- security/nss/lib/freebl/rsa.c | 75 +- security/nss/lib/jar/jarver.c | 5 - security/nss/lib/nss/nss.def | 9 + security/nss/lib/nss/nss.h | 8 +- security/nss/lib/pk11wrap/pk11cert.c | 7 + security/nss/lib/pk11wrap/pk11load.c | 37 +- security/nss/lib/pk11wrap/pk11obj.c | 113 +- security/nss/lib/pk11wrap/pk11pub.h | 36 +- security/nss/lib/softoken/legacydb/lgattr.c | 6 +- security/nss/lib/softoken/legacydb/lgutil.c | 2 +- security/nss/lib/softoken/legacydb/pcertdb.c | 7 +- security/nss/lib/softoken/legacydb/pcertt.h | 24 +- security/nss/lib/softoken/manifest.mn.orig | 63 - security/nss/lib/softoken/pkcs11.c | 153 +- security/nss/lib/softoken/pkcs11c.c | 66 +- security/nss/lib/softoken/softkver.h | 8 +- security/nss/lib/ssl/SSLerrs.h | 6 + security/nss/lib/ssl/dtlscon.c | 527 ++--- security/nss/lib/ssl/ssl3con.c | 38 +- security/nss/lib/ssl/ssl3ecc.c | 812 +++---- security/nss/lib/ssl/ssl3ext.c | 2034 ++++++++-------- security/nss/lib/ssl/ssl3prot.h | 145 +- security/nss/lib/ssl/sslerr.h | 255 +- security/nss/lib/ssl/sslproto.h | 238 +- security/nss/lib/ssl/sslsock.c | 2201 +++++++++--------- security/nss/lib/util/nssutil.h | 8 +- security/nss/lib/util/secerr.h | 354 +-- security/nss/tests/all.sh | 10 +- security/nss/tests/cert/cert.sh | 196 ++ security/nss/tests/cipher/cipher.sh | 10 +- 80 files changed, 5073 insertions(+), 4215 deletions(-) delete mode 100644 security/nss/lib/softoken/manifest.mn.orig diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c index 7cee58ac..9416feb4 100644 --- a/security/nss/cmd/btoa/btoa.c +++ b/security/nss/cmd/btoa/btoa.c @@ -92,6 +92,10 @@ static void Usage(char *progName) "-i input"); fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", "-o output"); + fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n", + "-w suffix"); + fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n", + ""); exit(-1); } @@ -102,6 +106,7 @@ int main(int argc, char **argv) FILE *inFile, *outFile; PLOptState *optstate; PLOptStatus status; + char *suffix = NULL; inFile = 0; outFile = 0; @@ -111,7 +116,7 @@ int main(int argc, char **argv) progName = progName ? progName+1 : argv[0]; /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); + optstate = PL_CreateOptState(argc, argv, "i:o:w:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { default: @@ -135,6 +140,13 @@ int main(int argc, char **argv) return -1; } break; + + case 'w': + if (!strcmp(optstate->value, "c")) + suffix = strdup("CERTIFICATE"); + else + suffix = strdup(optstate->value); + break; } } if (status == PL_OPT_BAD) @@ -171,11 +183,17 @@ int main(int argc, char **argv) #endif outFile = stdout; } + if (suffix) { + fprintf(outFile, "-----BEGIN %s-----\n", suffix); + } rv = encode_file(outFile, inFile); if (rv != SECSuccess) { fprintf(stderr, "%s: lossage: error=%d errno=%d\n", progName, PORT_GetError(), errno); return -1; } + if (suffix) { + fprintf(outFile, "-----END %s-----\n", suffix); + } return 0; } diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index ea423706..a87b4b1f 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -27,6 +27,8 @@ #include "xconst.h" #include "prprf.h" #include "certutil.h" +#include "genname.h" +#include "prnetdb.h" #define GEN_BREAK(e) rv=e; break; @@ -665,53 +667,213 @@ AddNscpCertType (void *extHandle, const char *userSuppliedValue) } +SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen) +{ + SECStatus rv; + SECOidTag tag; + SECOidData *coid; + + /* try dotted form first */ + rv = SEC_StringToOID(arena, to, from, fromLen); + if (rv == SECSuccess) { + return rv; + } + + /* Check to see if it matches a name in our oid table. + * SECOID_FindOIDByTag returns NULL if tag is out of bounds. + */ + tag = SEC_OID_UNKNOWN; + coid = SECOID_FindOIDByTag(tag); + for ( ; coid; coid = SECOID_FindOIDByTag(++tag)) { + if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) { + break; + } + } + if (coid == NULL) { + /* none found */ + return SECFailure; + } + return SECITEM_CopyItem(arena, to, &coid->oid); +} + static SECStatus AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp, - const char *names, CERTGeneralNameType type) + const char *constNames, CERTGeneralNameType type) { CERTGeneralName *nameList = NULL; CERTGeneralName *current = NULL; PRCList *prev = NULL; - const char *cp; - char *tbuf; + char *cp, *nextName = NULL; SECStatus rv = SECSuccess; + PRBool readTypeFromName = (PRBool) (type == 0); + char *names = NULL; + + if (constNames) + names = PORT_Strdup(constNames); + + if (names == NULL) { + return SECFailure; + } /* * walk down the comma separated list of names. NOTE: there is * no sanity checks to see if the email address look like * email addresses. + * + * Each name may optionally be prefixed with a type: string. + * If it isn't, the type from the previous name will be used. + * If there wasn't a previous name yet, the type given + * as a parameter to this function will be used. + * If the type value is zero (undefined), we'll fail. */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { + for (cp=names; cp; cp=nextName) { int len; - char *end; + char *oidString; + char *nextComma; + CERTName *name; + PRStatus status; + unsigned char *data; + PRNetAddr addr; + nextName = NULL; if (*cp == ',') { cp++; } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { + nextComma = PORT_Strchr(cp, ','); + if (nextComma) { + *nextComma = 0; + nextName = nextComma+1; + } + if ((*cp) == 0) { continue; } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); + if (readTypeFromName) { + char *save=cp; + /* Because we already replaced nextComma with end-of-string, + * a found colon belongs to the current name */ + cp = PORT_Strchr(cp, ':'); + if (cp) { + *cp = 0; + cp++; + type = CERT_GetGeneralNameTypeFromString(save); + if (*cp == 0) { + continue; + } + } else { + if (type == 0) { + /* no type known yet */ + rv = SECFailure; + break; + } + cp = save; + } + } + + current = PORT_ArenaZNew(arena, CERTGeneralName); if (!current) { rv = SECFailure; break; } + + current->type = type; + switch (type) { + /* string types */ + case certRFC822Name: + case certDNSName: + case certURI: + current->name.other.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + current->name.other.len = PORT_Strlen(cp); + break; + /* unformated data types */ + case certX400Address: + case certEDIPartyName: + /* turn a string into a data and len */ + rv = SECFailure; /* punt on these for now */ + fprintf(stderr,"EDI Party Name and X.400 Address not supported\n"); + break; + case certDirectoryName: + /* certDirectoryName */ + name = CERT_AsciiToName(cp); + if (name == NULL) { + rv = SECFailure; + fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp); + break; + } + rv = CERT_CopyName(arena,¤t->name.directoryName,name); + CERT_DestroyName(name); + break; + /* types that require more processing */ + case certIPAddress: + /* convert the string to an ip address */ + status = PR_StringToNetAddr(cp, &addr); + if (status != PR_SUCCESS) { + rv = SECFailure; + fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp); + break; + } + + if (PR_NetAddrFamily(&addr) == PR_AF_INET) { + len = sizeof(addr.inet.ip); + data = (unsigned char *)&addr.inet.ip; + } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) { + len = sizeof(addr.ipv6.ip); + data = (unsigned char *)&addr.ipv6.ip; + } else { + fprintf(stderr, "Invalid IP Family\n"); + rv = SECFailure; + break; + } + current->name.other.data = PORT_ArenaAlloc(arena, len); + if (current->name.other.data == NULL) { + rv = SECFailure; + break; + } + current->name.other.len = len; + PORT_Memcpy(current->name.other.data,data, len); + break; + case certRegisterID: + rv = GetOidFromString(arena, ¤t->name.other, cp, strlen(cp)); + break; + case certOtherName: + oidString = cp; + cp = PORT_Strchr(cp,';'); + if (cp == NULL) { + rv = SECFailure; + fprintf(stderr, "missing name in other name\n"); + break; + } + *cp++ = 0; + current->name.OthName.name.data = + (unsigned char *) PORT_ArenaStrdup(arena,cp); + if (current->name.OthName.name.data == NULL) { + rv = SECFailure; + break; + } + current->name.OthName.name.len = PORT_Strlen(cp); + rv = GetOidFromString(arena, ¤t->name.OthName.oid, + oidString, strlen(oidString)); + break; + default: + rv = SECFailure; + fprintf(stderr, "Missing or invalid Subject Alternate Name type\n"); + break; + } + if (rv == SECFailure) { + break; + } + if (prev) { current->l.prev = prev; prev->next = &(current->l); } else { nameList = current; } - current->type = type; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); prev = &(current->l); } + PORT_Free(names); /* at this point nameList points to the head of a doubly linked, * but not yet circular, list and current points to its tail. */ if (rv == SECSuccess && nameList) { @@ -749,6 +911,12 @@ AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); } +static SECStatus +AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp, + const char *altNames) +{ + return AddSubjectAltNames(arena, existingListp, altNames, 0); +} static SECStatus AddBasicConstraint(void *extHandle) @@ -1746,12 +1914,73 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) return (rv); } +/* Example of valid input: + * 1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz + */ +static SECStatus +parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen, + const char **crit, int *critLen, + const char **filename, int *filenameLen, + const char **next) +{ + const char *nextColon; + const char *nextComma; + const char *iter = nextExtension; + + if (!iter || !*iter) + return SECFailure; + + /* Require colons at earlier positions than nextComma (or end of string ) */ + nextComma = strchr(iter, ','); + + *oid = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *oidLen = (nextColon - *oid); + + if (!*oidLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *crit = iter; + nextColon = strchr(iter, ':'); + if (!nextColon || (nextComma && nextColon > nextComma)) + return SECFailure; + *critLen = (nextColon - *crit); + + if (!*critLen) + return SECFailure; + + iter = nextColon; + ++iter; + + *filename = iter; + if (nextComma) { + *filenameLen = (nextComma - *filename); + iter = nextComma; + ++iter; + *next = iter; + } else { + *filenameLen = strlen(*filename); + *next = NULL; + } + + if (!*filenameLen) + return SECFailure; + + return SECSuccess; +} + SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList) + certutilExtnList extList, const char *extGeneric) { SECStatus rv = SECSuccess; char *errstring = NULL; + const char *nextExtension = NULL; do { /* Add key usage extension */ @@ -1864,7 +2093,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, } } - if (emailAddrs || dnsNames) { + if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) { PLArenaPool *arena; CERTGeneralName *namelist = NULL; SECItem item = { 0, NULL, 0 }; @@ -1874,10 +2103,21 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, rv = SECFailure; break; } + + rv = SECSuccess; - rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); + if (emailAddrs) { + rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs); + } - rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + if (dnsNames) { + rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); + } + + if (extList[ext_subjectAltName].activated) { + rv |= AddGeneralSubjectAlt(arena, &namelist, + extList[ext_subjectAltName].arg); + } if (rv == SECSuccess) { rv = CERT_EncodeAltNameExtension(arena, namelist, &item); @@ -1898,5 +2138,71 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, if (rv != SECSuccess) { SECU_PrintError(progName, "Problem creating %s extension", errstring); } + + nextExtension = extGeneric; + while (nextExtension && *nextExtension) { + SECItem oid_item, value; + PRBool isCritical; + const char *oid, *crit, *filename, *next; + int oidLen, critLen, filenameLen; + PRFileDesc *inFile = NULL; + char *zeroTerminatedFilename = NULL; + + rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen, + &filename, &filenameLen, &next); + if (rv!= SECSuccess) { + SECU_PrintError(progName, + "error parsing generic extension parameter %s", + nextExtension); + break; + } + oid_item.data = NULL; + oid_item.len = 0; + rv = GetOidFromString(NULL, &oid_item, oid, oidLen); + if (rv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", nextExtension); + break; + } + if (!strncmp("critical", crit, critLen)) { + isCritical = PR_TRUE; + } else if (!strncmp("not-critical", crit, critLen)) { + isCritical = PR_FALSE; + } else { + rv = SECFailure; + SECU_PrintError(progName, "expected 'critical' or 'not-critical'"); + break; + } + zeroTerminatedFilename = PL_strndup(filename, filenameLen); + if (!zeroTerminatedFilename) { + rv = SECFailure; + SECU_PrintError(progName, "out of memory"); + break; + } + rv = SECFailure; + inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0); + if (inFile) { + rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; + } + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read file %s", + zeroTerminatedFilename); + } + PL_strfree(zeroTerminatedFilename); + if (rv != SECSuccess) { + break; + } + rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical, + PR_FALSE /*copyData*/); + if (rv != SECSuccess) { + SECITEM_FreeItem(&oid_item, PR_FALSE); + SECITEM_FreeItem(&value, PR_FALSE); + SECU_PrintError(progName, "failed to add extension %s", nextExtension); + break; + } + nextExtension = next; + } + return rv; } diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 1c33e6fc..b2f12f3f 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -182,7 +182,7 @@ static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, const char *emailAddrs, const char *dnsNames, - certutilExtnList extnList, + certutilExtnList extnList, const char *extGeneric, /*out*/ SECItem *result) { CERTSubjectPublicKeyInfo *spki; @@ -220,7 +220,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, PORT_FreeArena (arena, PR_FALSE); return SECFailure; } - if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList) + if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) != SECSuccess) { PORT_FreeArena (arena, PR_FALSE); return SECFailure; @@ -420,11 +420,64 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii) } static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) +outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii, + SECItem *extensionOID, PRFileDesc *outfile) { SECItem data; PRInt32 numBytes; + SECStatus rv = SECFailure; + if (extensionOID) { + int i; + PRBool found = PR_FALSE; + for (i=0; the_cert->extensions[i] != NULL; i++) { + CERTCertExtension *extension = the_cert->extensions[i]; + if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) { + found = PR_TRUE; + numBytes = PR_Write(outfile, extension->value.data, + extension->value.len); + rv = SECSuccess; + if (numBytes != (PRInt32) extension->value.len) { + SECU_PrintSystemError(progName, "error writing extension"); + rv = SECFailure; + } + rv = SECSuccess; + break; + } + } + if (!found) { + SECU_PrintSystemError(progName, "extension not found"); + rv = SECFailure; + } + } else { + data.data = the_cert->derCert.data; + data.len = the_cert->derCert.len; + if (ascii) { + PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); + rv = SECSuccess; + } else if (raw) { + numBytes = PR_Write(outfile, data.data, data.len); + rv = SECSuccess; + if (numBytes != (PRInt32) data.len) { + SECU_PrintSystemError(progName, "error writing raw cert"); + rv = SECFailure; + } + } else { + rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); + if (rv != SECSuccess) { + SECU_PrintError(progName, "problem printing certificate"); + } + } + } + return rv; +} + +static SECStatus +listCerts(CERTCertDBHandle *handle, char *name, char *email, + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, void *pwarg) +{ SECStatus rv = SECFailure; CERTCertList *certs; CERTCertListNode *node; @@ -461,34 +514,13 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } } } else if (email) { - CERTCertificate *the_cert; certs = PK11_FindCertsFromEmailAddress(email, NULL); if (!certs) { SECU_PrintError(progName, @@ -498,28 +530,8 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), - NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - rv = SECSuccess; - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - } + rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID, + outfile); if (rv != SECSuccess) { break; } @@ -547,8 +559,9 @@ listCerts(CERTCertDBHandle *handle, char *name, char *email, PK11SlotInfo *slot, static SECStatus ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, - PK11SlotInfo *slot, PRBool raw, PRBool ascii, PRFileDesc *outfile, - secuPWData *pwdata) + PK11SlotInfo *slot, PRBool raw, PRBool ascii, + SECItem *extensionOID, + PRFileDesc *outfile, secuPWData *pwdata) { SECStatus rv; @@ -569,7 +582,8 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, char *email, CERT_DestroyCertList(list); return SECSuccess; } - rv = listCerts(handle, nickname, email, slot, raw, ascii, outfile, pwdata); + rv = listCerts(handle, nickname, email, slot, raw, ascii, + extensionOID, outfile, pwdata); return rv; } @@ -615,6 +629,15 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date, case 'O': usage = certificateUsageStatusResponder; break; + case 'L': + usage = certificateUsageSSLCA; + break; + case 'A': + usage = certificateUsageAnyCA; + break; + case 'Y': + usage = certificateUsageVerifyCA; + break; case 'C': usage = certificateUsageSSLClient; break; @@ -989,7 +1012,7 @@ PrintSyntax(char *progName) FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", progName); - FPS "\t\t [-d certdir] [-P dbprefix]\n"); + FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); @@ -1008,7 +1031,8 @@ PrintSyntax(char *progName) "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" - "\t\t [--extSKID] [--extNC]\n", progName); + "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n" + "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName); FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); exit(1); } @@ -1308,7 +1332,7 @@ static void luL(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "L")); if (ul == usage_all || !command || is_my_command) - FPS "%-15s List all certs, or print out a single named cert\n", + FPS "%-15s List all certs, or print out a single named cert (or a subset)\n", "-L"); if (ul == usage_selected && !is_my_command) return; @@ -1327,6 +1351,9 @@ static void luL(enum usage_level ul, const char *command) " -r"); FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", " -a"); + FPS "%-20s \n" + "%-20s For single cert, print binary DER encoding of extension OID\n", + " --dump-ext-val OID", ""); FPS "\n"); } @@ -1472,6 +1499,9 @@ static void luV(enum usage_level ul, const char *command) FPS "%-20s Specify certificate usage:\n", " -u certusage"); FPS "%-25s C \t SSL Client\n", ""); FPS "%-25s V \t SSL Server\n", ""); + FPS "%-25s L \t SSL CA\n", ""); + FPS "%-25s A \t Any CA\n", ""); + FPS "%-25s Y \t Verify CA\n", ""); FPS "%-25s S \t Email signer\n", ""); FPS "%-25s R \t Email Recipient\n", ""); FPS "%-25s O \t OCSP status responder\n", ""); @@ -1638,6 +1668,18 @@ static void luS(enum usage_level ul, const char *command) " See -G for available key flag options"); FPS "%-20s Create a name constraints extension\n", " --extNC "); + FPS "%-20s \n" + "%-20s Create a Subject Alt Name extension with one or multiple names\n", + " --extSAN type:name[,type:name]...", ""); + FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", ""); + FPS "%-20s other, registerid, rfc822, uri, x400, x400addr\n", ""); + FPS "%-20s \n" + "%-20s Add one or multiple extensions that certutil cannot encode yet,\n" + "%-20s by loading their encodings from external files.\n", + " --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", ""); + FPS "%-20s - OID (example): 1.2.3.4\n", ""); + FPS "%-20s - critical-flag: critical or not-critical\n", ""); + FPS "%-20s - filename: full path to a file containing an encoded extension\n", ""); FPS "\n"); } @@ -1836,6 +1878,7 @@ CreateCert( PRBool ascii, PRBool selfsign, certutilExtnList extnList, + const char *extGeneric, int certVersion, SECItem * certDER) { @@ -1864,7 +1907,7 @@ CreateCert( GEN_BREAK (SECFailure) } - rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList); + rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric); if (rv != SECSuccess) { GEN_BREAK (SECFailure) } @@ -2212,6 +2255,9 @@ enum certutilOpts { opt_KeyAttrFlags, opt_EmptyPassword, opt_CertVersion, + opt_AddSubjectAltNameExt, + opt_DumpExtensionValue, + opt_GenericExtensions, opt_Help }; @@ -2323,6 +2369,11 @@ secuCommandFlag options_init[] = "empty-password"}, { /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE, "certVersion"}, + { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"}, + { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE, + "dump-ext-val"}, + { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, + "extGeneric"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2663,9 +2714,10 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } - /* if -L is given raw or ascii mode, it must be for only one cert. */ + /* if -L is given raw, ascii or dump mode, it must be for only one cert. */ if (certutil.commands[cmd_ListCerts].activated && (certutil.options[opt_ASCIIForIO].activated || + certutil.options[opt_DumpExtensionValue].activated || certutil.options[opt_BinaryDER].activated) && !certutil.options[opt_Nickname].activated) { PR_fprintf(PR_STDERR, @@ -2985,10 +3037,29 @@ merge_fail: /* List certs (-L) */ if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, email, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - outFile, &pwdata); + if (certutil.options[opt_DumpExtensionValue].activated) { + const char *oid_str; + SECItem oid_item; + SECStatus srv; + oid_item.data = NULL; + oid_item.len = 0; + oid_str = certutil.options[opt_DumpExtensionValue].arg; + srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str)); + if (srv != SECSuccess) { + SECU_PrintError(progName, "malformed extension OID %s", + oid_str); + goto shutdown; + } + rv = ListCerts(certHandle, name, email, slot, + PR_TRUE /*binary*/, PR_FALSE /*ascii*/, + &oid_item, + outFile, &pwdata); + } else { + rv = ListCerts(certHandle, name, email, slot, + certutil.options[opt_BinaryDER].activated, + certutil.options[opt_ASCIIForIO].activated, + NULL, outFile, &pwdata); + } goto shutdown; } if (certutil.commands[cmd_DumpChain].activated) { @@ -3179,6 +3250,12 @@ merge_fail: certutil_extns[ext_extKeyUsage].arg = certutil.options[opt_AddCmdExtKeyUsageExt].arg; } + certutil_extns[ext_subjectAltName].activated = + certutil.options[opt_AddSubjectAltNameExt].activated; + if (certutil_extns[ext_subjectAltName].activated) { + certutil_extns[ext_subjectAltName].arg = + certutil.options[opt_AddSubjectAltNameExt].arg; + } certutil_extns[ext_authInfoAcc].activated = certutil.options[opt_AddAuthInfoAccExt].activated; @@ -3218,6 +3295,8 @@ merge_fail: certutil.options[opt_ExtendedEmailAddrs].arg, certutil.options[opt_ExtendedDNSNames].arg, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3240,6 +3319,8 @@ merge_fail: NULL, NULL, nullextnlist, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), &certReqDER); if (rv) goto shutdown; @@ -3259,6 +3340,8 @@ merge_fail: certutil.commands[cmd_CreateNewCert].activated, certutil.options[opt_SelfSign].activated, certutil_extns, + (certutil.options[opt_GenericExtensions].activated ? + certutil.options[opt_GenericExtensions].arg : NULL), certVersion, &certDER); if (rv) diff --git a/security/nss/cmd/certutil/certutil.h b/security/nss/cmd/certutil/certutil.h index d4388fc3..92866490 100644 --- a/security/nss/cmd/certutil/certutil.h +++ b/security/nss/cmd/certutil/certutil.h @@ -35,6 +35,7 @@ enum certutilExtns { ext_inhibitAnyPolicy, ext_subjectKeyID, ext_nameConstraints, + ext_subjectAltName, ext_End }; @@ -47,7 +48,11 @@ typedef ExtensionEntry certutilExtnList[ext_End]; extern SECStatus AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList); + certutilExtnList extList, const char *extGeneric); + +extern SECStatus +GetOidFromString(PLArenaPool *arena, SECItem *to, + const char *from, size_t fromLen); #endif /* _CERTUTIL_H */ diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index 6f37e42a..875b62bb 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -1312,8 +1312,10 @@ main(int argc, char **argv) inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0); if (inFile) { rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); + PR_Close(inFile); + inFile = NULL; } - if (!inFile || rv != SECSuccess) { + if (rv != SECSuccess) { fprintf(stderr, "unable to read crl file %s\n", revoInfo->crlFilename); exit(1); diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index d06dcf3c..0767be98 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -52,6 +52,19 @@ static char consoleName[] = { #include "ssl.h" #include "sslproto.h" +static PRBool utf8DisplayEnabled = PR_FALSE; + +void +SECU_EnableUtf8Display(PRBool enable) +{ + utf8DisplayEnabled = enable; +} + +PRBool +SECU_GetUtf8DisplayEnabled(void) +{ + return utf8DisplayEnabled; +} static void secu_ClearPassword(char *p) @@ -609,12 +622,22 @@ secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m, for (i = 0; i < si->len; i++) { unsigned char val = si->data[i]; + unsigned char c; if (SECU_GetWrapEnabled() && column > 76) { SECU_Newline(out); SECU_Indent(out, level); column = level*INDENT_MULT; } - fprintf(out,"%c", printable[val]); column++; + if (utf8DisplayEnabled) { + if (val < 32) + c = '.'; + else + c = val; + } else { + c = printable[val]; + } + fprintf(out,"%c", c); + column++; } if (quotes) { @@ -2441,19 +2464,19 @@ loser: int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) { - unsigned char fingerprint[20]; + unsigned char fingerprint[SHA256_LENGTH]; char *fpStr = NULL; int err = PORT_GetError(); SECStatus rv; SECItem fpItem; - /* print MD5 fingerprint */ + /* Print SHA-256 fingerprint */ memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); + rv = PK11_HashBuf(SEC_OID_SHA256, fingerprint, derCert->data, derCert->len); fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; + fpItem.len = SHA256_LENGTH; fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):", m); + SECU_Indent(out, level); fprintf(out, "%s (SHA-256):", m); if (SECU_GetWrapEnabled()) { fprintf(out, "\n"); SECU_Indent(out, level+1); diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 71a7f59b..2a299918 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -139,6 +139,9 @@ SECU_GetClientAuthData(void *arg, PRFileDesc *fd, extern PRBool SECU_GetWrapEnabled(void); extern void SECU_EnableWrap(PRBool enable); +extern PRBool SECU_GetUtf8DisplayEnabled(void); +extern void SECU_EnableUtf8Display(PRBool enable); + /* revalidate the cert and print information about cert verification * failure at time == now */ extern void diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index c97b3e79..a739a915 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -22,22 +22,27 @@ extern int fprintf(FILE *, char *, ...); static void Usage(char *progName) { fprintf(stderr, - "Usage: %s -t type [-a] [-i input] [-o output] [-w]\n", + "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); - fprintf(stderr, "%-20s Specify the input type (must be one of %s,\n", + fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); + fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", "-t type", SEC_CT_PRIVATE_KEY); - fprintf(stderr, "%-20s %s, %s, %s,\n", "", SEC_CT_PUBLIC_KEY, + fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); - fprintf(stderr, "%-20s %s, %s, %s or %s)\n", "", SEC_CT_CERTIFICATE_ID, + fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); - fprintf(stderr, "%-20s Input is in ascii encoded form (RFC1113)\n", + fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID, + SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); + fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n", "-a"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", + fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n", "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", + fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n", "-o output"); - fprintf(stderr, "%-20s Don't wrap long output lines\n", + fprintf(stderr, "%-14s Don't wrap long output lines\n", "-w"); + fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n", + "-u"); exit(-1); } @@ -59,7 +64,7 @@ int main(int argc, char **argv) inFile = 0; outFile = 0; typeTag = 0; - optstate = PL_CreateOptState(argc, argv, "at:i:o:w"); + optstate = PL_CreateOptState(argc, argv, "at:i:o:uw"); while ( PL_GetNextOpt(optstate) == PL_OPT_OK ) { switch (optstate->option) { case '?': @@ -92,6 +97,10 @@ int main(int argc, char **argv) typeTag = strdup(optstate->value); break; + case 'u': + SECU_EnableUtf8Display(PR_TRUE); + break; + case 'w': wrap = PR_FALSE; break; @@ -125,27 +134,34 @@ int main(int argc, char **argv) SECU_EnableWrap(wrap); /* Pretty print it */ - if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) { + if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || + PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, SECU_PrintCertificate); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || + PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, SECU_PrintDumpDerIssuerAndSerial); - } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 || + PORT_Strcmp(typeTag, "cr") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0, SECU_PrintCertificateRequest); - } else if (PORT_Strcmp (typeTag, SEC_CT_CRL) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) { rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl); #ifdef HAVE_EPV_TEMPLATE - } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 || + PORT_Strcmp(typeTag, "sk") == 0) { rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0); #endif - } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 || + PORT_Strcmp (typeTag, "pk") == 0) { rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 || + PORT_Strcmp (typeTag, "p7") == 0) { rv = SECU_PrintPKCS7ContentInfo(outFile, &data, "PKCS #7 Content Info", 0); - } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0) { + } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 || + PORT_Strcmp (typeTag, "n") == 0) { rv = SECU_PrintDERName(outFile, &data, "Name", 0); } else { fprintf(stderr, "%s: don't know how to print out '%s' files\n", diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 36995ba8..6567f25f 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -130,7 +130,7 @@ ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc ifdef USE_PTHREADS @@ -140,7 +140,7 @@ endif ARCH = linux DSO_CFLAGS = -fPIC -DSO_LDOPTS = -shared $(ARCHFLAG) +DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections # The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8) # incorrectly reports undefined references in the libraries we link with, so # we don't use -z defs there. diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index a86e954f..87280679 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -196,10 +196,10 @@ If this option is not used, the validity check defaults to the current system ti certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). NSS recognizes the following prefixes: - sql: requests the newer database - dbm: requests the legacy database + sql: requests the newer database + dbm: requests the legacy database - If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. + If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. @@ -432,11 +432,11 @@ of the attribute codes: -1 | --keyUsage keyword,keyword - Set a Netscape Certificate Type Extension in the certificate. There are several available keywords: + Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords: - digital signature + digitalSignature @@ -498,7 +498,7 @@ of the attribute codes: -5 | --nsCertType keyword,keyword - Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords: + Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords: diff --git a/security/nss/doc/cmsutil.xml b/security/nss/doc/cmsutil.xml index ba45b99f..c7d2408d 100644 --- a/security/nss/doc/cmsutil.xml +++ b/security/nss/doc/cmsutil.xml @@ -61,16 +61,16 @@ Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: - - -D - Decode a message. - - -C Encrypt a message. + + -D + Decode a message. + + -E Envelope a message. @@ -267,23 +267,11 @@ cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [ - + See also certutil(1) - - - See Also - - - - - - - - - Additional Resources diff --git a/security/nss/doc/crlutil.xml b/security/nss/doc/crlutil.xml index a6dddd4d..e77570e2 100644 --- a/security/nss/doc/crlutil.xml +++ b/security/nss/doc/crlutil.xml @@ -75,15 +75,6 @@ The options and arguments for the crlutil command are defined as follows: - - -G - - -Create new Certificate Revocation List(CRL). - - - - -D @@ -93,16 +84,6 @@ Delete Certificate Revocation List from cert database. - - - -I - - -Import a CRL to the cert database - - - - -E @@ -112,6 +93,23 @@ Erase all CRLs of specified type from the cert database + + -G + + +Create new Certificate Revocation List (CRL). + + + + + + -I + + +Import a CRL to the cert database + + + -L @@ -122,15 +120,6 @@ List existing CRL located in cert database file. - - -S - - -Show contents of a CRL file which isn't stored in the database. - - - - -M @@ -141,38 +130,20 @@ Modify existing CRL which can be located in cert db or in arbitrary file. If loc - -G + -S - +Show contents of a CRL file which isn't stored in the database. Arguments - Option arguments modify an action and are lowercase. + Option arguments modify an action. - - -B - - -Bypass CA signature checks. - - - - - - -P dbprefix - - -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. - - - - -a @@ -182,6 +153,15 @@ Use ASCII format or allow the use of ASCII format for input and output. This for + + -B + + +Bypass CA signature checks. + + + + -c crl-gen-file @@ -204,19 +184,19 @@ The NSS database files must reside in the same directory. - -i crl-file + -f password-file -Specify the file which contains the CRL to import or show. +Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. - -f password-file + -i crl-file -Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. +Specify the file which contains the CRL to import or show. @@ -248,6 +228,15 @@ Specify the output file name for new CRL. Bracket the output-file string with qu + + -P dbprefix + + +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. + + + + -t crl-type @@ -355,7 +344,7 @@ Implemented Extensions * Add The Authority Key Identifier extension: - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. authKeyId critical [key-id | dn cert-serial] @@ -504,21 +493,9 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr - - See also - certutil(1) - - - See Also - - - - - - - + certutil(1) diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 34430f2c..c99513fc 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

@@ -10,7 +10,7 @@ For certificate requests, ASCII output defaults to standard output unless redire

If this option is not used, the validity check defaults to the current system time.

-c issuer

Identify the certificate of the CA from which a new certificate will derive its authenticity. Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string - with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

-f password-file

Specify a file that will automatically supply the password to include in a certificate + with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

-f password-file

Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

The valid key type options are rsa, dsa, ec, or all. The default @@ -59,8 +59,8 @@ of the attribute codes: the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is not used, the validity period begins at the current system time. The length - of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:

  • - digital signature + of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • + digitalSignature

  • nonRepudiation

  • @@ -75,7 +75,7 @@ of the attribute codes: crlSigning

  • critical -

-2

Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. certutil prompts for the certificate constraint extension to select.

X.509 certificate extensions are described in RFC 5280.

-3

Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.

X.509 certificate extensions are described in RFC 5280.

-4

Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). certutil prompts for the URL.

X.509 certificate extensions are described in RFC 5280.

-5 | --nsCertType keyword,keyword

Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:

  • +

-2

Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. certutil prompts for the certificate constraint extension to select.

X.509 certificate extensions are described in RFC 5280.

-3

Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.

X.509 certificate extensions are described in RFC 5280.

-4

Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). certutil prompts for the URL.

X.509 certificate extensions are described in RFC 5280.

-5 | --nsCertType keyword,keyword

Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:

  • sslClient

  • sslServer diff --git a/security/nss/doc/html/cmsutil.html b/security/nss/doc/html/cmsutil.html index 2b5249ca..1bed3fe6 100644 --- a/security/nss/doc/html/cmsutil.html +++ b/security/nss/doc/html/cmsutil.html @@ -1,4 +1,4 @@ -CMSUTIL

    CMSUTIL

    Name

    cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    Synopsis

    cmsutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CMSUTIL

    CMSUTIL

    Name

    cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    Synopsis

    cmsutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The cmsutil command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.

    To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. @@ -8,7 +8,7 @@ To see a usage string, issue the command without options.

    Options

    Options specify an action. Option arguments modify an action. The options and arguments for the cmsutil command are defined as follows: -

    -D

    Decode a message.

    -C

    Encrypt a message.

    -E

    Envelope a message.

    -O

    Create a certificates-only message.

    -S

    Sign a message.

    Arguments

    Option arguments modify an action.

    -b

    Decode a batch of files named in infile.

    -c content

    Use this detached content (decode only).

    -d dbdir

    Specify the key/certificate database directory (default is ".")

    -e envfile

    Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).

    -f pwfile

    Use password file to set password on all PKCS#11 tokens.

    -G

    Include a signing time attribute (sign only).

    -H hash

    Use specified hash algorithm (default:SHA1).

    -h num

    Generate email headers with info about CMS message (decode only).

    -i infile

    Use infile as a source of data (default is stdin).

    -k

    Keep decoded encryption certs in permanent cert db.

    -N nickname

    Specify nickname of certificate to sign with (sign only).

    -n

    Suppress output of contents (decode only).

    -o outfile

    Use outfile as a destination of data (default is stdout).

    -P

    Include an S/MIME capabilities attribute.

    -p password

    Use password as key database password.

    -r recipient1,recipient2, ...

    +

    -C

    Encrypt a message.

    -D

    Decode a message.

    -E

    Envelope a message.

    -O

    Create a certificates-only message.

    -S

    Sign a message.

    Arguments

    Option arguments modify an action.

    -b

    Decode a batch of files named in infile.

    -c content

    Use this detached content (decode only).

    -d dbdir

    Specify the key/certificate database directory (default is ".")

    -e envfile

    Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).

    -f pwfile

    Use password file to set password on all PKCS#11 tokens.

    -G

    Include a signing time attribute (sign only).

    -H hash

    Use specified hash algorithm (default:SHA1).

    -h num

    Generate email headers with info about CMS message (decode only).

    -i infile

    Use infile as a source of data (default is stdin).

    -k

    Keep decoded encryption certs in permanent cert db.

    -N nickname

    Specify nickname of certificate to sign with (sign only).

    -n

    Suppress output of contents (decode only).

    -o outfile

    Use outfile as a destination of data (default is stdout).

    -P

    Include an S/MIME capabilities attribute.

    -p password

    Use password as key database password.

    -r recipient1,recipient2, ...

    Specify list of recipients (email addresses) for an encrypted or enveloped message. For certificates-only message, list of certificates to send.

    -T

    Suppress content in CMS message (sign only).

    -u certusage

    Set type of cert usage (default is certUsageEmailSigner).

    -v

    Print debugging information.

    -Y ekprefnick

    Specify an encryption key preference by nickname.

    Usage

    Encrypt Example

    @@ -21,10 +21,7 @@ cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,reci
 cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."

    Sign Message Example

     cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
-

    See also

    certutil(1)

    See Also

    -

    -

    -

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    +

    See also

    certutil(1)

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

    LICENSE

    Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

    diff --git a/security/nss/doc/html/crlutil.html b/security/nss/doc/html/crlutil.html index 3f39545e..c27a06e7 100644 --- a/security/nss/doc/html/crlutil.html +++ b/security/nss/doc/html/crlutil.html @@ -1,6 +1,6 @@ CRLUTIL
    CRLUTIL

    Name

    crlutil — List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL. -

    Synopsis

    crlutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

    Synopsis

    crlutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The Certificate Revocation List (CRL) Management Tool, crlutil, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.

    The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation. @@ -16,44 +16,42 @@ where options and arguments are combinations of the options and arguments listed

    Options

    Options specify an action. Option arguments modify an action. The options and arguments for the crlutil command are defined as follows: -

    -G

    -Create new Certificate Revocation List(CRL). -

    -D

    +

    -D

    Delete Certificate Revocation List from cert database. -

    -I

    -Import a CRL to the cert database

    -E

    Erase all CRLs of specified type from the cert database +

    -G

    +Create new Certificate Revocation List (CRL). +

    -I

    +Import a CRL to the cert database

    -L

    List existing CRL located in cert database file. -

    -S

    -Show contents of a CRL file which isn't stored in the database.

    -M

    Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format. -

    -G

    - -

    Arguments

    Option arguments modify an action and are lowercase.

    -B

    -Bypass CA signature checks. -

    -P dbprefix

    -Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. -

    -a

    +

    -S

    +Show contents of a CRL file which isn't stored in the database. +

    Arguments

    Option arguments modify an action.

    -a

    Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113. +

    -B

    +Bypass CA signature checks.

    -c crl-gen-file

    Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input.

    -d directory

    Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory.

    The NSS database files must reside in the same directory. -

    -i crl-file

    -Specify the file which contains the CRL to import or show.

    -f password-file

    Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file. +

    -i crl-file

    +Specify the file which contains the CRL to import or show.

    -l algorithm-name

    Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512

    -n nickname

    Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.

    -o output-file

    Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output. +

    -P dbprefix

    +Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -t crl-type

    Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete

    -u url

    @@ -103,7 +101,7 @@ Implemented Extensions

    * Add The Authority Key Identifier extension:

    - The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. +The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.

    authKeyId critical [key-id | dn cert-serial]

    @@ -200,10 +198,7 @@ crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbpr * Import CRL from file: 

               crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] 
-

    See also

    certutil(1)

    See Also

    -

    -

    -

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    +

    See Also

    certutil(1)

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

    Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

    LICENSE

    Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

    diff --git a/security/nss/doc/html/modutil.html b/security/nss/doc/html/modutil.html index e67fde2a..5c53b0a6 100644 --- a/security/nss/doc/html/modutil.html +++ b/security/nss/doc/html/modutil.html @@ -1,7 +1,7 @@ -MODUTIL
    MODUTIL

    Name

    modutil — Manage PKCS #11 module information within the security module database.

    Synopsis

    modutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +MODUTIL

    MODUTIL

    Name

    modutil — Manage PKCS #11 module information within the security module database.

    Synopsis

    modutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

    Description

    The Security Module Database Tool, modutil, is a command-line utility for managing PKCS #11 module information both within secmod.db files and within hardware tokens. modutil can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

    The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.

    Options

    Running modutil always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments. -

    Options

    -add modulename

    Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

    -changepw tokenname

    Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

    -chkfips

    Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

    -create

    Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

    -default modulename

    Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

    -delete modulename

    Delete the named module. The default NSS PKCS #11 module cannot be deleted.

    -disable modulename

    Disable all slots on the named module. Use the -slot argument to disable a specific slot.

    -enable modulename

    Enable all slots on the named module. Use the -slot argument to enable a specific slot.

    -fips [true | false]

    Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

    -force

    Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

    -jar JAR-file

    Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

    -list [modulename]

    Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

    -rawadd

    Add the module spec string to the secmod.db database.

    -rawlist

    Display the module specs for a specified module or for all loadable modules.

    -undefault modulename

    Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

    Arguments

    MODULE

    Give the security module to access.

    MODULESPEC

    Give the security module spec to load into the security database.

    -ciphers cipher-enable-list

    Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

    -dbdir [sql:]directory

    Specify the database directory in which to access or create security module database files.

    modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

    --dbprefix prefix

    Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -installdir root-installation-directory

    Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

    -libfile library-file

    Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

    -mechanisms mechanism-list

    Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

    The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

    modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

    -newpwfile new-password-file

    Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

    -nocertdb

    Do not open the certificate or key databases. This has several effects:

    • With the -create command, only a module security file is created; certificate and key databases are not created.

    • With the -jar command, signatures on the JAR file are not checked.

    • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

    -pwfile old-password-file

    Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

    -secmod secmodname

    Give the name of the security module database (like secmod.db) to load.

    -slot slotname

    Specify a particular slot to be enabled or disabled with the -enable or -disable options.

    -string CONFIG_STRING

    Pass a configuration string for the module being added to the database.

    -tempdir temporary-directory

    Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

    Usage and Examples

    Creating Database Files

    Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

    modutil -create -dbdir [sql:]directory

    Adding a Cryptographic Module

    Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

    modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list]

    For example: +

    Options

    -add modulename

    Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

    -changepw tokenname

    Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

    -chkfips

    Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

    -create

    Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

    -default modulename

    Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

    -delete modulename

    Delete the named module. The default NSS PKCS #11 module cannot be deleted.

    -disable modulename

    Disable all slots on the named module. Use the -slot argument to disable a specific slot.

    The internal NSS PKCS #11 module cannot be disabled.

    -enable modulename

    Enable all slots on the named module. Use the -slot argument to enable a specific slot.

    -fips [true | false]

    Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

    -force

    Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

    -jar JAR-file

    Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

    -list [modulename]

    Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

    -rawadd

    Add the module spec string to the secmod.db database.

    -rawlist

    Display the module specs for a specified module or for all loadable modules.

    -undefault modulename

    Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

    Arguments

    MODULE

    Give the security module to access.

    MODULESPEC

    Give the security module spec to load into the security database.

    -ciphers cipher-enable-list

    Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

    -dbdir [sql:]directory

    Specify the database directory in which to access or create security module database files.

    modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

    --dbprefix prefix

    Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

    -installdir root-installation-directory

    Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

    -libfile library-file

    Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

    -mechanisms mechanism-list

    Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

    The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

    modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

    -newpwfile new-password-file

    Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

    -nocertdb

    Do not open the certificate or key databases. This has several effects:

    • With the -create command, only a module security file is created; certificate and key databases are not created.

    • With the -jar command, signatures on the JAR file are not checked.

    • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

    -pwfile old-password-file

    Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

    -secmod secmodname

    Give the name of the security module database (like secmod.db) to load.

    -slot slotname

    Specify a particular slot to be enabled or disabled with the -enable or -disable options.

    -string CONFIG_STRING

    Pass a configuration string for the module being added to the database.

    -tempdir temporary-directory

    Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

    Usage and Examples

    Creating Database Files

    Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

    modutil -create -dbdir [sql:]directory

    Adding a Cryptographic Module

    Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

    modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list]

    For example: 

    modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
 
 Using database directory ... 
@@ -211,7 +211,8 @@ MD2:                   0x00000400
 RANDOM:                0x08000000
 FRIENDLY:              0x10000000
 OWN_PW_DEFAULTS:       0x20000000
-DISABLE:               0x40000000

    CipherEnableFlags specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the -cipher argument with the -add command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the CipherEnableFlags entry is omitted, the value defaults to 0x0.

    EquivalentPlatform specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.

    Per-File Keys

    Some keys have meaning only within the value list of an entry in a Files list.

    Each file requires a path key the identifies where the file is. Either RelativePath or AbsolutePath must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.

    RelativePath specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: %root% and %temp%. %root% is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The %temp% directory is created at the beginning of the installation and destroyed at the end. The purpose of %temp% is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.

    AbsolutePath specifies the destination directory of the file as an absolute path.

    Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.

    FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.

    user read:                0400
+DISABLE:               0x40000000

    CipherEnableFlags specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the -cipher argument with the -add command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the CipherEnableFlags entry is omitted, the value defaults to 0x0.

    EquivalentPlatform specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.

    Per-File Keys

    Some keys have meaning only within the value list of an entry in a Files list.

    Each file requires a path key the identifies where the file is. Either RelativePath or AbsolutePath must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.

    RelativePath specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: %root% and %temp%. %root% is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The %temp% directory is created at the beginning of the installation and destroyed at the end. The purpose of %temp% is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.

    AbsolutePath specifies the destination directory of the file as an absolute path.

    Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.

    FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.

    +user read:                0400
 user write:               0200
 user execute:             0100
 group read:               0040
@@ -219,7 +220,8 @@ group write:              0020
 group execute:            0010
 other read:               0004
 other write:              0002
-other execute:       0001

    Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.

    NSS Database Types

    NSS originally used BerkeleyDB databases to store security information. +other execute: 0001 +

    Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.

    NSS Database Types

    NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

    • cert8.db for certificates

    • @@ -236,7 +238,7 @@ BerkleyDB. These new databases provide more accessibility and performance:

    • pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory

    Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

    By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

    modutil -create -dbdir sql:/home/my/sharednssdb

    To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

    export NSS_DEFAULT_DB_TYPE="sql"

    This line can be set added to the ~/.bashrc file to make the change permanent.

    Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

    • +Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

      modutil -create -dbdir sql:/home/my/sharednssdb

      To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

      export NSS_DEFAULT_DB_TYPE="sql"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

      • https://wiki.mozilla.org/NSS_Shared_DB_Howto

      For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

      • https://wiki.mozilla.org/NSS_Shared_DB

    See Also

    certutil (1)

    pk12util (1)

    signtool (1)

    The NSS wiki has information on the new database design and how to configure applications to use it.

    • diff --git a/security/nss/doc/html/pk12util.html b/security/nss/doc/html/pk12util.html index 2663bcf4..fe516dd8 100644 --- a/security/nss/doc/html/pk12util.html +++ b/security/nss/doc/html/pk12util.html @@ -1,13 +1,9 @@ -PK12UTIL

      PK12UTIL

      Name

      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database

      Synopsis

      pk12util [-i p12File [-h tokenname] [-v] [common-options] ] [ - -l p12File [-h tokenname] [-r] [common-options] ] [ - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] ] [ - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - ]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

      Description

      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.

      Options and Arguments

      Options

      -i p12file

      Import keys and certificates from a PKCS#12 file into a security database.

      -l p12file

      List the keys and certificates in PKCS#12 file.

      -o p12file

      Export keys and certificates from the security database to a PKCS#12 file.

      Arguments

      -n certname

      Specify the nickname of the cert and private key to export.

      -d [sql:]directory

      Specify the database directory into which to import to or export from certificates and keys.

      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

      -P prefix

      Specify the prefix used on the certificate and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended.

      -h tokenname

      Specify the name of the token to import into or export from.

      -v

      Enable debug logging when importing.

      -k slotPasswordFile

      Specify the text file containing the slot's password.

      -K slotPassword

      Specify the slot's password.

      -w p12filePasswordFile

      Specify the text file containing the pkcs #12 file password.

      -W p12filePassword

      Specify the pkcs #12 file password.

      -c keyCipher

      Specify the key encryption algorithm.

      -C certCipher

      Specify the key cert (overall package) encryption algorithm.

      -m | --key-len keyLength

      Specify the desired length of the symmetric key to be used to encrypt the private key.

      -n | --cert-key-len certKeyLength

      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.

      -r

      Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.

      Return Codes

      • 0 - No error

      • 1 - User Cancelled

      • 2 - Usage error

      • 6 - NLS init error

      • 8 - Certificate DB open error

      • 9 - Key DB open error

      • 10 - File initialization error

      • 11 - Unicode conversion error

      • 12 - Temporary file creation error

      • 13 - PKCS11 get slot error

      • 14 - PKCS12 decoder start error

      • 15 - error read from import file

      • 16 - pkcs12 decode error

      • 17 - pkcs12 decoder verify error

      • 18 - pkcs12 decoder validate bags error

      • 19 - pkcs12 decoder import bags error

      • 20 - key db conversion version 3 to version 2 error

      • 21 - cert db conversion version 7 to version 5 error

      • 22 - cert and key dbs patch error

      • 23 - get default cert db error

      • 24 - find cert by nickname error

      • 25 - create export context error

      • 26 - PKCS12 add password itegrity error

      • 27 - cert and key Safes creation error

      • 28 - PKCS12 add cert and key error

      • 29 - PKCS12 encode error

      Examples

      Importing Keys and Certificates

      The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file (-i) and some way to specify the security database being accessed (either -d for a directory or -h for a token). - 

      pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example:

      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+PK12UTIL
      PK12UTIL
      Name
      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database
      Synopsis
      pk12util  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      STATUS
      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477
+    
      Description
      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.
      Options and Arguments
      Options
      -i p12file
      Import keys and certificates from a PKCS#12 file into a security database.
      -l p12file
      List the keys and certificates in PKCS#12 file.
      -o p12file
      Export keys and certificates from the security database to a PKCS#12 file.
      Arguments
      -c keyCipher
      Specify the key encryption algorithm.
      -C certCipher
      Specify the key cert (overall package) encryption algorithm.
      -d [sql:]directory
      Specify the database directory into which to import to or export from certificates and keys.
      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.
      -h tokenname
      Specify the name of the token to import into or export from.
      -k slotPasswordFile
      Specify the text file containing the slot's password.
      -K slotPassword
      Specify the slot's password.
      -m | --key-len  keyLength
      Specify the desired length of the symmetric key to be used to encrypt the private key.
      -n | --cert-key-len  certKeyLength
      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.
      -n certname
      Specify the nickname of the cert and private key to export.
      -P prefix
      Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.
      -r
      Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.
      -v 
      Enable debug logging when importing.
      -w p12filePasswordFile
      Specify the text file containing the pkcs #12 file password.
      -W p12filePassword
      Specify the pkcs #12 file password.
      Return Codes
      •  0 - No error
      •  1 - User Cancelled
      •  2 - Usage error
      •  6 - NLS init error
      •  8 - Certificate DB open error
      •  9 - Key DB open error
      •  10 - File initialization error
      •  11 - Unicode conversion error
      •  12 - Temporary file creation error
      •  13 - PKCS11 get slot error
      •  14 - PKCS12 decoder start error
      •  15 - error read from import file
      •  16 - pkcs12 decode error
      •  17 - pkcs12 decoder verify error
      •  18 - pkcs12 decoder validate bags error
      •  19 - pkcs12 decoder import bags error
      •  20 - key db conversion version 3 to version 2 error
      •  21 - cert db conversion version 7 to version 5 error
      •  22 - cert and key dbs patch error
      •  23 - get default cert db error
      •  24 - find cert by nickname error
      •  25 - create export context error
      •  26 - PKCS12 add password itegrity error
      •  27 - cert and key Safes creation error
      •  28 - PKCS12 add cert and key error
      •  29 - PKCS12 encode error
      Examples
      Importing Keys and Certificates
      The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file (-i) and some way to specify the security database being accessed (either -d for a directory or -h for a token).
+    
      
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    
      For example:
       
      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
 
 Enter a password which will be used to encrypt your keys.
 The password should be at least 8 characters long,
@@ -17,10 +13,10 @@ Enter new password:
 Re-enter password: 
 Enter password for PKCS12 file: 
 pk12util: PKCS12 IMPORT SUCCESSFUL
      Exporting Keys and Certificates
      Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database (-n) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
-    
      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example:
      # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+    
      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example:
      # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
 Enter password for PKCS12 file: 
 Re-enter password: 
      Listing Keys and Certificates
      The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file.
-    
      pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example, this prints the default ASCII output:
      # pk12util -l certs.p12
+    
      pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      For example, this prints the default ASCII output:
      # pk12util -l certs.p12
 
 Enter password for PKCS12 file: 
 Key(shrouded):
@@ -39,7 +35,7 @@ Certificate:
         Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C
             A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
             own,ST=Western Cape,C=ZA"
-....
      Alternatively, the -r prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate:
      # pk12util -l test.p12 -r
+    
      Alternatively, the -r prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate:
      pk12util -l test.p12 -r
 Enter password for PKCS12 file: 
 Key(shrouded):
     Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
@@ -51,7 +47,8 @@ Key(shrouded):
             Iteration Count: 1 (0x1)
 Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
 
-Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
      Password Encryption
      PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc for private key encryption. PKCS12 V2 PBE with SHA1 and 40 Bit RC4 is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.
      The private key is always protected with strong encryption by default.
      Several types of ciphers are supported.
      Symmetric CBC ciphers for PKCS#5 V2
      DES_CBC
      • RC2-CBC
      • RC5-CBCPad
      • DES-EDE3-CBC (the default for key encryption)
      • AES-128-CBC
      • AES-192-CBC
      • AES-256-CBC
      • CAMELLIA-128-CBC
      • CAMELLIA-192-CBC
      • CAMELLIA-256-CBC
      PKCS#12 PBE ciphers
      PKCS #12 PBE with Sha1 and 128 Bit RC4
      • PKCS #12 PBE with Sha1 and 40 Bit RC4
      • PKCS #12 PBE with Sha1 and Triple DES CBC
      • PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
      • PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC
      • PKCS12 V2 PBE with SHA1 and 128 Bit RC4
      • PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)
      • PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc
      • PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc
      • PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC
      • PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
      PKCS#5 PBE ciphers
      PKCS #5 Password Based Encryption with MD2 and DES CBC
      • PKCS #5 Password Based Encryption with MD5 and DES CBC
      • PKCS #5 Password Based Encryption with SHA1 and DES CBC
      With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation.
      NSS Database Types
      NSS originally used BerkeleyDB databases to store security information. 
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+

      Password Encryption

      PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc for private key encryption. PKCS12 V2 PBE with SHA1 and 40 Bit RC4 is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.

      The private key is always protected with strong encryption by default.

      Several types of ciphers are supported.

      Symmetric CBC ciphers for PKCS#5 V2

      • DES-CBC

      • RC2-CBC

      • RC5-CBCPad

      • DES-EDE3-CBC (the default for key encryption)

      • AES-128-CBC

      • AES-192-CBC

      • AES-256-CBC

      • CAMELLIA-128-CBC

      • CAMELLIA-192-CBC

      • CAMELLIA-256-CBC

      PKCS#12 PBE ciphers

      • PKCS #12 PBE with Sha1 and 128 Bit RC4

      • PKCS #12 PBE with Sha1 and 40 Bit RC4

      • PKCS #12 PBE with Sha1 and Triple DES CBC

      • PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC

      • PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC

      • PKCS12 V2 PBE with SHA1 and 128 Bit RC4

      • PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)

      • PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc

      • PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc

      • PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC

      • PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC

      PKCS#5 PBE ciphers

      • PKCS #5 Password Based Encryption with MD2 and DES CBC

      • PKCS #5 Password Based Encryption with MD5 and DES CBC

      • PKCS #5 Password Based Encryption with SHA1 and DES CBC

      With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation.

      NSS Database Types

      NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

      • cert8.db for certificates

      • diff --git a/security/nss/doc/html/pp.html b/security/nss/doc/html/pp.html index 5b2e2348..4407ef72 100644 --- a/security/nss/doc/html/pp.html +++ b/security/nss/doc/html/pp.html @@ -1,7 +1,7 @@ -PP

        PP

        Name

        pp — Prints certificates, keys, crls, and pkcs7 files

        Synopsis

        pp -t type [-a] [-i input] [-o output]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

        Description

        pp pretty-prints private and public key, certificate, certificate-request, +PP

        PP

        Name

        pp — Prints certificates, keys, crls, and pkcs7 files

        Synopsis

        pp -t type [-a] [-i input] [-o output]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

        Description

        pp pretty-prints private and public key, certificate, certificate-request, pkcs7 or crl files -

        Options

        -t type

        specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

        -a
        Input is in ascii encoded form (RFC1113)
        -i inputfile
        Define an input file to use (default is stdin)
        -u outputfile
        Define an output file to use (default is stdout)

        Additional Resources

        NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

        For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

        Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

        IRC: Freenode at #dogtag-pki

        Authors

        The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

        +

        Options

        -t type

        specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

        -a
        Input is in ascii encoded form (RFC1113)
        -i inputfile
        Define an input file to use (default is stdin)
        -u outputfile
        Define an output file to use (default is stdout)

        Additional Resources

        NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

        For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

        Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

        IRC: Freenode at #dogtag-pki

        Authors

        The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

        Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

        LICENSE

        Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

        diff --git a/security/nss/doc/html/signtool.html b/security/nss/doc/html/signtool.html index 1e33a471..84568e17 100644 --- a/security/nss/doc/html/signtool.html +++ b/security/nss/doc/html/signtool.html @@ -1,4 +1,4 @@ -signtool
        signtool

        Name

        signtool — Digitally sign objects and files.

        Synopsis

        signtool [-k keyName] [[-h]] [[-H]] [[-l]] [[-L]] [[-M]] [[-v]] [[-w]] [[-G nickname]] [[--keysize | -s size]] [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-i installer script] ] [[-m metafile] ] [[-x name] ] [[-f filename] ] [[-t|--token tokenname] ] [[-e extension] ] [[-o] ] [[-z] ] [[-X] ] [[--outfile] ] [[--verbose value] ] [[--norecurse] ] [[--leavearc] ] [[-j directory] ] [[-Z jarfile] ] [[-O] ] [[-p password] ] [directory-tree] [archive]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +signtool

        signtool

        Name

        signtool — Digitally sign objects and files.

        Synopsis

        signtool [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-e extension] ] [[-f filename] ] [[-i installer script] ] [[-h]] [[-H]] [[-v]] [[-w]] [[-G nickname]] [[-J]] [[-j directory] ] [-k keyName] [[--keysize | -s size]] [[-l]] [[-L]] [[-M]] [[-m metafile] ] [[--norecurse] ] [[-O] ] [[-o] ] [[--outfile] ] [[-p password] ] [[-t|--token tokenname] ] [[-z] ] [[-X] ] [[-x name] ] [[--verbose value] ] [[--leavearc] ] [[-Z jarfile] ] [directory-tree] [archive]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

        Description

        The Signing Tool, signtool, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:

        * Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files

        * Check whether the files have been tampered with since being signed

        If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files.

        An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.

        The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.

        For example, if you are a software developer, you should test your code to make sure it is virus-free before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.

        Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:

        * An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.

        * CA server software running on your corporate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.

        You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.

        When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.

        Options

        -b basename

        Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, -b signatures causes the files to be named signatures.rsa and signatures.sf. The default is signtool.

        -c#

        Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. @@ -11,9 +11,25 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include.

        -f commandfile

        Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques". -

        -i scriptname

        - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. -

        -j directory

        +

        -G nickname

        + Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. + +The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. + +Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. + +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. +

        -i scriptname

        +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. +

        -J

        +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. + +The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. + +If the -c# option is not used with the -J option, the default compression value is 6. + +Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. +

        -j directory

        Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.

        -k key ... directory

        Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write @@ -23,26 +39,10 @@ signtool -k MyCert -d . signdir You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. -

        -G nickname

        - Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. - -The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. - -Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. - -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241.

        -l

        Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. The -l option is available in Netscape Signing Tool 1.0 and later versions only. -

        -J

        - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. - -The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. - -If the -c# option is not used with the -J option, the default compression value is 6. - -Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.

        -L

        Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.

        --leavearc

        diff --git a/security/nss/doc/html/signver.html b/security/nss/doc/html/signver.html index 4e6573df..ade57de6 100644 --- a/security/nss/doc/html/signver.html +++ b/security/nss/doc/html/signver.html @@ -1,7 +1,7 @@ -SIGNVER

        SIGNVER

        Name

        signver — Verify a detached PKCS#7 signature for a file.

        Synopsis

        signtool -A | -V -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]

        STATUS

        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

        Description

        The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.

        Options

        -A

        Displays all of the information in the PKCS#7 signature.

        -V

        Verifies the digital signature.

        -d [sql:]directory

        Specify the database directory which contains the certificates and keys.

        signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

        -a

        Sets that the given signature file is in ASCII format.

        -i input_file

        Gives the input file for the object with signed data.

        -o output_file

        Gives the output file to which to write the results.

        -s signature_file

        Gives the input file for the digital signature.

        -v

        Enables verbose output.

        Extended Examples

        Verifying a Signature

        The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).

        signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb
+SIGNVER
        SIGNVER
        Name
        signver — Verify a detached PKCS#7 signature for a file.
        Synopsis
        signtool    -A  |   -V    -d directory  [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]
        STATUS
        This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477
+    
        Description
        The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.
        Options
        -A
        Displays all of the information in the PKCS#7 signature.
        -V
        Verifies the digital signature.
        -d [sql:]directory
        Specify the database directory which contains the certificates and keys.
        signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.
        -a
        Sets that the given signature file is in ASCII format.
        -i input_file
        Gives the input file for the object with signed data.
        -o output_file
        Gives the output file to which to write the results.
        -s signature_file
        Gives the input file for the digital signature.
        -v
        Enables verbose output.
        Extended Examples
        Verifying a Signature
        The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).
        signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb
 
-signatureValid=yes
        Printing Signature Data
        
+signatureValid=yes

        Printing Signature Data

        The -A option prints all of the information contained in a signature file. Using the -o option prints the signature file information to the given output file rather than stdout. 

        signver -A -s signature_file -o output_file

        NSS Database Types

        NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

        • @@ -20,7 +20,7 @@ BerkleyDB. These new databases provide more accessibility and performance:

        • pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory

        Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

        By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. -Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

        # signver -A -s signature -d sql:/home/my/sharednssdb

        To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

        export NSS_DEFAULT_DB_TYPE="sql"

        This line can be set added to the ~/.bashrc file to make the change permanent.

        Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

        • +Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

          # signver -A -s signature -d sql:/home/my/sharednssdb

          To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

          export NSS_DEFAULT_DB_TYPE="sql"

          This line can be added to the ~/.bashrc file to make the change permanent for the user.

          Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

          • https://wiki.mozilla.org/NSS_Shared_DB_Howto

          For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

          • https://wiki.mozilla.org/NSS_Shared_DB

        See Also

        signtool (1)

        The NSS wiki has information on the new database design and how to configure applications to use it.

        • Setting up the shared NSS database

          https://wiki.mozilla.org/NSS_Shared_DB_Howto

        • diff --git a/security/nss/doc/html/ssltap.html b/security/nss/doc/html/ssltap.html index 61b701a2..e69b3758 100644 --- a/security/nss/doc/html/ssltap.html +++ b/security/nss/doc/html/ssltap.html @@ -1,18 +1,9 @@ -SSLTAP

          SSLTAP

          Name

          ssltap — Tap into SSL connections and display the data going by

          Synopsis

          libssltap [-vhfsxl] [-p port] [hostname:port]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

          Description

          The SSL Debugging Tool ssltap is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking

          Options

          -v

          Print a version string for the tool.

          -h

          -Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. -

          -f

          +SSLTAP

          SSLTAP

          Name

          ssltap — Tap into SSL connections and display the data going by

          Synopsis

          ssltap [-fhlsvx] [-p port] [hostname:port]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

          Description

          The SSL Debugging Tool ssltap is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking

          Options

          -f

          Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. -

          -s

          -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. -

          -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. -

          -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. -

          -x

          -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. -

          -l prefix

          +

          -h

          +Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. +

          -l prefix

          Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.

          -p port

          Change the default rendezvous port (1924) to another port.

          The following are well-known port numbers:

          * HTTP 80 @@ -30,7 +21,13 @@ Turn on looping; that is, continue to accept connections rather than stopping af * NNTP 119

          * NNTPS 563 (NNTP over SSL) -

          Usage and Examples

          +

          -s

          +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. +

          +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. +

          +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. +

          -v

          Print a version string for the tool.

          -x

          Turn on extra SSL hex dumps.

          Usage and Examples

          You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell: 

          $ ssltap www.netscape.com

          The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --> [ data ] Data sent from the server to the client is surrounded by the following symbols: diff --git a/security/nss/doc/html/vfychain.html b/security/nss/doc/html/vfychain.html index 49ee65f8..a360836f 100644 --- a/security/nss/doc/html/vfychain.html +++ b/security/nss/doc/html/vfychain.html @@ -1,4 +1,4 @@ -VFYCHAIN

          VFYCHAIN

          Name

          vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...

          Synopsis

          vfychain

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +VFYCHAIN

          VFYCHAIN

          Name

          vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...

          Synopsis

          vfychain

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

          Description

          The verification Tool, vfychain, verifies certificate chains. modutil can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

          The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.

          Options

          -a
          the following certfile is base64 encoded
          -b YYMMDDHHMMZ
          Validate date (default: now)
          -d directory
          database directory
          -f
          Enable cert fetching from AIA URL
          -o oid
          Set policy OID for cert validation(Format OID.1.2.3)
          -p

          Use PKIX Library to validate certificate by calling:

          * CERT_VerifyCertificate if specified once,

          * CERT_PKIXVerifyCert if specified twice and more.

          -r
          Following certfile is raw binary DER (default)
          -t
          Following cert is explicitly trusted (overrides db trust)
          -u usage

          0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, diff --git a/security/nss/doc/html/vfyserv.html b/security/nss/doc/html/vfyserv.html index 58e227ad..dec6dcb3 100644 --- a/security/nss/doc/html/vfyserv.html +++ b/security/nss/doc/html/vfyserv.html @@ -1,4 +1,4 @@ -VFYSERV

          VFYSERV

          Name

          vfyserv — TBD

          Synopsis

          vfyserv

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +VFYSERV

          VFYSERV

          Name

          vfyserv — TBD

          Synopsis

          vfyserv

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

          Description

          The vfyserv tool verifies a certificate chain

          Options

          Additional Resources

          For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

          Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

          IRC: Freenode at #dogtag-pki

          Authors

          The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

          Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

          LICENSE

          Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/doc/modutil.xml b/security/nss/doc/modutil.xml index cefd3f41..142aa69d 100644 --- a/security/nss/doc/modutil.xml +++ b/security/nss/doc/modutil.xml @@ -625,7 +625,8 @@ DISABLE: 0x40000000 Executable specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file. FilePermissions sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR. -user read: 0400 + +user read: 0400 user write: 0200 user execute: 0100 group read: 0040 @@ -633,7 +634,8 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001 +other execute: 0001 + Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed. @@ -693,7 +695,7 @@ Using the SQLite databases must be manually specified by using the sql: To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: export NSS_DEFAULT_DB_TYPE="sql" -This line can be set added to the ~/.bashrc file to make the change permanent. +This line can be added to the ~/.bashrc file to make the change permanent for the user. Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 2dfa79df..1d7f247a 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 31 March 2014 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "31 March 2014" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -229,7 +229,8 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBsql: requests the newer database\fR +\fBsql:\fR +requests the newer database .RE .sp .RS 4 @@ -240,10 +241,13 @@ NSS recognizes the following prefixes: .sp -1 .IP \(bu 2.3 .\} -\fBdbm: requests the legacy database\fR +\fBdbm:\fR +requests the legacy database .RE .sp -If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default\&. +If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then +\fBdbm:\fR +is the default\&. .RE .PP \-e @@ -543,7 +547,7 @@ Set a site security officer password on a token\&. .PP \-1 | \-\-keyUsage keyword,keyword .RS 4 -Set a Netscape Certificate Type Extension in the certificate\&. There are several available keywords: +Set an X\&.509 V3 Certificate Type Extension in the certificate\&. There are several available keywords: .sp .RS 4 .ie n \{\ @@ -553,7 +557,7 @@ Set a Netscape Certificate Type Extension in the certificate\&. There are severa .sp -1 .IP \(bu 2.3 .\} -digital signature +digitalSignature .RE .sp .RS 4 @@ -661,7 +665,7 @@ X\&.509 certificate extensions are described in RFC 5280\&. .PP \-5 | \-\-nsCertType keyword,keyword .RS 4 -Add a Netscape certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: +Add an X\&.509 V3 certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords: .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/cmsutil.1 b/security/nss/doc/nroff/cmsutil.1 index 2093d679..9c0bb48e 100644 --- a/security/nss/doc/nroff/cmsutil.1 +++ b/security/nss/doc/nroff/cmsutil.1 @@ -2,12 +2,12 @@ .\" Title: CMSUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CMSUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -50,16 +50,16 @@ To run cmsutil, type the command cmsutil option [arguments] where option and arg .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows: .PP -\-D -.RS 4 -Decode a message\&. -.RE -.PP \-C .RS 4 Encrypt a message\&. .RE .PP +\-D +.RS 4 +Decode a message\&. +.RE +.PP \-E .RS 4 Envelope a message\&. @@ -247,11 +247,6 @@ cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\ .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/crlutil.1 b/security/nss/doc/nroff/crlutil.1 index 3e2c3ee3..866bdedb 100644 --- a/security/nss/doc/nroff/crlutil.1 +++ b/security/nss/doc/nroff/crlutil.1 @@ -2,12 +2,12 @@ .\" Title: CRLUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 19 July 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CRLUTIL" "1" "19 July 2013" "nss-tools" "NSS Security Tools" +.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -57,64 +57,55 @@ where options and arguments are combinations of the options and arguments listed .PP Options specify an action\&. Option arguments modify an action\&. The options and arguments for the crlutil command are defined as follows: .PP -\-G -.RS 4 -Create new Certificate Revocation List(CRL)\&. -.RE -.PP \-D .RS 4 Delete Certificate Revocation List from cert database\&. .RE .PP -\-I -.RS 4 -Import a CRL to the cert database -.RE -.PP \-E .RS 4 Erase all CRLs of specified type from the cert database .RE .PP +\-G +.RS 4 +Create new Certificate Revocation List (CRL)\&. +.RE +.PP +\-I +.RS 4 +Import a CRL to the cert database +.RE +.PP \-L .RS 4 List existing CRL located in cert database file\&. .RE .PP -\-S -.RS 4 -Show contents of a CRL file which isn\*(Aqt stored in the database\&. -.RE -.PP \-M .RS 4 Modify existing CRL which can be located in cert db or in arbitrary file\&. If located in file it should be encoded in ASN\&.1 encode format\&. .RE .PP -\-G +\-S .RS 4 +Show contents of a CRL file which isn\*(Aqt stored in the database\&. .RE .PP \fBArguments\fR .PP -Option arguments modify an action and are lowercase\&. -.PP -\-B -.RS 4 -Bypass CA signature checks\&. -.RE -.PP -\-P dbprefix -.RS 4 -Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. -.RE +Option arguments modify an action\&. .PP \-a .RS 4 Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&. .RE .PP +\-B +.RS 4 +Bypass CA signature checks\&. +.RE +.PP \-c crl\-gen\-file .RS 4 Specify script file that will be used to control crl generation/modification\&. See crl\-cript\-file format below\&. If options \-M|\-G is used and \-c crl\-script\-file is not specified, crlutil will read script data from standard input\&. @@ -127,16 +118,16 @@ Specify the database directory containing the certificate and key database files The NSS database files must reside in the same directory\&. .RE .PP -\-i crl\-file -.RS 4 -Specify the file which contains the CRL to import or show\&. -.RE -.PP \-f password\-file .RS 4 Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&. .RE .PP +\-i crl\-file +.RS 4 +Specify the file which contains the CRL to import or show\&. +.RE +.PP \-l algorithm\-name .RS 4 Specify a specific signature algorithm\&. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512 @@ -152,6 +143,11 @@ Specify the nickname of a certificate or key to list, create, add to a database, Specify the output file name for new CRL\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&. .RE .PP +\-P dbprefix +.RS 4 +Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +.RE +.PP \-t crl\-type .RS 4 Specify type of CRL\&. possible types are: 0 \- SEC_KRL_TYPE, 1 \- SEC_CRL_TYPE\&. This option is obsolete @@ -369,11 +365,6 @@ crlutil \-G|\-M \-c crl\-gen\-file \-n nickname [\-i crl] [\-u url] [\-d keydir] .SH "SEE ALSO" .PP certutil(1) -.SH "SEE ALSO" -.PP -.PP -.PP -.PP .SH "ADDITIONAL RESOURCES" .PP For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at diff --git a/security/nss/doc/nroff/modutil.1 b/security/nss/doc/nroff/modutil.1 index 09cd45de..1ce9ab2c 100644 --- a/security/nss/doc/nroff/modutil.1 +++ b/security/nss/doc/nroff/modutil.1 @@ -1,13 +1,13 @@ '\" t .\" Title: MODUTIL .\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.77.1 -.\" Date: 15 February 2013 +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "MODUTIL" "1" "15 February 2013" "nss-tools" "NSS Security Tools" +.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -109,6 +109,8 @@ Delete the named module\&. The default NSS PKCS #11 module cannot be deleted\&. Disable all slots on the named module\&. Use the \fB\-slot\fR argument to disable a specific slot\&. +.sp +The internal NSS PKCS #11 module cannot be disabled\&. .RE .PP \-enable modulename @@ -1248,7 +1250,7 @@ group write: 0020 group execute: 0010 other read: 0004 other write: 0002 -other execute: 0001 +other execute: 0001 .fi .if n \{\ .RE @@ -1366,9 +1368,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp @@ -1436,12 +1438,12 @@ Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto IRC: Freenode at #dogtag\-pki .SH "AUTHORS" .PP -The NSS tools were written and maintained by developers with Netscape, Red Hat, and Sun\&. +The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. .PP Authors: Elio Maldonado , Deon Lackey \&. .SH "LICENSE" .PP -Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&. +Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. .SH "NOTES" .IP " 1." 4 Mozilla NSS bug 836477 diff --git a/security/nss/doc/nroff/pk12util.1 b/security/nss/doc/nroff/pk12util.1 index 55ae2e6f..c4fa972c 100644 --- a/security/nss/doc/nroff/pk12util.1 +++ b/security/nss/doc/nroff/pk12util.1 @@ -2,12 +2,12 @@ .\" Title: PK12UTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PK12UTIL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database .SH "SYNOPSIS" .HP \w'\fBpk12util\fR\ 'u -\fBpk12util\fR [\-i\ p12File\ [\-h\ tokenname]\ [\-v]\ [common\-options]] [\-l\ p12File\ [\-h\ tokenname]\ [\-r]\ [common\-options]] [\-o\ p12File\ \-n\ certname\ [\-c\ keyCipher]\ [\-C\ certCipher]\ [\-m|\-\-key_len\ keyLen]\ [\-n|\-\-cert_key_len\ certKeyLen]\ [common\-options]] [common\-options\ are:\ [\-d\ [sql:]directory]\ [\-P\ dbprefix]\ [\-k\ slotPasswordFile|\-K\ slotPassword]\ [\-w\ p12filePasswordFile|\-W\ p12filePassword]] +\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -61,9 +61,14 @@ Export keys and certificates from the security database to a PKCS#12 file\&. .PP \fBArguments\fR .PP -\-n certname +\-c keyCipher .RS 4 -Specify the nickname of the cert and private key to export\&. +Specify the key encryption algorithm\&. +.RE +.PP +\-C certCipher +.RS 4 +Specify the key cert (overall package) encryption algorithm\&. .RE .PP \-d [sql:]directory @@ -80,21 +85,11 @@ pkcs11\&.txt)\&. If the prefix is not used, then the tool assumes that the given databases are in the old format\&. .RE .PP -\-P prefix -.RS 4 -Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. -.RE -.PP \-h tokenname .RS 4 Specify the name of the token to import into or export from\&. .RE .PP -\-v -.RS 4 -Enable debug logging when importing\&. -.RE -.PP \-k slotPasswordFile .RS 4 Specify the text file containing the slot\*(Aqs password\&. @@ -105,26 +100,6 @@ Specify the text file containing the slot\*(Aqs password\&. Specify the slot\*(Aqs password\&. .RE .PP -\-w p12filePasswordFile -.RS 4 -Specify the text file containing the pkcs #12 file password\&. -.RE -.PP -\-W p12filePassword -.RS 4 -Specify the pkcs #12 file password\&. -.RE -.PP -\-c keyCipher -.RS 4 -Specify the key encryption algorithm\&. -.RE -.PP -\-C certCipher -.RS 4 -Specify the key cert (overall package) encryption algorithm\&. -.RE -.PP \-m | \-\-key\-len keyLength .RS 4 Specify the desired length of the symmetric key to be used to encrypt the private key\&. @@ -135,10 +110,35 @@ Specify the desired length of the symmetric key to be used to encrypt the privat Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&. .RE .PP +\-n certname +.RS 4 +Specify the nickname of the cert and private key to export\&. +.RE +.PP +\-P prefix +.RS 4 +Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. +.RE +.PP \-r .RS 4 Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&. .RE +.PP +\-v +.RS 4 +Enable debug logging when importing\&. +.RE +.PP +\-w p12filePasswordFile +.RS 4 +Specify the text file containing the pkcs #12 file password\&. +.RE +.PP +\-W p12filePassword +.RS 4 +Specify the pkcs #12 file password\&. +.RE .SH "RETURN CODES" .sp .RS 4 @@ -437,18 +437,12 @@ for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and som for a directory or \fB\-h\fR for a token)\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: +.PP + .sp .if n \{\ .RS 4 @@ -474,16 +468,8 @@ pk12util: PKCS12 IMPORT SUCCESSFUL Using the \fBpk12util\fR command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example: .sp @@ -506,16 +492,8 @@ The information in a file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the \&.p12 file\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf +.PP pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] -.fi -.if n \{\ -.RE -.\} .PP For example, this prints the default ASCII output: .sp @@ -542,7 +520,7 @@ Certificate: Issuer: "E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -\&.\&.\&.\&. + .fi .if n \{\ .RE @@ -561,7 +539,7 @@ file000N\&.der, incrementing the number for every certificate: .RS 4 .\} .nf -# pk12util \-l test\&.p12 \-r +pk12util \-l test\&.p12 \-r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID @@ -574,6 +552,7 @@ Key(shrouded): Certificate Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting Certificate Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID + .fi .if n \{\ .RE @@ -592,7 +571,17 @@ Several types of ciphers are supported\&. .PP Symmetric CBC ciphers for PKCS#5 V2 .RS 4 -DES_CBC +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +DES\-CBC +.RE .sp .RS 4 .ie n \{\ @@ -696,7 +685,17 @@ CAMELLIA\-256\-CBC .PP PKCS#12 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #12 PBE with Sha1 and 128 Bit RC4 +.RE .sp .RS 4 .ie n \{\ @@ -811,7 +810,17 @@ PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC .PP PKCS#5 PBE ciphers .RS 4 +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} PKCS #5 Password Based Encryption with MD2 and DES CBC +.RE .sp .RS 4 .ie n \{\ diff --git a/security/nss/doc/nroff/pp.1 b/security/nss/doc/nroff/pp.1 index 6a8eb630..2c9aa5a6 100644 --- a/security/nss/doc/nroff/pp.1 +++ b/security/nss/doc/nroff/pp.1 @@ -2,12 +2,12 @@ .\" Title: PP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/signtool.1 b/security/nss/doc/nroff/signtool.1 index e78f77b5..3a91ce69 100644 --- a/security/nss/doc/nroff/signtool.1 +++ b/security/nss/doc/nroff/signtool.1 @@ -2,12 +2,12 @@ .\" Title: signtool .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNTOOL" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ signtool \- Digitally sign objects and files\&. .SH "SYNOPSIS" .HP \w'\fBsigntool\fR\ 'u -\fBsigntool\fR [\-k\ keyName] [[\-h]] [[\-H]] [[\-l]] [[\-L]] [[\-M]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-\-keysize\ |\ \-s\ size]] [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-i\ installer\ script]] [[\-m\ metafile]] [[\-x\ name]] [[\-f\ filename]] [[\-t|\-\-token\ tokenname]] [[\-e\ extension]] [[\-o]] [[\-z]] [[\-X]] [[\-\-outfile]] [[\-\-verbose\ value]] [[\-\-norecurse]] [[\-\-leavearc]] [[\-j\ directory]] [[\-Z\ jarfile]] [[\-O]] [[\-p\ password]] [directory\-tree] [archive] +\fBsigntool\fR [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-e\ extension]] [[\-f\ filename]] [[\-i\ installer\ script]] [[\-h]] [[\-H]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-J]] [[\-j\ directory]] [\-k\ keyName] [[\-\-keysize\ |\ \-s\ size]] [[\-l]] [[\-L]] [[\-M]] [[\-m\ metafile]] [[\-\-norecurse]] [[\-O]] [[\-o]] [[\-\-outfile]] [[\-p\ password]] [[\-t|\-\-token\ tokenname]] [[\-z]] [[\-X]] [[\-x\ name]] [[\-\-verbose\ value]] [[\-\-leavearc]] [[\-Z\ jarfile]] [directory\-tree] [archive] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -91,11 +91,21 @@ Tells signtool to sign only files with the given extension; for example, use \-e Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format\&. All options and arguments can be expressed through this file\&. For more information about the syntax used with this file, see "Tips and Techniques"\&. .RE .PP +\-G nickname +.RS 4 +Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognized certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. +.RE +.PP \-i scriptname .RS 4 Specifies the name of an installer script for SmartUpdate\&. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature\&. For more details, see the description of \-m that follows\&. The \-i option provides a straightforward way to provide this information if you don\*(Aqt need to specify any metadata other than an installer script\&. .RE .PP +\-J +.RS 4 +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. +.RE +.PP \-j directory .RS 4 Specifies a special JavaScript directory\&. This option causes the specified directory to be signed and tags its entries as inline JavaScript\&. This special type of entry does not have to appear in the JAR file itself\&. Instead, it is located in the HTML page containing the inline scripts\&. When you use signtool \-v, these entries are displayed with the string NOT PRESENT\&. @@ -106,21 +116,11 @@ Specifies a special JavaScript directory\&. This option causes the specified dir Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory\&. The directory to sign is always specified as the last command\-line argument\&. Thus, it is possible to write signtool \-k MyCert \-d \&. signdir You may have trouble if the nickname contains a single quotation mark\&. To avoid problems, escape the quotation mark using the escape conventions for your platform\&. It\*(Aqs also possible to use the \-k option without signing any files or specifying a directory\&. For example, you can use it with the \-l option to get detailed information about a particular signing certificate\&. .RE .PP -\-G nickname -.RS 4 -Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognized certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&. For more information about the use of the \-G option, see "Generating Test Object\-Signing Certificates""Generating Test Object\-Signing Certificates" on page 1241\&. -.RE -.PP \-l .RS 4 Lists signing certificates, including issuing CAs\&. If any of your certificates are expired or invalid, the list will so specify\&. This option can be used with the \-k option to list detailed information about a particular signing certificate\&. The \-l option is available in Netscape Signing Tool 1\&.0 and later versions only\&. .RE .PP -\-J -.RS 4 -Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&. -.RE -.PP \-L .RS 4 Lists the certificates in your database\&. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool\&. diff --git a/security/nss/doc/nroff/signver.1 b/security/nss/doc/nroff/signver.1 index c327c8a7..ad92c11a 100644 --- a/security/nss/doc/nroff/signver.1 +++ b/security/nss/doc/nroff/signver.1 @@ -2,12 +2,12 @@ .\" Title: SIGNVER .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SIGNVER" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -236,9 +236,9 @@ export NSS_DEFAULT_DB_TYPE="sql" .RE .\} .PP -This line can be set added to the +This line can be added to the ~/\&.bashrc -file to make the change permanent\&. +file to make the change permanent for the user\&. .PP Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: .sp diff --git a/security/nss/doc/nroff/ssltap.1 b/security/nss/doc/nroff/ssltap.1 index 950f20b8..69129ecb 100644 --- a/security/nss/doc/nroff/ssltap.1 +++ b/security/nss/doc/nroff/ssltap.1 @@ -2,12 +2,12 @@ .\" Title: SSLTAP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "SSLTAP" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -30,8 +30,8 @@ .SH "NAME" ssltap \- Tap into SSL connections and display the data going by .SH "SYNOPSIS" -.HP \w'\fBlibssltap\fR\ 'u -\fBlibssltap\fR [\-vhfsxl] [\-p\ port] [hostname:port] +.HP \w'\fBssltap\fR\ 'u +\fBssltap\fR [\-fhlsvx] [\-p\ port] [hostname:port] .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -43,33 +43,14 @@ The SSL Debugging Tool is an SSL\-aware command\-line proxy\&. It watches TCP connections and displays the data going by\&. If a connection is SSL, the data display includes interpreted SSL records and handshaking .SH "OPTIONS" .PP -\-v -.RS 4 -Print a version string for the tool\&. -.RE -.PP -\-h -.RS 4 -Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. -.RE -.PP \-f .RS 4 Turn on fancy printing\&. Output is printed in colored HTML\&. Data sent from the client to the server is in blue; the server\*(Aqs reply is in red\&. When used with looping mode, the different connections are separated with horizontal lines\&. You can use this option to upload the output into a browser\&. .RE .PP -\-s +\-h .RS 4 -Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. -.sp -If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. -.sp -If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. -.RE -.PP -\-x -.RS 4 -Turn on hex/ASCII printing of undecoded data inside parsed SSL records\&. Used only with the \-s option\&. This option uses the same output format as the \-h option\&. +Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&. .RE .PP \-l prefix @@ -99,6 +80,25 @@ The following are well\-known port numbers: .sp * NNTPS 563 (NNTP over SSL) .RE +.PP +\-s +.RS 4 +Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&. +.sp +If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&. +.sp +If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&. +.RE +.PP +\-v +.RS 4 +Print a version string for the tool\&. +.RE +.PP +\-x +.RS 4 +Turn on extra SSL hex dumps\&. +.RE .SH "USAGE AND EXAMPLES" .PP You can use the SSL Debugging Tool to intercept any connection information\&. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful\&. For example, assume your development machine is called intercept\&. The simplest way to use the debugging tool is to execute the following command from a command shell: diff --git a/security/nss/doc/nroff/vfychain.1 b/security/nss/doc/nroff/vfychain.1 index 487b7f9a..d5e37e4d 100644 --- a/security/nss/doc/nroff/vfychain.1 +++ b/security/nss/doc/nroff/vfychain.1 @@ -2,12 +2,12 @@ .\" Title: VFYCHAIN .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYCHAIN" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/nroff/vfyserv.1 b/security/nss/doc/nroff/vfyserv.1 index f991ce23..ffe5f361 100644 --- a/security/nss/doc/nroff/vfyserv.1 +++ b/security/nss/doc/nroff/vfyserv.1 @@ -2,12 +2,12 @@ .\" Title: VFYSERV .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 12 November 2013 +.\" Date: 5 June 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "VFYSERV" "1" "12 November 2013" "nss-tools" "NSS Security Tools" +.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff --git a/security/nss/doc/pk12util.xml b/security/nss/doc/pk12util.xml index 590aec80..03ee356e 100644 --- a/security/nss/doc/pk12util.xml +++ b/security/nss/doc/pk12util.xml @@ -27,16 +27,14 @@ pk12util - -i p12File [-h tokenname] [-v] [common-options] - - -l p12File [-h tokenname] [-r] [common-options] - - -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] - - -common-options are: -[-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] - + -i p12File|-l p12File|-o p12File + -d [sql:]directory + -h tokenname + -P dbprefix + -r + -v + -k slotPasswordFile|-K slotPassword + -w p12filePasswordFile|-W p12filePassword @@ -73,10 +71,14 @@ common-options are: Arguments - - -n certname - Specify the nickname of the cert and private key to export. + -c keyCipher + Specify the key encryption algorithm. + + + + -C certCipher + Specify the key cert (overall package) encryption algorithm. @@ -85,22 +87,11 @@ common-options are: pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format. - - -P prefix - Specify the prefix used on the certificate and key databases. This option is provided as a special case. - Changing the names of the certificate and key databases is not recommended. - - -h tokenname Specify the name of the token to import into or export from. - - -v - Enable debug logging when importing. - - -k slotPasswordFile Specify the text file containing the slot's password. @@ -111,26 +102,6 @@ common-options are: Specify the slot's password. - - -w p12filePasswordFile - Specify the text file containing the pkcs #12 file password. - - - - -W p12filePassword - Specify the pkcs #12 file password. - - - - -c keyCipher - Specify the key encryption algorithm. - - - - -C certCipher - Specify the key cert (overall package) encryption algorithm. - - -m | --key-len keyLength Specify the desired length of the symmetric key to be used to encrypt the private key. @@ -141,10 +112,37 @@ common-options are: Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data. + + -n certname + Specify the nickname of the cert and private key to export. + + + + -P prefix + Specify the prefix used on the certificate and key databases. This option is provided as a special case. + Changing the names of the certificate and key databases is not recommended. + + -r Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file. + + + -v + Enable debug logging when importing. + + + + -w p12filePasswordFile + Specify the text file containing the pkcs #12 file password. + + + + -W p12filePassword + Specify the pkcs #12 file password. + + @@ -237,9 +235,12 @@ common-options are: Importing Keys and Certificates The most basic usage of pk12util for importing a certificate or key is the PKCS#12 input file () and some way to specify the security database being accessed (either for a directory or for a token). -pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + + pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + For example: -# pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb + + # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, @@ -253,18 +254,18 @@ pk12util: PKCS12 IMPORT SUCCESSFUL Exporting Keys and Certificates Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database () and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. -pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] For example: -# pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb + # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb Enter password for PKCS12 file: Re-enter password: Listing Keys and Certificates The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file. -pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] For example, this prints the default ASCII output: -# pk12util -l certs.p12 + # pk12util -l certs.p12 Enter password for PKCS12 file: Key(shrouded): @@ -283,9 +284,9 @@ Certificate: Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T own,ST=Western Cape,C=ZA" -.... + Alternatively, the prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports .p12 files. Each certificate is written to a sequentially-number file, beginning with file0001.der and continuing through file000N.der, incrementing the number for every certificate: -# pk12util -l test.p12 -r + pk12util -l test.p12 -r Enter password for PKCS12 file: Key(shrouded): Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID @@ -297,7 +298,8 @@ Key(shrouded): Iteration Count: 1 (0x1) Certificate Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting -Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID +Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + @@ -309,86 +311,48 @@ Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L Symmetric CBC ciphers for PKCS#5 V2 - DES_CBC - - - RC2-CBC - - - RC5-CBCPad - - - DES-EDE3-CBC (the default for key encryption) - - - AES-128-CBC - - - AES-192-CBC - - - AES-256-CBC - - - CAMELLIA-128-CBC - - - CAMELLIA-192-CBC - - - CAMELLIA-256-CBC - - + + + DES-CBC + RC2-CBC + RC5-CBCPad + DES-EDE3-CBC (the default for key encryption) + AES-128-CBC + AES-192-CBC + AES-256-CBC + CAMELLIA-128-CBC + CAMELLIA-192-CBC + CAMELLIA-256-CBC + + PKCS#12 PBE ciphers - PKCS #12 PBE with Sha1 and 128 Bit RC4 - - - PKCS #12 PBE with Sha1 and 40 Bit RC4 - - - PKCS #12 PBE with Sha1 and Triple DES CBC - - - PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC - - - PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC - - - PKCS12 V2 PBE with SHA1 and 128 Bit RC4 - - - PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode) - - - PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc - - - PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc - - - PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC - - - PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC - - + + + PKCS #12 PBE with Sha1 and 128 Bit RC4 + PKCS #12 PBE with Sha1 and 40 Bit RC4 + PKCS #12 PBE with Sha1 and Triple DES CBC + PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC + PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC + PKCS12 V2 PBE with SHA1 and 128 Bit RC4 + PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode) + PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc + PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc + PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC + PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC + + - - - PKCS#5 PBE ciphers - PKCS #5 Password Based Encryption with MD2 and DES CBC - - - PKCS #5 Password Based Encryption with MD5 and DES CBC - - - PKCS #5 Password Based Encryption with SHA1 and DES CBC - - + PKCS#5 PBE ciphers + + + PKCS #5 Password Based Encryption with MD2 and DES CBC + PKCS #5 Password Based Encryption with MD5 and DES CBC + PKCS #5 Password Based Encryption with SHA1 and DES CBC + + With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error no security module can perform the requested operation. diff --git a/security/nss/doc/signtool.xml b/security/nss/doc/signtool.xml index 9f9da687..3a6c2080 100644 --- a/security/nss/doc/signtool.xml +++ b/security/nss/doc/signtool.xml @@ -27,36 +27,37 @@ signtool - -k keyName - [-h] - [-H] - [-l] - [-L] - [-M] - [-v] - [-w] - [-G nickname] - [--keysize | -s size] [-b basename] [-c Compression Level] [-d cert-dir] - [-i installer script] - [-m metafile] - [-x name] - [-f filename] - [-t|--token tokenname] [-e extension] + [-f filename] + [-i installer script] + [-h] + [-H] + [-v] + [-w] + [-G nickname] + [-J] + [-j directory] + -k keyName + [--keysize | -s size] + [-l] + [-L] + [-M] + [-m metafile] + [--norecurse] + [-O] [-o] + [--outfile] + [-p password] + [-t|--token tokenname] [-z] [-X] - [--outfile] + [-x name] [--verbose value] - [--norecurse] [--leavearc] - [-j directory] [-Z jarfile] - [-O] - [-p password] directory-tree archive @@ -97,7 +98,7 @@ -c# - + Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes. If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6. @@ -123,11 +124,37 @@ The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT v Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques". + + -G nickname + + Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. + +The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. + +Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. + +The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. + + -i scriptname - - Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. - + +Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script. + + + + -J + + +Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. + +The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. + +If the -c# option is not used with the -J option, the default compression value is 6. + +Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. + + -j directory @@ -145,18 +172,6 @@ signtool -k MyCert -d . signdir You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform. It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate. - - - - -G nickname - - Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. - -The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. - -Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. - -The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241. @@ -165,18 +180,6 @@ The -G option is available in Netscape Signing Tool 1.0 and later versions only. Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate. The -l option is available in Netscape Signing Tool 1.0 and later versions only. - - - - -J - - Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. - -The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option. - -If the -c# option is not used with the -J option, the default compression value is 6. - -Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages. diff --git a/security/nss/doc/signver.xml b/security/nss/doc/signver.xml index 7c598d82..e645e919 100644 --- a/security/nss/doc/signver.xml +++ b/security/nss/doc/signver.xml @@ -163,7 +163,7 @@ Using the SQLite databases must be manually specified by using the sql: To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: export NSS_DEFAULT_DB_TYPE="sql" -This line can be set added to the ~/.bashrc file to make the change permanent. +This line can be added to the ~/.bashrc file to make the change permanent for the user. Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: diff --git a/security/nss/doc/ssltap.xml b/security/nss/doc/ssltap.xml index e66a493e..32b9e2f5 100644 --- a/security/nss/doc/ssltap.xml +++ b/security/nss/doc/ssltap.xml @@ -26,8 +26,8 @@ - libssltap - -vhfsxl + ssltap + -fhlsvx -p port hostname:port @@ -48,8 +48,10 @@ Options - -v - Print a version string for the tool. + -f + +Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. + -h @@ -57,34 +59,6 @@ Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. - - -f - -Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. - - - -s - - -Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. - - -If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. - - -If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. - - - - - -x - - -Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. -This option uses the same output format as the -h option. - - - -l prefix @@ -124,6 +98,28 @@ Turn on looping; that is, continue to accept connections rather than stopping af + + -s + + +Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures. + + +If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate. + + +If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output. + + + + + -v + Print a version string for the tool. + + + -x + Turn on extra SSL hex dumps. + diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index edb95af4..ea1621bc 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -28,12 +28,12 @@ static const NameToKind name2kinds[] = { * (See: http://www.iana.org/assignments/ldap-parameters) */ /* RFC 3280, 4630 MUST SUPPORT */ - { "CN", 64, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, + { "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, { "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE, SEC_ASN1_DS}, - { "O", 64, SEC_OID_AVA_ORGANIZATION_NAME, + { "O", 128, SEC_OID_AVA_ORGANIZATION_NAME, SEC_ASN1_DS}, - { "OU", 64, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, + { "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_ASN1_DS}, { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING}, { "C", 2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING}, @@ -377,7 +377,7 @@ ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr) char sep = 0; char tagBuf[32]; - char valBuf[384]; + char valBuf[1024]; PORT_Assert(arena); if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) || @@ -889,7 +889,7 @@ get_hex_string(SECItem *data) static SECStatus AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) { -#define TMPBUF_LEN 384 +#define TMPBUF_LEN 2048 const NameToKind *pn2k = name2kinds; SECItem *avaValue = NULL; char *unknownTag = NULL; diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index 41e0b91c..d0d53c30 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -7,16 +7,16 @@ /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ /* old usage, to keep old programs compiling */ /* On Windows, Mac, and Linux (and other gcc platforms), we can give compile diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index de9e1f87..1b0cc970 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -137,6 +137,39 @@ const SEC_ASN1Template CERT_GeneralNamesTemplate[] = { }; +static struct { + CERTGeneralNameType type; + char *name; +} typesArray[] = { + { certOtherName, "other" }, + { certRFC822Name, "email" }, + { certRFC822Name, "rfc822" }, + { certDNSName, "dns" }, + { certX400Address, "x400" }, + { certX400Address, "x400addr" }, + { certDirectoryName, "directory" }, + { certDirectoryName, "dn" }, + { certEDIPartyName, "edi" }, + { certEDIPartyName, "ediparty" }, + { certURI, "uri" }, + { certIPAddress, "ip" }, + { certIPAddress, "ipaddr" }, + { certRegisterID, "registerid" } +}; + +CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string) +{ + int types_count = sizeof(typesArray)/sizeof(typesArray[0]); + int i; + + for (i=0; i < types_count; i++) { + if (PORT_Strcasecmp(string, typesArray[i].name) == 0) { + return typesArray[i].type; + } + } + return 0; +} CERTGeneralName * CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type) @@ -1578,9 +1611,9 @@ getNameExtensionsBuiltIn(CERTCertificate *cert, "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" "\x76\x2E\x66\x72"; - const SECItem anssi_subject = {0, (char *) rawANSSISubject, + const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject, sizeof(rawANSSISubject)-1}; - const SECItem permitFranceGovNC = {0, (char *) constraintFranceGov, + const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov, sizeof(constraintFranceGov)-1}; if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h index 091c82c1..1d94376d 100644 --- a/security/nss/lib/certdb/genname.h +++ b/security/nss/lib/certdb/genname.h @@ -26,6 +26,9 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName); extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name); +extern CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string); + extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena, SECItem *dest); diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 370c1b3b..ba43e70f 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 96 -#define NSS_BUILTINS_LIBRARY_VERSION "1.96" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98 +#define NSS_BUILTINS_LIBRARY_VERSION "1.98" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/cryptohi/cryptohi.h b/security/nss/lib/cryptohi/cryptohi.h index b16c9134..6661b664 100644 --- a/security/nss/lib/cryptohi/cryptohi.h +++ b/security/nss/lib/cryptohi/cryptohi.h @@ -56,7 +56,7 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len); /* ** Create a new signature context used for signing a data stream. -** "alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5) +** "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION) ** "privKey" the private key to use */ extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey); diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index b93ace4f..2ea337b3 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -37,7 +37,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key) * PKCS #7 algTag if we were just going to change here you might * ask. Well the answer is for some cards we may have to do the * hashing on card. It may not support CKM_RSA_PKCS sign algorithm, - * it may just support CKM_RSA_PKCS_WITH_SHA1 and/or CKM_RSA_PKCS_WITH_MD5. + * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS. */ /* we have a private key, not a public key, so don't pass it in */ rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg); diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 2a51501b..ec6a7698 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -664,7 +664,7 @@ $(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 # symbolic names to registers, for example, # .set Htbl, %rdi # So we can't use Clang's integrated assembler with intel-gcm.s. -ifneq (,$(findstring clang,$(AS))) +ifneq (,$(findstring clang,$(shell $(AS) --version))) $(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as endif endif diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 2e88d769..8324714d 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -62,7 +62,7 @@ extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, /* ** Perform a check of private key parameters for consistency. */ -extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); /* ** Given only minimal private key parameters, fill in the rest of the diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 3c08f893..5eb50de9 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -214,7 +214,7 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, } SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) return SECFailure; diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index bda18a69..65cfd76d 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -229,7 +229,7 @@ struct FREEBLVectorStr { unsigned char *output, const unsigned char *input); - SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key); + SECStatus (* p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key); void (* p_BL_Cleanup)(void); diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 8a9a1121..cc7d4fee 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -1353,33 +1353,8 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, return rsa_PrivateKeyOp(key, output, input, PR_TRUE); } -static SECStatus -swap_in_key_value(PLArenaPool *arena, mp_int *mpval, SECItem *buffer) -{ - int len; - mp_err err = MP_OKAY; - memset(buffer->data, 0, buffer->len); - len = mp_unsigned_octet_size(mpval); - if (len <= 0) return SECFailure; - if ((unsigned int)len <= buffer->len) { - /* The new value is no longer than the old buffer, so use it */ - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - buffer->len = len; - } else if (arena) { - /* The new value is longer, but working within an arena */ - (void)SECITEM_AllocItem(arena, buffer, len); - err = mp_to_unsigned_octets(mpval, buffer->data, len); - if (err >= 0) err = MP_OKAY; - } else { - /* The new value is longer, no arena, can't handle this key */ - return SECFailure; - } - return (err == MP_OKAY) ? SECSuccess : SECFailure; -} - SECStatus -RSA_PrivateKeyCheck(RSAPrivateKey *key) +RSA_PrivateKeyCheck(const RSAPrivateKey *key) { mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res; mp_err err = MP_OKAY; @@ -1406,6 +1381,17 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) CHECK_MPI_OK( mp_init(&d_q) ); CHECK_MPI_OK( mp_init(&qInv) ); CHECK_MPI_OK( mp_init(&res) ); + + if (!key->modulus.data || !key->prime1.data || !key->prime2.data || + !key->publicExponent.data || !key->privateExponent.data || + !key->exponent1.data || !key->exponent2.data || + !key->coefficient.data) { + /* call RSA_PopulatePrivateKey first, if the application wishes to + * recover these parameters */ + err = MP_BADARG; + goto cleanup; + } + SECITEM_TO_MPINT(key->modulus, &n); SECITEM_TO_MPINT(key->prime1, &p); SECITEM_TO_MPINT(key->prime2, &q); @@ -1414,18 +1400,10 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) SECITEM_TO_MPINT(key->exponent1, &d_p); SECITEM_TO_MPINT(key->exponent2, &d_q); SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ + /* p > q */ if (mp_cmp(&p, &q) <= 0) { - /* mind the p's and q's (and d_p's and d_q's) */ - SECItem tmp; - mp_exch(&p, &q); - mp_exch(&d_p,&d_q); - tmp = key->prime1; - key->prime1 = key->prime2; - key->prime2 = tmp; - tmp = key->exponent1; - key->exponent1 = key->exponent2; - key->exponent2 = tmp; + rv = SECFailure; + goto cleanup; } #define VERIFY_MPI_EQUAL(m1, m2) \ if (mp_cmp(m1, m2) != 0) { \ @@ -1437,9 +1415,6 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) rv = SECFailure; \ goto cleanup; \ } - /* - * The following errors cannot be recovered from. - */ /* n == p * q */ CHECK_MPI_OK( mp_mul(&p, &q, &res) ); VERIFY_MPI_EQUAL(&res, &n); @@ -1457,28 +1432,16 @@ RSA_PrivateKeyCheck(RSAPrivateKey *key) /* d*e == 1 mod q-1 */ CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) ); VERIFY_MPI_EQUAL_1(&res); - /* - * The following errors can be recovered from. - */ /* d_p == d mod p-1 */ CHECK_MPI_OK( mp_mod(&d, &psub1, &res) ); - if (mp_cmp(&d_p, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) ); - } + VERIFY_MPI_EQUAL(&res, &d_p); /* d_q == d mod q-1 */ CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) ); - if (mp_cmp(&d_q, &res) != 0) { - /* swap in the correct value */ - CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) ); - } + VERIFY_MPI_EQUAL(&res, &d_q); /* q * q**-1 == 1 mod p */ CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) ); - if (mp_cmp_d(&res, 1) != 0) { - /* compute the correct value */ - CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) ); - CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) ); - } + VERIFY_MPI_EQUAL_1(&res); + cleanup: mp_clear(&n); mp_clear(&p); diff --git a/security/nss/lib/jar/jarver.c b/security/nss/lib/jar/jarver.c index d06b4e00..fa3c8a0d 100644 --- a/security/nss/lib/jar/jarver.c +++ b/security/nss/lib/jar/jarver.c @@ -14,13 +14,8 @@ #include "certdb.h" #include "certt.h" #include "secpkcs7.h" - -/*#include "cdbhdl.h" */ #include "secder.h" -/* from certdb.h */ -#define CERTDB_USER (1<<6) - #define SZ 512 static int diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fdb1cd08..6f6b6708 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1053,3 +1053,12 @@ SECMOD_InternaltoPubMechFlags; ;+ local: ;+ *; ;+}; +;+NSS_3.16.2 { # NSS 3.16.2 release +;+ global: +CERT_AddExtensionByOID; +CERT_GetGeneralNameTypeFromString; +PK11_PubEncrypt; +PK11_PrivDecrypt; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index c293db34..4d3d1f5e 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,11 +33,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.15.5" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.16.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 15 -#define NSS_VPATCH 5 -#define NSS_VBUILD 0 +#define NSS_VMINOR 16 +#define NSS_VPATCH 2 +#define NSS_VBUILD 1 #define NSS_BETA PR_FALSE #ifndef RC_INVOKED diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 39168b96..3f3edb11 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, * CERTCertificate, and finish */ nssPKIObject_AddInstance(&c->object, certobj); + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and + * replace 'c' by a different value. So we add a reference to 'c' to + * prevent 'c' from being destroyed. */ + nssCertificate_AddRef(c); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); + /* XXX should we pass the original value of 'c' to + * STAN_ForceCERTCertificateUpdate? */ (void)STAN_ForceCERTCertificateUpdate(c); + nssCertificate_Destroy(c); SECITEM_FreeItem(keyID,PR_TRUE); return SECSuccess; loser: diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index e1e764b1..6700180a 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -55,6 +55,11 @@ static const CK_C_INITIALIZE_ARGS secmodLockFunctions = { CKF_OS_LOCKING_OK ,NULL }; +static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = { + NULL, NULL, NULL, NULL, + CKF_LIBRARY_CANT_CREATE_OS_THREADS + ,NULL +}; static PRBool loadSingleThreadedModules = PR_TRUE; static PRBool enforceAlreadyInitializedError = PR_TRUE; @@ -209,12 +214,18 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, return SECFailure; } - if (mod->isThreadSafe == PR_FALSE) { - pInitArgs = NULL; - } else if (mod->libraryParams == NULL) { - pInitArgs = (void *) &secmodLockFunctions; + if (mod->libraryParams == NULL) { + if (mod->isThreadSafe) { + pInitArgs = (void *) &secmodLockFunctions; + } else { + pInitArgs = NULL; + } } else { - moduleArgs = secmodLockFunctions; + if (mod->isThreadSafe) { + moduleArgs = secmodLockFunctions; + } else { + moduleArgs = secmodNoLockArgs; + } moduleArgs.LibraryParameters = (void *) mod->libraryParams; pInitArgs = &moduleArgs; } @@ -251,18 +262,30 @@ secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload, } } if (crv != CKR_OK) { - if (pInitArgs == NULL || + if (!mod->isThreadSafe || crv == CKR_NETSCAPE_CERTDB_FAILED || crv == CKR_NETSCAPE_KEYDB_FAILED) { PORT_SetError(PK11_MapError(crv)); return SECFailure; } + /* If we had attempted to init a single threaded module "with" + * parameters and it failed, should we retry "without" parameters? + * (currently we don't retry in this scenario) */ + if (!loadSingleThreadedModules) { PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11); return SECFailure; } + /* If we arrive here, the module failed a ThreadSafe init. */ mod->isThreadSafe = PR_FALSE; - crv = PK11_GETTAB(mod)->C_Initialize(NULL); + if (!mod->libraryParams) { + pInitArgs = NULL; + } else { + moduleArgs = secmodNoLockArgs; + moduleArgs.LibraryParameters = (void *) mod->libraryParams; + pInitArgs = &moduleArgs; + } + crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs); if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) && (!enforceAlreadyInitializedError)) { *alreadyLoaded = PR_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 84268ab4..70802948 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -914,17 +914,11 @@ PK11_Encrypt(PK11SymKey *symKey, return SECSuccess; } -/* - * Now SSL 2.0 uses raw RSA stuff. These next to functions *must* use - * RSA keys, or they'll fail. We do the checks up front. If anyone comes - * up with a meaning for rawdecrypt for any other public key operation, - * then we need to move this check into some of PK11_PubDecrypt callers, - * (namely SSL 2.0). - */ static SECStatus -pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen, CK_MECHANISM_PTR mech) +pk11_PrivDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen, + CK_MECHANISM_PTR mech) { PK11SlotInfo *slot = key->pkcs11Slot; CK_ULONG out = maxLen; @@ -960,11 +954,12 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, * do C_Login with CKU_CONTEXT_SPECIFIC * between C_DecryptInit and C_Decrypt * ... But see note above about servers */ - if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { + if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) { PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE); } - crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out); + crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen, + data, &out); if (haslock) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); *outLen = out; @@ -976,41 +971,37 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, } SECStatus -PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } SECStatus -PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, - unsigned encLen) +PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, unsigned int maxLen, + const unsigned char *enc, unsigned encLen) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech); } static SECStatus -pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, - CK_MECHANISM_PTR mech, void *wincx) +pk11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + CK_MECHANISM_PTR mech, void *wincx) { PK11SlotInfo *slot; CK_OBJECT_HANDLE id; - CK_ULONG out; + CK_ULONG len = maxLen; PRBool owner = PR_TRUE; CK_SESSION_HANDLE session; CK_RV crv; - if (!key || key->keyType != rsaKey) { - PORT_SetError( SEC_ERROR_BAD_KEY ); - return SECFailure; - } - out = SECKEY_PublicKeyStrength(key); - slot = PK11_GetBestSlotWithAttributes(mech->mechanism,CKF_ENCRYPT,0,wincx); if (slot == NULL) { PORT_SetError( SEC_ERROR_NO_MODULE ); @@ -1035,10 +1026,12 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, PORT_SetError( PK11_MapError(crv) ); return SECFailure; } - crv = PK11_GETTAB(slot)->C_Encrypt(session,data,dataLen,enc,&out); + crv = PK11_GETTAB(slot)->C_Encrypt(session,(unsigned char *)data,dataLen, + out,&len); if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot); pk11_CloseSession(slot,session,owner); PK11_FreeSlot(slot); + *outLen = len; if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); return SECFailure; @@ -1047,19 +1040,69 @@ pk11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, } SECStatus -PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_X_509, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); } SECStatus -PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx) +PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx) { CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0 }; - return pk11_PubEncryptRaw(key, enc, data, dataLen, &mech, wincx); + unsigned int outLen; + if (!key || key->keyType != rsaKey) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + outLen = SECKEY_PublicKeyStrength(key); + return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech, + wincx); +} + +SECStatus +PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PrivDecryptRaw(key, out, outLen, maxLen, enc, encLen, &mech); +} + +SECStatus +PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned dataLen, + void *wincx) +{ + CK_MECHANISM mech = { mechanism, NULL, 0 }; + if (param) { + mech.pParameter = param->data; + mech.ulParameterLen = param->len; + } + return pk11_PubEncryptRaw(key, out, outLen, maxLen, data, dataLen, &mech, + wincx); } SECKEYPrivateKey * diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index ce9769a4..f0bf2c88 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -520,18 +520,38 @@ SECStatus PK11_Encrypt(PK11SymKey *symKey, const unsigned char *data, unsigned int dataLen); /* note: despite the name, this function takes a private key. */ -SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); #define PK11_PrivDecryptRaw PK11_PubDecryptRaw /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); -SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data, - unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, + unsigned char *data, unsigned *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned encLen); /* The encrypt function that complements the above decrypt function. */ -SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc, - unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, + unsigned char *enc, + const unsigned char *data, unsigned dataLen, + void *wincx); + +SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *enc, unsigned int encLen); +SECStatus PK11_PubEncrypt(SECKEYPublicKey *key, + CK_MECHANISM_TYPE mechanism, SECItem *param, + unsigned char *out, unsigned int *outLen, + unsigned int maxLen, + const unsigned char *data, unsigned int dataLen, + void *wincx); SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki, SECItem *nickname, diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index fbe6c319..00a0a746 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -1372,7 +1372,7 @@ lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *templ, { LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; @@ -1434,7 +1434,7 @@ lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class, { PRBool match = PR_TRUE; LGObjectCache *obj = lg_NewObjectCache(sdb, dbKey, class); - int i; + unsigned int i; if (obj == NULL) { return PR_FALSE; @@ -1758,7 +1758,7 @@ lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK); CK_RV crv, crvCollect = CKR_OK; PRBool writePrivate = PR_FALSE; - int i; + unsigned int i; if (obj == NULL) { return CKR_OBJECT_HANDLE_INVALID; diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 1b9600f0..88e46d6e 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -18,7 +18,7 @@ const CK_ATTRIBUTE * lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count ) { - int i; + unsigned int i; for (i=0; i < count; i++) { if (templ[i].type == type) { diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index d3c757d1..58fe27af 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -4598,9 +4598,12 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, } return (SECSuccess); - -loser: +loser: + if (handle->dbMon) { + PZ_DestroyMonitor(handle->dbMon); + handle->dbMon = NULL; + } PORT_SetError(SEC_ERROR_BAD_DATABASE); return(SECFailure); } diff --git a/security/nss/lib/softoken/legacydb/pcertt.h b/security/nss/lib/softoken/legacydb/pcertt.h index b4c91285..fd5e17ca 100644 --- a/security/nss/lib/softoken/legacydb/pcertt.h +++ b/security/nss/lib/softoken/legacydb/pcertt.h @@ -397,18 +397,18 @@ typedef union { #define DB_CERT_ENTRY_HEADER_LEN 10 /* common flags for all types of certificates */ -#define CERTDB_TERMINAL_RECORD (1<<0) -#define CERTDB_TRUSTED (1<<1) -#define CERTDB_SEND_WARN (1<<2) -#define CERTDB_VALID_CA (1<<3) -#define CERTDB_TRUSTED_CA (1<<4) /* trusted for issuing server certs */ -#define CERTDB_NS_TRUSTED_CA (1<<5) -#define CERTDB_USER (1<<6) -#define CERTDB_TRUSTED_CLIENT_CA (1<<7) /* trusted for issuing client certs */ -#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */ -#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */ -#define CERTDB_MUST_VERIFY (1<<10) /* explicitly don't trust this cert */ -#define CERTDB_TRUSTED_UNKNOWN (1<<11) /* accept trust from another source */ +#define CERTDB_TERMINAL_RECORD (1u<<0) +#define CERTDB_TRUSTED (1u<<1) +#define CERTDB_SEND_WARN (1u<<2) +#define CERTDB_VALID_CA (1u<<3) +#define CERTDB_TRUSTED_CA (1u<<4) /* trusted for issuing server certs */ +#define CERTDB_NS_TRUSTED_CA (1u<<5) +#define CERTDB_USER (1u<<6) +#define CERTDB_TRUSTED_CLIENT_CA (1u<<7) /* trusted for issuing client certs */ +#define CERTDB_INVISIBLE_CA (1u<<8) /* don't show in UI */ +#define CERTDB_GOVT_APPROVED_CA (1u<<9) /* can do strong crypto in export ver */ +#define CERTDB_MUST_VERIFY (1u<<10) /* explicitly don't trust this cert */ +#define CERTDB_TRUSTED_UNKNOWN (1u<<11) /* accept trust from another source */ /* bits not affected by the CKO_NETSCAPE_TRUST object */ #define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER | \ diff --git a/security/nss/lib/softoken/manifest.mn.orig b/security/nss/lib/softoken/manifest.mn.orig deleted file mode 100644 index ed52b3d9..00000000 --- a/security/nss/lib/softoken/manifest.mn.orig +++ /dev/null @@ -1,63 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -CORE_DEPTH = ../.. - -MODULE = nss -DIRS = legacydb - -LIBRARY_NAME = softokn -LIBRARY_VERSION = 3 -MAPFILE = $(OBJDIR)/softokn.def - -DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" - -SQLITE_INCLUDE_DIR=$(DIST)/include/sqlite3 -ifdef SQLITE_INCLUDE_DIR -INCLUDES += -I$(SQLITE_INCLUDE_DIR) -endif - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - lgglue.h \ - lowkeyi.h \ - lowkeyti.h \ - pkcs11ni.h \ - softoken.h \ - softoknt.h \ - softkver.h \ - sdb.h \ - sftkdbt.h \ - $(NULL) - -CSRCS = \ - ecdecode.c \ - fipsaudt.c \ - fipstest.c \ - fipstokn.c \ - lgglue.c \ - lowkey.c \ - lowpbe.c \ - padbuf.c \ - pkcs11.c \ - pkcs11c.c \ - pkcs11u.c \ - sdb.c \ - sftkdb.c \ - sftkhmac.c \ - sftkpars.c \ - sftkpwd.c \ - softkver.c \ - tlsprf.c \ - jpakesftk.c \ - $(NULL) - -ifdef SQLITE_UNSAFE_THREADS -DEFINES += -DSQLITE_UNSAFE_THREADS -endif - -# This part of the code, including all sub-dirs, can be optimized for size -export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index d1dd73af..6fa4e4ec 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -266,6 +266,8 @@ static const struct mechanismList mechanisms[] = { CKF_DUZ_IT_ALL}, PR_TRUE}, {CKM_RSA_PKCS_PSS, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_SN_VR}, PR_TRUE}, + {CKM_RSA_PKCS_OAEP, {RSA_MIN_MODULUS_BITS,CK_MAX, + CKF_EN_DE_WR_UN}, PR_TRUE}, #ifdef SFTK_RSA9796_SUPPORTED {CKM_RSA_9796, {RSA_MIN_MODULUS_BITS,CK_MAX, CKF_DUZ_IT_ALL}, PR_TRUE}, @@ -987,7 +989,7 @@ static NSSLOWKEYPrivateKey * sftk_mkPrivKey(SFTKObject *object,CK_KEY_TYPE key, CK_RV *rvp); static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object); +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded); /* * check the consistancy and initialize a Private Key Object @@ -1003,12 +1005,14 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE CK_BBOOL derive = CK_TRUE; CK_BBOOL ckfalse = CK_FALSE; PRBool createObjectInfo = PR_TRUE; + PRBool fillPrivateKey = PR_FALSE; int missing_rsa_mod_component = 0; int missing_rsa_exp_component = 0; int missing_rsa_crt_component = 0; - + SECItem mod; CK_RV crv; + SECStatus rv; switch (key_type) { case CKK_RSA: @@ -1043,19 +1047,19 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE int have_exp = 2- missing_rsa_exp_component; int have_component = 5- (missing_rsa_exp_component+missing_rsa_mod_component); - SECStatus rv; if ((have_exp == 0) || (have_component < 3)) { /* nope, not enough to reconstruct the private key */ return CKR_TEMPLATE_INCOMPLETE; } - /*fill in the missing parameters */ - rv = sftk_fillRSAPrivateKey(object); - if (rv != SECSuccess) { - return CKR_TEMPLATE_INCOMPLETE; - } + fillPrivateKey = PR_TRUE; } - + /*verify the parameters for consistency*/ + rv = sftk_verifyRSAPrivateKey(object, fillPrivateKey); + if (rv != SECSuccess) { + return CKR_TEMPLATE_INCOMPLETE; + } + /* make sure Netscape DB attribute is set correctly */ crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS); if (crv != CKR_OK) return crv; @@ -1149,7 +1153,6 @@ sftk_handlePrivateKeyObject(SFTKSession *session,SFTKObject *object,CK_KEY_TYPE if (sftk_isTrue(object,CKA_TOKEN)) { SFTKSlot *slot = session->slot; SFTKDBHandle *keyHandle = sftk_getKeyDB(slot); - CK_RV crv; if (keyHandle == NULL) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1940,10 +1943,11 @@ sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp) } /* - * we have a partial rsa private key, fill in the rest + * If a partial RSA private key is present, fill in the rest if necessary, + * and then verify the parameters are well-formed */ static SECStatus -sftk_fillRSAPrivateKey(SFTKObject *object) +sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded) { RSAPrivateKey tmpKey = { 0 }; SFTKAttribute *modulus = NULL; @@ -1951,6 +1955,9 @@ sftk_fillRSAPrivateKey(SFTKObject *object) SFTKAttribute *prime2 = NULL; SFTKAttribute *privateExponent = NULL; SFTKAttribute *publicExponent = NULL; + SFTKAttribute *exponent1 = NULL; + SFTKAttribute *exponent2 = NULL; + SFTKAttribute *coefficient = NULL; SECStatus rv; CK_RV crv; @@ -1981,44 +1988,82 @@ sftk_fillRSAPrivateKey(SFTKObject *object) if (publicExponent) { tmpKey.publicExponent.data = publicExponent->attrib.pValue; tmpKey.publicExponent.len = publicExponent->attrib.ulValueLen; - } + } + exponent1 = sftk_FindAttribute(object, CKA_EXPONENT_1); + if (exponent1) { + tmpKey.exponent1.data = exponent1->attrib.pValue; + tmpKey.exponent1.len = exponent1->attrib.ulValueLen; + } + exponent2 = sftk_FindAttribute(object, CKA_EXPONENT_2); + if (exponent2) { + tmpKey.exponent2.data = exponent2->attrib.pValue; + tmpKey.exponent2.len = exponent2->attrib.ulValueLen; + } + coefficient = sftk_FindAttribute(object, CKA_COEFFICIENT); + if (coefficient) { + tmpKey.coefficient.data = coefficient->attrib.pValue; + tmpKey.coefficient.len = coefficient->attrib.ulValueLen; + } - /* - * populate requires one exponent plus 2 other components to work. - * we expected our caller to check that first. If that didn't happen, - * populate will simply return an error here. - */ - rv = RSA_PopulatePrivateKey(&tmpKey); + if (fillIfNeeded) { + /* + * populate requires one exponent plus 2 other components to work. + * we expected our caller to check that first. If that didn't happen, + * populate will simply return an error here. + */ + rv = RSA_PopulatePrivateKey(&tmpKey); + if (rv != SECSuccess) { + goto loser; + } + } + rv = RSA_PrivateKeyCheck(&tmpKey); if (rv != SECSuccess) { goto loser; } - /* now that we have a fully populated key, set all our attribute values */ rv = SECFailure; - crv = sftk_forceAttribute(object,CKA_MODULUS, - sftk_item_expand(&tmpKey.modulus)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PUBLIC_EXPONENT, - sftk_item_expand(&tmpKey.publicExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIVATE_EXPONENT, - sftk_item_expand(&tmpKey.privateExponent)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_1, - sftk_item_expand(&tmpKey.prime1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_PRIME_2, - sftk_item_expand(&tmpKey.prime2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_1, - sftk_item_expand(&tmpKey.exponent1)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_EXPONENT_2, - sftk_item_expand(&tmpKey.exponent2)); - if (crv != CKR_OK) goto loser; - crv = sftk_forceAttribute(object,CKA_COEFFICIENT, - sftk_item_expand(&tmpKey.coefficient)); - if (crv != CKR_OK) goto loser; + if (!modulus || modulus->attrib.pValue != tmpKey.modulus.data) { + crv = sftk_forceAttribute(object,CKA_MODULUS, + sftk_item_expand(&tmpKey.modulus)); + if (crv != CKR_OK) goto loser; + } + if (!publicExponent || + publicExponent->attrib.pValue != tmpKey.publicExponent.data) { + crv = sftk_forceAttribute(object, CKA_PUBLIC_EXPONENT, + sftk_item_expand(&tmpKey.publicExponent)); + if (crv != CKR_OK) goto loser; + } + if (!privateExponent || + privateExponent->attrib.pValue != tmpKey.privateExponent.data) { + crv = sftk_forceAttribute(object, CKA_PRIVATE_EXPONENT, + sftk_item_expand(&tmpKey.privateExponent)); + if (crv != CKR_OK) goto loser; + } + if (!prime1 || prime1->attrib.pValue != tmpKey.prime1.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_1, + sftk_item_expand(&tmpKey.prime1)); + if (crv != CKR_OK) goto loser; + } + if (!prime2 || prime2->attrib.pValue != tmpKey.prime2.data) { + crv = sftk_forceAttribute(object, CKA_PRIME_2, + sftk_item_expand(&tmpKey.prime2)); + if (crv != CKR_OK) goto loser; + } + if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_1, + sftk_item_expand(&tmpKey.exponent1)); + if (crv != CKR_OK) goto loser; + } + if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) { + crv = sftk_forceAttribute(object, CKA_EXPONENT_2, + sftk_item_expand(&tmpKey.exponent2)); + if (crv != CKR_OK) goto loser; + } + if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) { + crv = sftk_forceAttribute(object, CKA_COEFFICIENT, + sftk_item_expand(&tmpKey.coefficient)); + if (crv != CKR_OK) goto loser; + } rv = SECSuccess; /* we're done (one way or the other), clean up all our stuff */ @@ -2041,15 +2086,18 @@ loser: if (publicExponent) { sftk_FreeAttribute(publicExponent); } + if (exponent1) { + sftk_FreeAttribute(exponent1); + } + if (exponent2) { + sftk_FreeAttribute(exponent2); + } + if (coefficient) { + sftk_FreeAttribute(coefficient); + } return rv; } - - - - - - /* Generate a low private key structure from an object */ NSSLOWKEYPrivateKey * sftk_GetPrivKey(SFTKObject *object,CK_KEY_TYPE key_type, CK_RV *crvp) @@ -3128,9 +3176,6 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) if (slot == NULL) return CKR_SLOT_ID_INVALID; - pInfo->firmwareVersion.major = 0; - pInfo->firmwareVersion.minor = 0; - PORT_Memcpy(pInfo->manufacturerID,manufacturerID, sizeof(pInfo->manufacturerID)); PORT_Memcpy(pInfo->slotDescription,slot->slotDescription, @@ -3157,6 +3202,8 @@ CK_RV NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */ pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR; pInfo->hardwareVersion.minor = SOFTOKEN_VMINOR; + pInfo->firmwareVersion.major = SOFTOKEN_VPATCH; + pInfo->firmwareVersion.minor = SOFTOKEN_VBUILD; return CKR_OK; } diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index f5934ff6..8f50882a 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -302,6 +302,46 @@ GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech) } } +/* + * Returns true if "params" contains a valid set of PSS parameters + */ +static PRBool +sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL || + GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) { + return PR_FALSE; + } + return PR_TRUE; +} + +/* + * Returns true if "params" contains a valid set of OAEP parameters + */ +static PRBool +sftk_ValidateOaepParams(const CK_RSA_PKCS_OAEP_PARAMS *params) +{ + if (!params) { + return PR_FALSE; + } + /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which + * state: + * If the parameter is empty, pSourceData must be NULL and + * ulSourceDataLen must be zero. + */ + if (params->source != CKZ_DATA_SPECIFIED || + (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) || + (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) || + (params->ulSourceDataLen == 0 && params->pSourceData != NULL) || + (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) { + return PR_FALSE; + } + return PR_TRUE; +} + /* * return a context based on the SFTKContext type. */ @@ -588,11 +628,6 @@ sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, NULL, 0, @@ -617,11 +652,6 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, hashAlg = GetHashTypeFromMechanism(info->params->hashAlg); maskHashAlg = GetHashTypeFromMechanism(info->params->mgf); - if (info->params->source != CKZ_DATA_SPECIFIED) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg, (const unsigned char*)info->params->pSourceData, info->params->ulSourceDataLen, @@ -710,19 +740,18 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = sftk_Null; break; -/* XXX: Disabled until unit tests land. case CKM_RSA_PKCS_OAEP: if (key_type != CKK_RSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } - context->multi = PR_FALSE; - context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS) || + !sftk_ValidateOaepParams((CK_RSA_PKCS_OAEP_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } - /\* XXX: Need Parameter validation here *\/ + context->multi = PR_FALSE; + context->rsa = PR_TRUE; if (isEncrypt) { SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo); if (info == NULL) { @@ -758,7 +787,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, } context->destroy = (SFTKDestroy) sftk_Space; break; -*/ case CKM_RC2_CBC_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -2386,7 +2414,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } @@ -3023,7 +3052,8 @@ finish_rsa: break; } context->rsa = PR_TRUE; - if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) { + if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) || + !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS*)pMechanism->pParameter)) { crv = CKR_MECHANISM_PARAM_INVALID; break; } diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 0faf73be..8fed46d2 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.15.5" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.16.2.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 15 -#define SOFTOKEN_VPATCH 5 -#define SOFTOKEN_VBUILD 0 +#define SOFTOKEN_VMINOR 16 +#define SOFTOKEN_VPATCH 2 +#define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index c14d5d83..bbe2bd9b 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -412,3 +412,9 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127), ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128), "Incorrect signature algorithm specified in a digitally-signed element.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129), +"The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.") + +ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), +"The server supports no protocols that the client advertises in the ALPN extension.") diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 704415cf..4e384619 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -51,16 +51,21 @@ static const ssl3CipherSuite nonDTLSSuites[] = { * * TLS DTLS * 1.1 (0302) 1.0 (feff) + * 1.2 (0303) 1.2 (fefd) */ SSL3ProtocolVersion dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv) { - /* Anything other than TLS 1.1 is an error, so return - * the invalid version ffff. */ - if (tlsv != SSL_LIBRARY_VERSION_TLS_1_1) - return 0xffff; + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) { + return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + } + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) { + return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; + } - return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE; + /* Anything other than TLS 1.1 or 1.2 is an error, so return + * the invalid version 0xffff. */ + return 0xffff; } /* Map known DTLS versions to known TLS versions. @@ -71,14 +76,18 @@ SSL3ProtocolVersion dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv) { if (MSB(dtlsv) == 0xff) { - return 0; + return 0; } - if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) - return SSL_LIBRARY_VERSION_TLS_1_1; + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_1; + } + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_2; + } /* Return a fictional higher version than we know of */ - return SSL_LIBRARY_VERSION_TLS_1_1 + 1; + return SSL_LIBRARY_VERSION_TLS_1_2 + 1; } /* On this socket, Disable non-DTLS cipher suites in the argument's list */ @@ -88,9 +97,9 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -101,17 +110,17 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) */ static DTLSQueuedMessage * dtls_AllocQueuedMessage(PRUint16 epoch, SSL3ContentType type, - const unsigned char *data, PRUint32 len) + const unsigned char *data, PRUint32 len) { DTLSQueuedMessage *msg = NULL; msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage)); if (!msg) - return NULL; + return NULL; msg->data = PORT_Alloc(len); if (!msg->data) { - PORT_Free(msg); + PORT_Free(msg); return NULL; } PORT_Memcpy(msg->data, data, len); @@ -132,7 +141,7 @@ static void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg) { if (!msg) - return; + return; PORT_ZFree(msg->data, msg->len); PORT_Free(msg); @@ -151,9 +160,9 @@ dtls_FreeHandshakeMessages(PRCList *list) PRCList *cur_p; while (!PR_CLIST_IS_EMPTY(list)) { - cur_p = PR_LIST_TAIL(list); - PR_REMOVE_LINK(cur_p); - dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); + cur_p = PR_LIST_TAIL(list); + PR_REMOVE_LINK(cur_p); + dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p); } } @@ -204,18 +213,18 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Parse the header */ - type = buf.buf[0]; + type = buf.buf[0]; message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3]; message_seq = (buf.buf[4] << 8) | buf.buf[5]; fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8]; fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11]; - -#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ - if (message_length > MAX_HANDSHAKE_MSG_LEN) { - (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); - return SECFailure; - } + +#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ + if (message_length > MAX_HANDSHAKE_MSG_LEN) { + (void)ssl3_DecodeError(ss); + PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + return SECFailure; + } #undef MAX_HANDSHAKE_MSG_LEN buf.buf += 12; @@ -229,7 +238,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) } /* Sanity check the packet contents */ - if ((fragment_length + fragment_offset) > message_length) { + if ((fragment_length + fragment_offset) > message_length) { PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); rv = SECFailure; break; @@ -245,8 +254,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This is the common case for short messages */ if ((message_seq == ss->ssl3.hs.recvMessageSeq) - && (fragment_offset == 0) - && (fragment_length == message_length)) { + && (fragment_offset == 0) + && (fragment_length == message_length)) { /* Complete next message. Process immediately */ ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; @@ -254,14 +263,14 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* At this point we are advancing our state machine, so * we can free our last flight of messages */ dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - ss->ssl3.hs.recvdHighWater = -1; - dtls_CancelTimer(ss); + ss->ssl3.hs.recvdHighWater = -1; + dtls_CancelTimer(ss); - /* Reset the timer to the initial value if the retry counter - * is 0, per Sec. 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* Reset the timer to the initial value if the retry counter + * is 0, per Sec. 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } rv = ssl3_HandleHandshakeMessage(ss, buf.buf, ss->ssl3.hs.msg_len); if (rv == SECFailure) { @@ -269,68 +278,68 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) break; } } else { - if (message_seq < ss->ssl3.hs.recvMessageSeq) { - /* Case 3: we do an immediate retransmit if we're - * in a waiting state*/ - if (ss->ssl3.hs.rtTimerCb == NULL) { - /* Ignore */ - } else if (ss->ssl3.hs.rtTimerCb == - dtls_RetransmitTimerExpiredCb) { - SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", - SSL_GETPID(), ss->fd)); - /* Check to see if we retransmitted recently. If so, - * suppress the triggered retransmit. This avoids - * retransmit wars after packet loss. - * This is not in RFC 5346 but should be - */ - if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - (ss->ssl3.hs.rtTimeoutMs / 4)) { - SSL_TRC(30, - ("%d: SSL3[%d]: Shortcutting retransmit timer", + if (message_seq < ss->ssl3.hs.recvMessageSeq) { + /* Case 3: we do an immediate retransmit if we're + * in a waiting state*/ + if (ss->ssl3.hs.rtTimerCb == NULL) { + /* Ignore */ + } else if (ss->ssl3.hs.rtTimerCb == + dtls_RetransmitTimerExpiredCb) { + SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected", + SSL_GETPID(), ss->fd)); + /* Check to see if we retransmitted recently. If so, + * suppress the triggered retransmit. This avoids + * retransmit wars after packet loss. + * This is not in RFC 5346 but should be + */ + if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > + (ss->ssl3.hs.rtTimeoutMs / 4)) { + SSL_TRC(30, + ("%d: SSL3[%d]: Shortcutting retransmit timer", SSL_GETPID(), ss->fd)); - /* Cancel the timer and call the CB, - * which re-arms the timer */ - dtls_CancelTimer(ss); - dtls_RetransmitTimerExpiredCb(ss); - rv = SECSuccess; - break; - } else { - SSL_TRC(30, - ("%d: SSL3[%d]: We just retransmitted. Ignoring.", + /* Cancel the timer and call the CB, + * which re-arms the timer */ + dtls_CancelTimer(ss); + dtls_RetransmitTimerExpiredCb(ss); + rv = SECSuccess; + break; + } else { + SSL_TRC(30, + ("%d: SSL3[%d]: We just retransmitted. Ignoring.", SSL_GETPID(), ss->fd)); - rv = SECSuccess; - break; - } - } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { - /* Retransmit the messages and re-arm the timer - * Note that we are not backing off the timer here. - * The spec isn't clear and my reasoning is that this - * may be a re-ordered packet rather than slowness, - * so let's be aggressive. */ - dtls_CancelTimer(ss); - rv = dtls_TransmitMessageFlight(ss); - if (rv == SECSuccess) { - rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); - } - if (rv != SECSuccess) - return rv; - break; - } - } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { - /* Case 2 + rv = SECSuccess; + break; + } + } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) { + /* Retransmit the messages and re-arm the timer + * Note that we are not backing off the timer here. + * The spec isn't clear and my reasoning is that this + * may be a re-ordered packet rather than slowness, + * so let's be aggressive. */ + dtls_CancelTimer(ss); + rv = dtls_TransmitMessageFlight(ss); + if (rv == SECSuccess) { + rv = dtls_StartTimer(ss, dtls_FinishedTimerCb); + } + if (rv != SECSuccess) + return rv; + break; + } + } else if (message_seq > ss->ssl3.hs.recvMessageSeq) { + /* Case 2 * - * Ignore this message. This means we don't handle out of - * order complete messages that well, but we're still - * compliant and this probably does not happen often + * Ignore this message. This means we don't handle out of + * order complete messages that well, but we're still + * compliant and this probably does not happen often * - * XXX OK for now. Maybe do something smarter at some point? - */ - } else { - /* Case 1 + * XXX OK for now. Maybe do something smarter at some point? + */ + } else { + /* Case 1 * - * Buffer the fragment for reassembly - */ + * Buffer the fragment for reassembly + */ /* Make room for the message */ if (ss->ssl3.hs.recvdHighWater == -1) { PRUint32 map_length = OFFSET_BYTE(message_length) + 1; @@ -347,8 +356,8 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Reset the reassembly map */ ss->ssl3.hs.recvdHighWater = 0; PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0, - ss->ssl3.hs.recvdFragments.space); - ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; + ss->ssl3.hs.recvdFragments.space); + ss->ssl3.hs.msg_type = (SSL3HandshakeType)type; ss->ssl3.hs.msg_len = message_length; } @@ -381,7 +390,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * case of adjacent fragments received in sequence */ if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { - /* Either this is the adjacent fragment or an overlapping + /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + fragment_length; @@ -397,9 +406,9 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) /* Now figure out the new high water mark if appropriate */ for (offset = ss->ssl3.hs.recvdHighWater; offset < ss->ssl3.hs.msg_len; offset++) { - /* Note that this loop is not efficient, since it counts - * bit by bit. If we have a lot of out-of-order packets, - * we should optimize this */ + /* Note that this loop is not efficient, since it counts + * bit by bit. If we have a lot of out-of-order packets, + * we should optimize this */ if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] & OFFSET_MASK(offset)) { ss->ssl3.hs.recvdHighWater++; @@ -418,25 +427,25 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (rv == SECFailure) break; /* Skip rest of record */ - /* At this point we are advancing our state machine, so - * we can free our last flight of messages */ - dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); - dtls_CancelTimer(ss); + /* At this point we are advancing our state machine, so + * we can free our last flight of messages */ + dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight); + dtls_CancelTimer(ss); - /* If there have been no retries this time, reset the - * timer value to the default per Section 4.2.4.1 */ - if (ss->ssl3.hs.rtRetries == 0) { - ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; - } + /* If there have been no retries this time, reset the + * timer value to the default per Section 4.2.4.1 */ + if (ss->ssl3.hs.rtRetries == 0) { + ss->ssl3.hs.rtTimeoutMs = INITIAL_DTLS_TIMEOUT_MS; + } } } } - buf.buf += fragment_length; + buf.buf += fragment_length; buf.len -= fragment_length; } - origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ + origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ /* XXX OK for now. In future handle rv == SECWouldBlock safely in order * to deal with asynchronous certificate verification */ @@ -461,10 +470,10 @@ SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, msg = dtls_AllocQueuedMessage(ss->ssl3.cwSpec->epoch, type, pIn, nIn); if (!msg) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - rv = SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + rv = SECFailure; } else { - PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); + PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight); } return rv; @@ -490,7 +499,7 @@ dtls_StageHandshakeMessage(sslSocket *ss) /* This function is sometimes called when no data is actually to * be staged, so just return SECSuccess. */ if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len) - return rv; + return rv; rv = dtls_QueueMessage(ss, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len); @@ -522,11 +531,11 @@ dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) rv = dtls_TransmitMessageFlight(ss); if (rv != SECSuccess) return rv; - - if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { - ss->ssl3.hs.rtRetries = 0; - rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); - } + + if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) { + ss->ssl3.hs.rtRetries = 0; + rv = dtls_StartTimer(ss, dtls_RetransmitTimerExpiredCb); + } } return rv; @@ -546,22 +555,22 @@ dtls_RetransmitTimerExpiredCb(sslSocket *ss) ss->ssl3.hs.rtRetries++; if (!(ss->ssl3.hs.rtRetries % 3)) { - /* If one of the messages was potentially greater than > MTU, - * then downgrade. Do this every time we have retransmitted a - * message twice, per RFC 6347 Sec. 4.1.1 */ - dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); + /* If one of the messages was potentially greater than > MTU, + * then downgrade. Do this every time we have retransmitted a + * message twice, per RFC 6347 Sec. 4.1.1 */ + dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1); } - + rv = dtls_TransmitMessageFlight(ss); if (rv == SECSuccess) { - /* Re-arm the timer */ - rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); + /* Re-arm the timer */ + rv = dtls_RestartTimer(ss, PR_TRUE, dtls_RetransmitTimerExpiredCb); } if (rv == SECFailure) { - /* XXX OK for now. In future maybe signal the stack that we couldn't - * transmit. For now, let the read handle any real network errors */ + /* XXX OK for now. In future maybe signal the stack that we couldn't + * transmit. For now, let the read handle any real network errors */ } } @@ -591,87 +600,87 @@ dtls_TransmitMessageFlight(sslSocket *ss) */ PORT_Assert(!ss->pendingBuf.len); for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight); - msg_p != &ss->ssl3.hs.lastMessageFlight; - msg_p = PR_NEXT_LINK(msg_p)) { + msg_p != &ss->ssl3.hs.lastMessageFlight; + msg_p = PR_NEXT_LINK(msg_p)) { DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p; /* The logic here is: * - * 1. If this is a message that will not fit into the remaining - * space, then flush. - * 2. If the message will now fit into the remaining space, + * 1. If this is a message that will not fit into the remaining + * space, then flush. + * 2. If the message will now fit into the remaining space, * encrypt, buffer, and loop. * 3. If the message will not fit, then fragment. * - * At the end of the function, flush. + * At the end of the function, flush. */ if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) { - /* The message will not fit into the remaining space, so flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + /* The message will not fit into the remaining space, so flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; room_left = ss->ssl3.mtu; - } + } if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) { /* The message will fit, so encrypt and then continue with the - * next packet */ + * next packet */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, - msg->data, msg->len, - ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + msg->data, msg->len, + ssl_SEND_FLAG_FORCE_INTO_BUFFER | + ssl_SEND_FLAG_USE_EPOCH); if (sent != msg->len) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } break; - } + } room_left = ss->ssl3.mtu - ss->pendingBuf.len; } else { /* The message will not fit, so fragment. * - * XXX OK for now. Arrange to coalesce the last fragment - * of this message with the next message if possible. - * That would be more efficient. - */ + * XXX OK for now. Arrange to coalesce the last fragment + * of this message with the next message if possible. + * That would be more efficient. + */ PRUint32 fragment_offset = 0; unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest * plausible MTU */ - /* Assert that we have already flushed */ - PORT_Assert(room_left == ss->ssl3.mtu); + /* Assert that we have already flushed */ + PORT_Assert(room_left == ss->ssl3.mtu); /* Case 3: We now need to fragment this message * DTLS only supports fragmenting handshaking messages */ PORT_Assert(msg->type == content_handshake); - /* The headers consume 12 bytes so the smalles possible - * message (i.e., an empty one) is 12 bytes - */ - PORT_Assert(msg->len >= 12); + /* The headers consume 12 bytes so the smalles possible + * message (i.e., an empty one) is 12 bytes + */ + PORT_Assert(msg->len >= 12); while ((fragment_offset + 12) < msg->len) { PRUint32 fragment_len; const unsigned char *content = msg->data + 12; PRUint32 content_len = msg->len - 12; - /* The reason we use 8 here is that that's the length of - * the new DTLS data that we add to the header */ + /* The reason we use 8 here is that that's the length of + * the new DTLS data that we add to the header */ fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); - PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); - /* Make totally sure that we are within the buffer. - * Note that the only way that fragment len could get - * adjusted here is if + PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); + /* Make totally sure that we are within the buffer. + * Note that the only way that fragment len could get + * adjusted here is if * - * (a) we are in release mode so the PORT_Assert is compiled out - * (b) either the MTU table is inconsistent with DTLS_MAX_MTU - * or ss->ssl3.mtu has become corrupt. - */ - fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); + * (a) we are in release mode so the PORT_Assert is compiled out + * (b) either the MTU table is inconsistent with DTLS_MAX_MTU + * or ss->ssl3.mtu has become corrupt. + */ + fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12); /* Construct an appropriate-sized fragment */ /* Type, length, sequence */ @@ -691,25 +700,25 @@ dtls_TransmitMessageFlight(sslSocket *ss) fragment_len); /* - * Send the record. We do this in two stages - * 1. Encrypt - */ + * Send the record. We do this in two stages + * 1. Encrypt + */ sent = ssl3_SendRecord(ss, msg->epoch, msg->type, fragment, fragment_len + 12, ssl_SEND_FLAG_FORCE_INTO_BUFFER | - ssl_SEND_FLAG_USE_EPOCH); + ssl_SEND_FLAG_USE_EPOCH); if (sent != (fragment_len + 12)) { - rv = SECFailure; - if (sent != -1) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - } - break; - } - - /* 2. Flush */ - rv = dtls_SendSavedWriteData(ss); - if (rv != SECSuccess) - break; + rv = SECFailure; + if (sent != -1) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + } + break; + } + + /* 2. Flush */ + rv = dtls_SendSavedWriteData(ss); + if (rv != SECSuccess) + break; fragment_offset += fragment_len; } @@ -718,7 +727,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* Finally, we need to flush */ if (rv == SECSuccess) - rv = dtls_SendSavedWriteData(ss); + rv = dtls_SendSavedWriteData(ss); /* Give up the locks */ ssl_ReleaseSpecReadLock(ss); @@ -740,19 +749,19 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) sent = ssl_SendSavedWriteData(ss); if (sent < 0) - return SECFailure; + return SECFailure; /* We should always have complete writes b/c datagram sockets * don't really block */ if (ss->pendingBuf.len > 0) { - ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE); + return SECFailure; } /* Update the largest message sent so we can adjust the MTU * estimate if necessary */ if (sent > ss->ssl3.hs.maxMessageSent) - ss->ssl3.hs.maxMessageSent = sent; + ss->ssl3.hs.maxMessageSent = sent; return SECSuccess; } @@ -767,16 +776,16 @@ SECStatus dtls_SendSavedWriteData(sslSocket *ss) SECStatus dtls_CompressMACEncryptRecord(sslSocket * ss, DTLSEpoch epoch, - PRBool use_epoch, + PRBool use_epoch, SSL3ContentType type, - const SSL3Opaque * pIn, - PRUint32 contentLen, - sslBuffer * wrBuf) + const SSL3Opaque * pIn, + PRUint32 contentLen, + sslBuffer * wrBuf) { SECStatus rv = SECFailure; ssl3CipherSpec * cwSpec; - ssl_GetSpecReadLock(ss); /********************************/ + ssl_GetSpecReadLock(ss); /********************************/ /* The reason for this switch-hitting code is that we might have * a flight of records spanning an epoch boundary, e.g., @@ -789,23 +798,23 @@ dtls_CompressMACEncryptRecord(sslSocket * ss, * about which epoch to use is carried with the record. */ if (use_epoch) { - if (ss->ssl3.cwSpec->epoch == epoch) - cwSpec = ss->ssl3.cwSpec; - else if (ss->ssl3.pwSpec->epoch == epoch) - cwSpec = ss->ssl3.pwSpec; - else - cwSpec = NULL; + if (ss->ssl3.cwSpec->epoch == epoch) + cwSpec = ss->ssl3.cwSpec; + else if (ss->ssl3.pwSpec->epoch == epoch) + cwSpec = ss->ssl3.pwSpec; + else + cwSpec = NULL; } else { - cwSpec = ss->ssl3.cwSpec; + cwSpec = ss->ssl3.cwSpec; } if (cwSpec) { rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE, - PR_FALSE, type, pIn, contentLen, - wrBuf); + PR_FALSE, type, pIn, contentLen, + wrBuf); } else { PR_NOT_REACHED("Couldn't find a cipher spec matching epoch"); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } ssl_ReleaseSpecReadLock(ss); /************************************/ @@ -838,9 +847,9 @@ SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, DTLSTimerCb cb) { if (backoff) { - ss->ssl3.hs.rtTimeoutMs *= 2; - if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) - ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; + ss->ssl3.hs.rtTimeoutMs *= 2; + if (ss->ssl3.hs.rtTimeoutMs > MAX_DTLS_TIMEOUT_MS) + ss->ssl3.hs.rtTimeoutMs = MAX_DTLS_TIMEOUT_MS; } return dtls_StartTimer(ss, cb); @@ -868,18 +877,18 @@ void dtls_CheckTimer(sslSocket *ss) { if (!ss->ssl3.hs.rtTimerCb) - return; + return; if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) > - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { - /* Timer has expired */ - DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; - - /* Cancel the timer so that we can call the CB safely */ - dtls_CancelTimer(ss); + PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) { + /* Timer has expired */ + DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb; - /* Now call the CB */ - cb(ss); + /* Cancel the timer so that we can call the CB safely */ + dtls_CancelTimer(ss); + + /* Now call the CB */ + cb(ss); } } @@ -928,17 +937,17 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) int i; if (advertised == 0) { - ss->ssl3.mtu = COMMON_MTU_VALUES[0]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; + ss->ssl3.mtu = COMMON_MTU_VALUES[0]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; } - + for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) { - if (COMMON_MTU_VALUES[i] <= advertised) { - ss->ssl3.mtu = COMMON_MTU_VALUES[i]; - SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); - return; - } + if (COMMON_MTU_VALUES[i] <= advertised) { + ss->ssl3.mtu = COMMON_MTU_VALUES[i]; + SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu)); + return; + } } /* Fallback */ @@ -953,57 +962,57 @@ dtls_SetMTU(sslSocket *ss, PRUint16 advertised) SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) { - int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; + int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST; SECStatus rv; PRInt32 temp; SECItem cookie = {siBuffer, NULL, 0}; SSL3AlertDescription desc = illegal_parameter; SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); if (ss->ssl3.hs.ws != wait_server_hello) { errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST; - desc = unexpected_message; - goto alert_loser; + desc = unexpected_message; + goto alert_loser; } /* The version */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } - if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) { - /* Note: this will need adjustment for DTLS 1.2 per Section 4.2.1 */ - goto alert_loser; + if (temp != SSL_LIBRARY_VERSION_DTLS_1_0_WIRE && + temp != SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { + goto alert_loser; } /* The cookie */ rv = ssl3_ConsumeHandshakeVariable(ss, &cookie, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* alert has been sent */ + goto loser; /* alert has been sent */ } if (cookie.len > DTLS_COOKIE_BYTES) { - desc = decode_error; - goto alert_loser; /* malformed. */ + desc = decode_error; + goto alert_loser; /* malformed. */ } PORT_Memcpy(ss->ssl3.hs.cookie, cookie.data, cookie.len); ss->ssl3.hs.cookieLen = cookie.len; - ssl_GetXmitBufLock(ss); /*******************************/ + ssl_GetXmitBufLock(ss); /*******************************/ /* Now re-send the client hello */ rv = ssl3_SendClientHello(ss, PR_TRUE); - ssl_ReleaseXmitBufLock(ss); /*******************************/ + ssl_ReleaseXmitBufLock(ss); /*******************************/ if (rv == SECSuccess) - return rv; + return rv; alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); @@ -1042,14 +1051,14 @@ dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq) /* Out of range to the left */ if (seq < records->left) { - return -1; + return -1; } /* Out of range to the right; since we advance the window on * receipt, that means that this packet has not been received * yet */ if (seq > records->right) - return 0; + return 0; offset = seq % DTLS_RECVD_RECORDS_WINDOW; @@ -1066,34 +1075,34 @@ dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq) PRUint64 offset; if (seq < records->left) - return; + return; if (seq > records->right) { - PRUint64 new_left; - PRUint64 new_right; - PRUint64 right; + PRUint64 new_left; + PRUint64 new_right; + PRUint64 right; - /* Slide to the right; this is the tricky part + /* Slide to the right; this is the tricky part * - * 1. new_top is set to have room for seq, on the - * next byte boundary by setting the right 8 - * bits of seq + * 1. new_top is set to have room for seq, on the + * next byte boundary by setting the right 8 + * bits of seq * 2. new_left is set to compensate. * 3. Zero all bits between top and new_top. Since * this is a ring, this zeroes everything as-yet - * unseen. Because we always operate on byte - * boundaries, we can zero one byte at a time - */ - new_right = seq | 0x07; - new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; + * unseen. Because we always operate on byte + * boundaries, we can zero one byte at a time + */ + new_right = seq | 0x07; + new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1; - for (right = records->right + 8; right <= new_right; right += 8) { - offset = right % DTLS_RECVD_RECORDS_WINDOW; - records->data[offset / 8] = 0; - } + for (right = records->right + 8; right <= new_right; right += 8) { + offset = right % DTLS_RECVD_RECORDS_WINDOW; + records->data[offset / 8] = 0; + } - records->right = new_right; - records->left = new_left; + records->right = new_right; + records->left = new_left; } offset = seq % DTLS_RECVD_RECORDS_WINDOW; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index d5a707fb..01164e5e 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -633,6 +633,7 @@ ssl3_CipherSuiteAllowedForVersionRange( * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: never implemented */ return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_AES_256_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: @@ -645,6 +646,31 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; + + /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and + * point formats.*/ + case TLS_ECDH_ECDSA_WITH_NULL_SHA: + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_NULL_SHA: + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: + case TLS_ECDH_RSA_WITH_NULL_SHA: + case TLS_ECDH_RSA_WITH_RC4_128_SHA: + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: + case TLS_ECDHE_RSA_WITH_NULL_SHA: + case TLS_ECDHE_RSA_WITH_RC4_128_SHA: + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0; + default: return PR_TRUE; } @@ -3471,6 +3497,14 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) SSL_GETPID(), ss->fd)); if (ws != wait_change_cipher) { + if (IS_DTLS(ss)) { + /* Ignore this because it's out of order. */ + SSL_TRC(3, ("%d: SSL3[%d]: discard out of order " + "DTLS change_cipher_spec", + SSL_GETPID(), ss->fd)); + buf->len = 0; + return SECSuccess; + } (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER); return SECFailure; @@ -5171,7 +5205,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } return rv; /* err set by ssl3_AppendHandshake* */ @@ -8614,7 +8648,7 @@ ssl3_SendServerHello(sslSocket *ss) rv = ssl3_AppendHandshakeVariable( ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1); else - rv = ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { return rv; /* err set by AppendHandshake. */ } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 37743a64..e8ee5901 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -10,7 +10,7 @@ #include "nss.h" #include "cert.h" #include "ssl.h" -#include "cryptohi.h" /* for DSAU_ stuff */ +#include "cryptohi.h" /* for DSAU_ stuff */ #include "keyhi.h" #include "secder.h" #include "secitem.h" @@ -34,7 +34,7 @@ #ifndef PK11_SETATTRS #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ - (x)->pValue=(v); (x)->ulValueLen = (l); + (x)->pValue=(v); (x)->ulValueLen = (l); #endif #define SSL_GET_SERVER_PUBLIC_KEY(sock, type) \ @@ -56,61 +56,61 @@ static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve); * ECC-TLS IETF draft. */ static const SECOidTag ecName2OIDTag[] = { - 0, - SEC_OID_SECG_EC_SECT163K1, /* 1 */ - SEC_OID_SECG_EC_SECT163R1, /* 2 */ - SEC_OID_SECG_EC_SECT163R2, /* 3 */ - SEC_OID_SECG_EC_SECT193R1, /* 4 */ - SEC_OID_SECG_EC_SECT193R2, /* 5 */ - SEC_OID_SECG_EC_SECT233K1, /* 6 */ - SEC_OID_SECG_EC_SECT233R1, /* 7 */ - SEC_OID_SECG_EC_SECT239K1, /* 8 */ - SEC_OID_SECG_EC_SECT283K1, /* 9 */ - SEC_OID_SECG_EC_SECT283R1, /* 10 */ - SEC_OID_SECG_EC_SECT409K1, /* 11 */ - SEC_OID_SECG_EC_SECT409R1, /* 12 */ - SEC_OID_SECG_EC_SECT571K1, /* 13 */ - SEC_OID_SECG_EC_SECT571R1, /* 14 */ - SEC_OID_SECG_EC_SECP160K1, /* 15 */ - SEC_OID_SECG_EC_SECP160R1, /* 16 */ - SEC_OID_SECG_EC_SECP160R2, /* 17 */ - SEC_OID_SECG_EC_SECP192K1, /* 18 */ - SEC_OID_SECG_EC_SECP192R1, /* 19 */ - SEC_OID_SECG_EC_SECP224K1, /* 20 */ - SEC_OID_SECG_EC_SECP224R1, /* 21 */ - SEC_OID_SECG_EC_SECP256K1, /* 22 */ - SEC_OID_SECG_EC_SECP256R1, /* 23 */ - SEC_OID_SECG_EC_SECP384R1, /* 24 */ - SEC_OID_SECG_EC_SECP521R1, /* 25 */ + 0, + SEC_OID_SECG_EC_SECT163K1, /* 1 */ + SEC_OID_SECG_EC_SECT163R1, /* 2 */ + SEC_OID_SECG_EC_SECT163R2, /* 3 */ + SEC_OID_SECG_EC_SECT193R1, /* 4 */ + SEC_OID_SECG_EC_SECT193R2, /* 5 */ + SEC_OID_SECG_EC_SECT233K1, /* 6 */ + SEC_OID_SECG_EC_SECT233R1, /* 7 */ + SEC_OID_SECG_EC_SECT239K1, /* 8 */ + SEC_OID_SECG_EC_SECT283K1, /* 9 */ + SEC_OID_SECG_EC_SECT283R1, /* 10 */ + SEC_OID_SECG_EC_SECT409K1, /* 11 */ + SEC_OID_SECG_EC_SECT409R1, /* 12 */ + SEC_OID_SECG_EC_SECT571K1, /* 13 */ + SEC_OID_SECG_EC_SECT571R1, /* 14 */ + SEC_OID_SECG_EC_SECP160K1, /* 15 */ + SEC_OID_SECG_EC_SECP160R1, /* 16 */ + SEC_OID_SECG_EC_SECP160R2, /* 17 */ + SEC_OID_SECG_EC_SECP192K1, /* 18 */ + SEC_OID_SECG_EC_SECP192R1, /* 19 */ + SEC_OID_SECG_EC_SECP224K1, /* 20 */ + SEC_OID_SECG_EC_SECP224R1, /* 21 */ + SEC_OID_SECG_EC_SECP256K1, /* 22 */ + SEC_OID_SECG_EC_SECP256R1, /* 23 */ + SEC_OID_SECG_EC_SECP384R1, /* 24 */ + SEC_OID_SECG_EC_SECP521R1, /* 25 */ }; static const PRUint16 curve2bits[] = { - 0, /* ec_noName = 0, */ - 163, /* ec_sect163k1 = 1, */ - 163, /* ec_sect163r1 = 2, */ - 163, /* ec_sect163r2 = 3, */ - 193, /* ec_sect193r1 = 4, */ - 193, /* ec_sect193r2 = 5, */ - 233, /* ec_sect233k1 = 6, */ - 233, /* ec_sect233r1 = 7, */ - 239, /* ec_sect239k1 = 8, */ - 283, /* ec_sect283k1 = 9, */ - 283, /* ec_sect283r1 = 10, */ - 409, /* ec_sect409k1 = 11, */ - 409, /* ec_sect409r1 = 12, */ - 571, /* ec_sect571k1 = 13, */ - 571, /* ec_sect571r1 = 14, */ - 160, /* ec_secp160k1 = 15, */ - 160, /* ec_secp160r1 = 16, */ - 160, /* ec_secp160r2 = 17, */ - 192, /* ec_secp192k1 = 18, */ - 192, /* ec_secp192r1 = 19, */ - 224, /* ec_secp224k1 = 20, */ - 224, /* ec_secp224r1 = 21, */ - 256, /* ec_secp256k1 = 22, */ - 256, /* ec_secp256r1 = 23, */ - 384, /* ec_secp384r1 = 24, */ - 521, /* ec_secp521r1 = 25, */ + 0, /* ec_noName = 0, */ + 163, /* ec_sect163k1 = 1, */ + 163, /* ec_sect163r1 = 2, */ + 163, /* ec_sect163r2 = 3, */ + 193, /* ec_sect193r1 = 4, */ + 193, /* ec_sect193r2 = 5, */ + 233, /* ec_sect233k1 = 6, */ + 233, /* ec_sect233r1 = 7, */ + 239, /* ec_sect239k1 = 8, */ + 283, /* ec_sect283k1 = 9, */ + 283, /* ec_sect283r1 = 10, */ + 409, /* ec_sect409k1 = 11, */ + 409, /* ec_sect409r1 = 12, */ + 571, /* ec_sect571k1 = 13, */ + 571, /* ec_sect571r1 = 14, */ + 160, /* ec_secp160k1 = 15, */ + 160, /* ec_secp160r1 = 16, */ + 160, /* ec_secp160r2 = 17, */ + 192, /* ec_secp192k1 = 18, */ + 192, /* ec_secp192r1 = 19, */ + 224, /* ec_secp224k1 = 20, */ + 224, /* ec_secp224r1 = 21, */ + 256, /* ec_secp256k1 = 22, */ + 256, /* ec_secp256r1 = 23, */ + 384, /* ec_secp384r1 = 24, */ + 521, /* ec_secp521r1 = 25, */ 65535 /* ec_pastLastName */ }; @@ -120,31 +120,31 @@ typedef struct Bits2CurveStr { } Bits2Curve; static const Bits2Curve bits2curve [] = { - { 192, ec_secp192r1 /* = 19, fast */ }, - { 160, ec_secp160r2 /* = 17, fast */ }, - { 160, ec_secp160k1 /* = 15, */ }, - { 160, ec_secp160r1 /* = 16, */ }, - { 163, ec_sect163k1 /* = 1, */ }, - { 163, ec_sect163r1 /* = 2, */ }, - { 163, ec_sect163r2 /* = 3, */ }, - { 192, ec_secp192k1 /* = 18, */ }, - { 193, ec_sect193r1 /* = 4, */ }, - { 193, ec_sect193r2 /* = 5, */ }, - { 224, ec_secp224r1 /* = 21, fast */ }, - { 224, ec_secp224k1 /* = 20, */ }, - { 233, ec_sect233k1 /* = 6, */ }, - { 233, ec_sect233r1 /* = 7, */ }, - { 239, ec_sect239k1 /* = 8, */ }, - { 256, ec_secp256r1 /* = 23, fast */ }, - { 256, ec_secp256k1 /* = 22, */ }, - { 283, ec_sect283k1 /* = 9, */ }, - { 283, ec_sect283r1 /* = 10, */ }, - { 384, ec_secp384r1 /* = 24, fast */ }, - { 409, ec_sect409k1 /* = 11, */ }, - { 409, ec_sect409r1 /* = 12, */ }, - { 521, ec_secp521r1 /* = 25, fast */ }, - { 571, ec_sect571k1 /* = 13, */ }, - { 571, ec_sect571r1 /* = 14, */ }, + { 192, ec_secp192r1 /* = 19, fast */ }, + { 160, ec_secp160r2 /* = 17, fast */ }, + { 160, ec_secp160k1 /* = 15, */ }, + { 160, ec_secp160r1 /* = 16, */ }, + { 163, ec_sect163k1 /* = 1, */ }, + { 163, ec_sect163r1 /* = 2, */ }, + { 163, ec_sect163r2 /* = 3, */ }, + { 192, ec_secp192k1 /* = 18, */ }, + { 193, ec_sect193r1 /* = 4, */ }, + { 193, ec_sect193r2 /* = 5, */ }, + { 224, ec_secp224r1 /* = 21, fast */ }, + { 224, ec_secp224k1 /* = 20, */ }, + { 233, ec_sect233k1 /* = 6, */ }, + { 233, ec_sect233r1 /* = 7, */ }, + { 239, ec_sect239k1 /* = 8, */ }, + { 256, ec_secp256r1 /* = 23, fast */ }, + { 256, ec_secp256k1 /* = 22, */ }, + { 283, ec_sect283k1 /* = 9, */ }, + { 283, ec_sect283r1 /* = 10, */ }, + { 384, ec_secp384r1 /* = 24, fast */ }, + { 409, ec_sect409k1 /* = 11, */ }, + { 409, ec_sect409r1 /* = 12, */ }, + { 521, ec_secp521r1 /* = 25, fast */ }, + { 571, ec_sect571k1 /* = 13, */ }, + { 571, ec_sect571r1 /* = 14, */ }, { 65535, ec_noName } }; @@ -157,21 +157,21 @@ typedef struct ECDHEKeyPairStr { /* arrays of ECDHE KeyPairs */ static ECDHEKeyPair gECDHEKeyPairs[ec_pastLastName]; -SECStatus +SECStatus ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) { SECOidData *oidData = NULL; if ((curve <= ec_noName) || (curve >= ec_pastLastName) || - ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { + ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; + return SECFailure; } SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)); - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in + * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; @@ -181,14 +181,14 @@ ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) return SECSuccess; } -static ECName +static ECName params2ecName(SECKEYECParams * params) { SECItem oid = { siBuffer, NULL, 0}; SECOidData *oidData = NULL; ECName i; - /* + /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing a named curve. Here, we strip away everything * before the actual OID and use the OID to look up a named curve. @@ -198,8 +198,8 @@ params2ecName(SECKEYECParams * params) oid.data = params->data + 2; if ((oidData = SECOID_FindOID(&oid)) == NULL) return ec_noName; for (i = ec_noName + 1; i < ec_pastLastName; i++) { - if (ecName2OIDTag[i] == oidData->offset) - return i; + if (ecName2OIDTag[i] == oidData->offset) + return i; } return ec_noName; @@ -208,13 +208,13 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, - SECItem ec_params, SECItem server_ecpoint, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) + SECItem ec_params, SECItem server_ecpoint, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess; unsigned int bufLen; /* * XXX For now, we only support named curves (the appropriate @@ -226,37 +226,37 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, bufLen = 2*SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len; if (bufLen <= sizeof buf) { - hashBuf = buf; + hashBuf = buf; } else { - hashBuf = PORT_Alloc(bufLen); - if (!hashBuf) { - return SECFailure; - } + hashBuf = PORT_Alloc(bufLen); + if (!hashBuf) { + return SECFailure; + } } - memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); - pBuf = hashBuf + SSL3_RANDOM_LENGTH; + memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH); + pBuf = hashBuf + SSL3_RANDOM_LENGTH; memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH); - pBuf += SSL3_RANDOM_LENGTH; + pBuf += SSL3_RANDOM_LENGTH; memcpy(pBuf, ec_params.data, ec_params.len); - pBuf += ec_params.len; + pBuf += ec_params.len; pBuf[0] = (PRUint8)(server_ecpoint.len); pBuf += 1; memcpy(pBuf, server_ecpoint.data, server_ecpoint.len); - pBuf += server_ecpoint.len; + pBuf += server_ecpoint.len; PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen); rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes, - bypassPKCS11); + bypassPKCS11); PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen)); PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result", - hashes->u.s.md5, MD5_LENGTH)); + hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result", - hashes->u.s.sha, SHA1_LENGTH)); + hashes->u.s.sha, SHA1_LENGTH)); if (hashBuf != buf) - PORT_Free(hashBuf); + PORT_Free(hashBuf); return rv; } @@ -265,12 +265,12 @@ ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, SECStatus ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) { - PK11SymKey * pms = NULL; - SECStatus rv = SECFailure; + PK11SymKey * pms = NULL; + SECStatus rv = SECFailure; PRBool isTLS, isTLS12; - CK_MECHANISM_TYPE target; - SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ - SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ + CK_MECHANISM_TYPE target; + SECKEYPublicKey *pubKey = NULL; /* Ephemeral ECDH key */ + SECKEYPrivateKey *privKey = NULL; /* Ephemeral ECDH key */ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); @@ -280,39 +280,39 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) /* Generate ephemeral EC keypair */ if (svrPubKey->keyType != ecKey) { - PORT_SetError(SEC_ERROR_BAD_KEY); - goto loser; + PORT_SetError(SEC_ERROR_BAD_KEY); + goto loser; } /* XXX SHOULD CALL ssl3_CreateECDHEphemeralKeys here, instead! */ - privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, - &pubKey, ss->pkcs11PinArg); + privKey = SECKEY_CreateECPrivateKey(&svrPubKey->u.ec.DEREncodedParams, + &pubKey, ss->pkcs11PinArg); if (!privKey || !pubKey) { - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - rv = SECFailure; - goto loser; + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + rv = SECFailure; + goto loser; } PRINT_BUF(50, (ss, "ECDH public value:", - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len)); + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - SSL3AlertDescription desc = illegal_parameter; - (void)SSL3_SendAlert(ss, alert_fatal, desc); - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + SSL3AlertDescription desc = illegal_parameter; + (void)SSL3_SendAlert(ss, alert_fatal, desc); + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } SECKEY_DestroyPrivateKey(privKey); @@ -322,24 +322,24 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) PK11_FreeSymKey(pms); pms = NULL; if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; } - rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, - pubKey->u.ec.publicValue.len + 1); + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, + pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_AppendHandshakeVariable(ss, - pubKey->u.ec.publicValue.data, - pubKey->u.ec.publicValue.len, 1); + rv = ssl3_AppendHandshakeVariable(ss, + pubKey->u.ec.publicValue.data, + pubKey->u.ec.publicValue.len, 1); SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; if (rv != SECSuccess) { - goto loser; /* err set by ssl3_AppendHandshake* */ + goto loser; /* err set by ssl3_AppendHandshake* */ } rv = SECSuccess; @@ -357,59 +357,59 @@ loser: */ SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, - PRUint32 length, + PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey) { PK11SymKey * pms; SECStatus rv; SECKEYPublicKey clntPubKey; - CK_MECHANISM_TYPE target; + CK_MECHANISM_TYPE target; PRBool isTLS, isTLS12; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); clntPubKey.keyType = ecKey; - clntPubKey.u.ec.DEREncodedParams.len = - srvrPubKey->u.ec.DEREncodedParams.len; - clntPubKey.u.ec.DEREncodedParams.data = - srvrPubKey->u.ec.DEREncodedParams.data; + clntPubKey.u.ec.DEREncodedParams.len = + srvrPubKey->u.ec.DEREncodedParams.len; + clntPubKey.u.ec.DEREncodedParams.data = + srvrPubKey->u.ec.DEREncodedParams.data; - rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, - 1, &b, &length); + rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue, + 1, &b, &length); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* XXX Who sets the error code?? */ + SEND_ALERT + return SECFailure; /* XXX Who sets the error code?? */ } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; + target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { - target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL, - CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, - CKD_NULL, NULL, NULL); + CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0, + CKD_NULL, NULL, NULL); if (pms == NULL) { - /* last gasp. */ - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - return SECFailure; + /* last gasp. */ + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + return SECFailure; } rv = ssl3_InitPendingCipherSpec(ss, pms); PK11_FreeSymKey(pms); if (rv != SECSuccess) { - SEND_ALERT - return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ + SEND_ALERT + return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } return SECSuccess; } @@ -418,13 +418,13 @@ ECName ssl3_GetCurveWithECKeyStrength(PRUint32 curvemsk, int requiredECCbits) { int i; - + for ( i = 0; bits2curve[i].curve != ec_noName; i++) { - if (bits2curve[i].bits < requiredECCbits) - continue; - if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { - return bits2curve[i].curve; - } + if (bits2curve[i].bits < requiredECCbits) + continue; + if (SSL_IS_CURVE_NEGOTIATED(curvemsk, bits2curve[i].curve)) { + return bits2curve[i].curve; + } } PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; @@ -442,24 +442,24 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) int requiredECCbits = ss->sec.secretKeyBits * 2; if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) { - svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); - if (svrPublicKey) - ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); - if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); - return ec_noName; - } - signatureKeyStrength = curve2bits[ ec_curve ]; + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); + if (svrPublicKey) + ec_curve = params2ecName(&svrPublicKey->u.ec.DEREncodedParams); + if (!SSL_IS_CURVE_NEGOTIATED(ss->ssl3.hs.negotiatedECCurves, ec_curve)) { + PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + return ec_noName; + } + signatureKeyStrength = curve2bits[ ec_curve ]; } else { /* RSA is our signing cert */ int serverKeyStrengthInBits; - + svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_rsa); if (!svrPublicKey) { PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); return ec_noName; } - + /* currently strength in bytes */ serverKeyStrengthInBits = svrPublicKey->u.rsa.modulus.len; if (svrPublicKey->u.rsa.modulus.data[0] == 0) { @@ -467,28 +467,28 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) } /* convert to strength in bits */ serverKeyStrengthInBits *= BPB; - + signatureKeyStrength = - SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); + SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits); } - if ( requiredECCbits > signatureKeyStrength ) + if ( requiredECCbits > signatureKeyStrength ) requiredECCbits = signatureKeyStrength; return ssl3_GetCurveWithECKeyStrength(ss->ssl3.hs.negotiatedECCurves, - requiredECCbits); + requiredECCbits); } /* function to clear out the lists */ -static SECStatus +static SECStatus ssl3_ShutdownECDHECurves(void *appData, void *nssData) { int i; ECDHEKeyPair *keyPair = &gECDHEKeyPairs[0]; for (i=0; i < ec_pastLastName; i++, keyPair++) { - if (keyPair->pair) { - ssl3_FreeKeyPair(keyPair->pair); - } + if (keyPair->pair) { + ssl3_FreeKeyPair(keyPair->pair); + } } memset(gECDHEKeyPairs, 0, sizeof gECDHEKeyPairs); return SECSuccess; @@ -500,18 +500,18 @@ ssl3_ECRegister(void) SECStatus rv; rv = NSS_RegisterShutdown(ssl3_ShutdownECDHECurves, gECDHEKeyPairs); if (rv != SECSuccess) { - gECDHEKeyPairs[ec_noName].error = PORT_GetError(); + gECDHEKeyPairs[ec_noName].error = PORT_GetError(); } return (PRStatus)rv; } /* CallOnce function, called once for each named curve. */ -static PRStatus +static PRStatus ssl3_CreateECDHEphemeralKeyPair(void * arg) { SECKEYPrivateKey * privKey = NULL; SECKEYPublicKey * pubKey = NULL; - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; ECName ec_curve = (ECName)arg; SECKEYECParams ecParams = { siBuffer, NULL, 0 }; @@ -519,23 +519,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) /* ok, no one has generated a global key for this curve yet, do so */ if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) { - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } - privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); + privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); SECITEM_FreeItem(&ecParams, PR_FALSE); if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) { - if (privKey) { - SECKEY_DestroyPrivateKey(privKey); - } - if (pubKey) { - SECKEY_DestroyPublicKey(pubKey); - } - ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + if (privKey) { + SECKEY_DestroyPrivateKey(privKey); + } + if (pubKey) { + SECKEY_DestroyPublicKey(pubKey); + } + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + gECDHEKeyPairs[ec_curve].error = PORT_GetError(); + return PR_FAILURE; } gECDHEKeyPairs[ec_curve].pair = keyPair; @@ -554,30 +554,30 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) static SECStatus ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve) { - ssl3KeyPair * keyPair = NULL; + ssl3KeyPair * keyPair = NULL; /* if there's no global key for this curve, make one. */ if (gECDHEKeyPairs[ec_curve].pair == NULL) { - PRStatus status; + PRStatus status; - status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); + status = PR_CallOnce(&gECDHEKeyPairs[ec_noName].once, ssl3_ECRegister); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_noName].error); - return SECFailure; - } - status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, - ssl3_CreateECDHEphemeralKeyPair, - (void *)ec_curve); + PORT_SetError(gECDHEKeyPairs[ec_noName].error); + return SECFailure; + } + status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, + ssl3_CreateECDHEphemeralKeyPair, + (void *)ec_curve); if (status != PR_SUCCESS) { - PORT_SetError(gECDHEKeyPairs[ec_curve].error); - return SECFailure; - } + PORT_SetError(gECDHEKeyPairs[ec_curve].error); + return SECFailure; + } } keyPair = gECDHEKeyPairs[ec_curve].pair; PORT_Assert(keyPair != NULL); - if (!keyPair) - return SECFailure; + if (!keyPair) + return SECFailure; ss->ephemeralECDHKeyPair = ssl3_GetKeyPairRef(keyPair); return SECSuccess; @@ -612,55 +612,55 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ec_params.data = paramBuf; rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the curve is not a named curve */ - if ((ec_params.data[0] != ec_type_named) || - (ec_params.data[1] != 0) || - !supportedCurve(ec_params.data[2])) { - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - desc = handshake_failure; - goto alert_loser; + if ((ec_params.data[0] != ec_type_named) || + (ec_params.data[1] != 0) || + !supportedCurve(ec_params.data[2])) { + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + desc = handshake_failure; + goto alert_loser; } rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } /* Fail if the ec point uses compressed representation */ if (ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; - desc = handshake_failure; - goto alert_loser; + errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM; + desc = handshake_failure; + goto alert_loser; } if (isTLS12) { - rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, - &sigAndHash); - if (rv != SECSuccess) { - goto loser; /* malformed or unsupported. */ - } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); - if (rv != SECSuccess) { - goto loser; - } + rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, + &sigAndHash); + if (rv != SECSuccess) { + goto loser; /* malformed or unsupported. */ + } + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + &sigAndHash, ss->sec.peerCert); + if (rv != SECSuccess) { + goto loser; + } } rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); if (rv != SECSuccess) { - goto loser; /* malformed. */ + goto loser; /* malformed. */ } if (length != 0) { - if (isTLS) - desc = decode_error; - goto alert_loser; /* malformed. */ + if (isTLS) + desc = decode_error; + goto alert_loser; /* malformed. */ } - PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, - ec_params.len)); + PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, + ec_params.len)); PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len)); /* failures after this point are not malformed handshakes. */ @@ -671,51 +671,51 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * check to make sure the hash is signed by right guy */ rv = ssl3_ComputeECDHKeyHash(sigAndHash.hashAlg, ec_params, ec_point, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } rv = ssl3_VerifySignedHashes(&hashes, ss->sec.peerCert, &signature, - isTLS, ss->pkcs11PinArg); + isTLS, ss->pkcs11PinArg); if (rv != SECSuccess) { - errCode = - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto alert_loser; + errCode = + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto alert_loser; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - goto no_memory; + goto no_memory; } ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { - goto no_memory; + goto no_memory; } peerKey->arena = arena; peerKey->keyType = ecKey; /* set up EC parameters in peerKey */ - if (ssl3_ECName2Params(arena, ec_params.data[2], - &peerKey->u.ec.DEREncodedParams) != SECSuccess) { - /* we should never get here since we already - * checked that we are dealing with a supported curve - */ - errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; - goto alert_loser; + if (ssl3_ECName2Params(arena, ec_params.data[2], + &peerKey->u.ec.DEREncodedParams) != SECSuccess) { + /* we should never get here since we already + * checked that we are dealing with a supported curve + */ + errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE; + goto alert_loser; } /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { - PORT_FreeArena(arena, PR_FALSE); - goto no_memory; + PORT_FreeArena(arena, PR_FALSE); + goto no_memory; } peerKey->pkcs11Slot = NULL; peerKey->pkcs11ID = CK_INVALID_HANDLE; @@ -731,7 +731,7 @@ loser: PORT_SetError( errCode ); return SECFailure; -no_memory: /* no-memory error has already been set. */ +no_memory: /* no-memory error has already been set. */ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -757,104 +757,104 @@ ssl3_SendECDHServerKeyExchange( /* Generate ephemeral ECDH key pair and send the public key */ curve = ssl3_GetCurveNameForServerSocket(ss); if (curve == ec_noName) { - goto loser; + goto loser; } rv = ssl3_CreateECDHEphemeralKeys(ss, curve); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + goto loser; /* err set by AppendHandshake. */ + } ecdhePub = ss->ephemeralECDHKeyPair->pubKey; PORT_Assert(ecdhePub != NULL); if (!ecdhePub) { - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - return SECFailure; - } - + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + return SECFailure; + } + ec_params.len = sizeof paramBuf; ec_params.data = paramBuf; curve = params2ecName(&ecdhePub->u.ec.DEREncodedParams); if (curve != ec_noName) { - ec_params.data[0] = ec_type_named; - ec_params.data[1] = 0x00; - ec_params.data[2] = curve; + ec_params.data[0] = ec_type_named; + ec_params.data[1] = 0x00; + ec_params.data[2] = curve; } else { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - goto loser; - } + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + goto loser; + } rv = ssl3_ComputeECDHKeyHash(sigAndHash->hashAlg, - ec_params, - ecdhePub->u.ec.publicValue, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + ec_params, + ecdhePub->u.ec.publicValue, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* XXX SSLKEAType isn't really a good choice for + /* XXX SSLKEAType isn't really a good choice for * indexing certificates but that's all we have * for now. */ if (kea_def->kea == kea_ecdhe_rsa) - certIndex = kt_rsa; + certIndex = kt_rsa; else /* kea_def->kea == kea_ecdhe_ecdsa */ - certIndex = kt_ecdh; + certIndex = kt_ecdh; - rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, - &signed_hash, isTLS); + rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, + &signed_hash, isTLS); if (rv != SECSuccess) { - goto loser; /* ssl3_SignHashes has set err. */ + goto loser; /* ssl3_SignHashes has set err. */ } if (signed_hash.data == NULL) { - /* how can this happen and rv == SECSuccess ?? */ - PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); - goto loser; + /* how can this happen and rv == SECSuccess ?? */ + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; } - length = ec_params.len + - 1 + ecdhePub->u.ec.publicValue.len + - (isTLS12 ? 2 : 0) + 2 + signed_hash.len; + length = ec_params.len + + 1 + ecdhePub->u.ec.publicValue.len + + (isTLS12 ? 2 : 0) + 2 + signed_hash.len; rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } rv = ssl3_AppendHandshakeVariable(ss, ecdhePub->u.ec.publicValue.data, - ecdhePub->u.ec.publicValue.len, 1); + ecdhePub->u.ec.publicValue.len, 1); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } if (isTLS12) { - rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); - if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ - } + rv = ssl3_AppendSignatureAndHashAlgorithm(ss, sigAndHash); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } } rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, - signed_hash.len, 2); + signed_hash.len, 2); if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + goto loser; /* err set by AppendHandshake. */ } PORT_Free(signed_hash.data); return SECSuccess; loser: - if (signed_hash.data != NULL) - PORT_Free(signed_hash.data); + if (signed_hash.data != NULL) + PORT_Free(signed_hash.data); return SECFailure; } @@ -948,11 +948,11 @@ SECStatus ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) { if (!suite) - suite = ecSuites; + suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -967,41 +967,41 @@ ssl3_FilterECCipherSuitesByServerCerts(sslSocket * ss) svrCert = ss->serverCerts[kt_rsa].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); + ssl3_DisableECCSuites(ss, ecdhe_rsa_suites); } svrCert = ss->serverCerts[kt_ecdh].serverCert; if (!svrCert) { - ssl3_DisableECCSuites(ss, ecdh_suites); - ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); + ssl3_DisableECCSuites(ss, ecdh_suites); + ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); } else { - SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); + SECOidTag sigTag = SECOID_GetAlgorithmTag(&svrCert->signature); - switch (sigTag) { - case SEC_OID_PKCS1_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); - break; - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: - case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: - ssl3_DisableECCSuites(ss, ecdh_rsa_suites); - break; - default: - ssl3_DisableECCSuites(ss, ecdh_suites); - break; - } + switch (sigTag) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); + break; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + ssl3_DisableECCSuites(ss, ecdh_rsa_suites); + break; + default: + ssl3_DisableECCSuites(ss, ecdh_suites); + break; + } } } @@ -1016,18 +1016,18 @@ ssl3_IsECCEnabled(sslSocket * ss) /* make sure we can do ECC */ slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg); if (!slot) { - return PR_FALSE; + return PR_FALSE; } PK11_FreeSlot(slot); /* make sure an ECC cipher is enabled */ for (suite = ecSuites; *suite; ++suite) { - PRBool enabled = PR_FALSE; - SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); + PRBool enabled = PR_FALSE; + SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled); - PORT_Assert(rv == SECSuccess); /* else is coding error */ - if (rv == SECSuccess && enabled) - return PR_TRUE; + PORT_Assert(rv == SECSuccess); /* else is coding error */ + if (rv == SECSuccess && enabled) + return PR_TRUE; } return PR_FALSE; } @@ -1035,7 +1035,7 @@ ssl3_IsECCEnabled(sslSocket * ss) #define BE(n) 0, n /* Prefabricated TLS client hello extension, Elliptic Curves List, - * offers only 3 curves, the Suite B curves, 23-25 + * offers only 3 curves, the Suite B curves, 23-25 */ static const PRUint8 suiteBECList[12] = { BE(10), /* Extension type */ @@ -1051,9 +1051,9 @@ static const PRUint8 tlsECList[56] = { BE(10), /* Extension type */ BE(52), /* octets that follow (25 pairs + 1 length pair) */ BE(50), /* octets that follow (25 pairs) */ - BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), - BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), - BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), + BE( 1), BE( 2), BE( 3), BE( 4), BE( 5), BE( 6), BE( 7), + BE( 8), BE( 9), BE(10), BE(11), BE(12), BE(13), BE(14), BE(15), + BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), BE(24), BE(25) }; @@ -1076,12 +1076,12 @@ ssl3_SuiteBOnly(sslSocket *ss) /* See if we can support small curves (like 163). If not, assume we can * only support Suite-B curves (P-256, P-384, P-521). */ PK11SlotInfo *slot = - PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, - ss ? ss->pkcs11PinArg : NULL); + PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163, + ss ? ss->pkcs11PinArg : NULL); if (!slot) { - /* nope, presume we can only do suite B */ - return PR_TRUE; + /* nope, presume we can only do suite B */ + return PR_TRUE; } /* we can, presume we can do all curves */ PK11_FreeSlot(slot); @@ -1093,33 +1093,33 @@ ssl3_SuiteBOnly(sslSocket *ss) */ PRInt32 ssl3_SendSupportedCurvesXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 ecListSize = 0; const PRUint8 *ecList = NULL; if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (ssl3_SuiteBOnly(ss)) { - ecListSize = sizeof suiteBECList; - ecList = suiteBECList; + ecListSize = sizeof suiteBECList; + ecList = suiteBECList; } else { - ecListSize = sizeof tlsECList; - ecList = tlsECList; + ecListSize = sizeof tlsECList; + ecList = tlsECList; } - + if (append && maxBytes >= ecListSize) { - SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_elliptic_curves_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_elliptic_curves_xtn; + } } return ecListSize; } @@ -1128,7 +1128,7 @@ PRUint32 ssl3_GetSupportedECCurveMask(sslSocket *ss) { if (ssl3_SuiteBOnly(ss)) { - return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; + return SSL3_SUITE_B_SUPPORTED_CURVES_MASK; } return SSL3_ALL_SUPPORTED_CURVES_MASK; } @@ -1138,21 +1138,21 @@ ssl3_GetSupportedECCurveMask(sslSocket *ss) */ PRInt32 ssl3_SendSupportedPointFormatsXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { if (!ss || !ssl3_IsECCEnabled(ss)) - return 0; + return 0; if (append && maxBytes >= (sizeof ecPtFmt)) { - SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); - if (rv != SECSuccess) - return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_ec_point_formats_xtn; - } + SECStatus rv = ssl3_AppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt)); + if (rv != SECSuccess) + return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_ec_point_formats_xtn; + } } return (sizeof ecPtFmt); } @@ -1168,17 +1168,17 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } for (i = data->len; --i > 0; ) { - if (data->data[i] == 0) { - /* indicate that we should send a reply */ - SECStatus rv; - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - &ssl3_SendSupportedPointFormatsXtn); - return rv; - } + if (data->data[i] == 0) { + /* indicate that we should send a reply */ + SECStatus rv; + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + &ssl3_SendSupportedPointFormatsXtn); + return rv; + } } loser: /* evil client doesn't support uncompressed */ @@ -1192,14 +1192,14 @@ loser: ss->serverCerts[type].serverKeyPair->pubKey : NULL) /* Extract the TLS curve name for the public key in our EC server cert. */ -ECName ssl3_GetSvrCertCurveName(sslSocket *ss) +ECName ssl3_GetSvrCertCurveName(sslSocket *ss) { - SECKEYPublicKey *srvPublicKey; - ECName ec_curve = ec_noName; + SECKEYPublicKey *srvPublicKey; + ECName ec_curve = ec_noName; srvPublicKey = SSL3_GET_SERVER_PUBLICKEY(ss, kt_ecdh); if (srvPublicKey) { - ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); + ec_curve = params2ecName(&srvPublicKey->u.ec.DEREncodedParams); } return ec_curve; } @@ -1216,37 +1216,37 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint16 svrCertCurveName; if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + goto loser; /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + /* malformed */ + goto loser; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (curve_name > ec_noName && curve_name < ec_pastLastName) { - peerCurves |= (1U << curve_name); - } + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name > ec_noName && curve_name < ec_pastLastName) { + peerCurves |= (1U << curve_name); + } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + goto loser; } - /* if our ECC cert doesn't use one of these supported curves, - * disable ECC cipher suites that require an ECC cert. + /* if our ECC cert doesn't use one of these supported curves, + * disable ECC cipher suites that require an ECC cert. */ svrCertCurveName = ssl3_GetSvrCertCurveName(ss); if (svrCertCurveName != ec_noName && (mutualCurves & (1U << svrCertCurveName)) != 0) { - return SECSuccess; + return SECSuccess; } /* Our EC cert doesn't contain a mutually supported curve. - * Disable all ECC cipher suites that require an EC cert + * Disable all ECC cipher suites that require an EC cert */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 607171c4..1d1f39cc 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -48,18 +48,22 @@ static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key, #endif static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); -static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, +static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); + PRUint16 ex_type, SECItem *data); static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, - PRUint16 ex_type, SECItem *data); -static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); + PRUint16 ex_type, SECItem *data); +static SECStatus ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data); static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); + PRUint32 maxBytes); +static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, @@ -87,7 +91,7 @@ static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; PORT_Memcpy(item->data, buf, bytes); item->data += bytes; @@ -109,13 +113,13 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) switch (lenSize) { case 4: - *p++ = (PRUint8) (num >> 24); + *p++ = (PRUint8) (num >> 24); case 3: - *p++ = (PRUint8) (num >> 16); + *p++ = (PRUint8) (num >> 16); case 2: - *p++ = (PRUint8) (num >> 8); + *p++ = (PRUint8) (num >> 8); case 1: - *p = (PRUint8) num; + *p = (PRUint8) num; } rv = ssl3_AppendToItem(item, &b[0], lenSize); return rv; @@ -124,15 +128,15 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) static SECStatus ssl3_SessionTicketShutdown(void* appData, void* nssData) { if (session_ticket_enc_key_pkcs11) { - PK11_FreeSymKey(session_ticket_enc_key_pkcs11); - session_ticket_enc_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_enc_key_pkcs11); + session_ticket_enc_key_pkcs11 = NULL; } if (session_ticket_mac_key_pkcs11) { - PK11_FreeSymKey(session_ticket_mac_key_pkcs11); - session_ticket_mac_key_pkcs11 = NULL; + PK11_FreeSymKey(session_ticket_mac_key_pkcs11); + session_ticket_mac_key_pkcs11 = NULL; } PORT_Memset(&generate_session_keys_once, 0, - sizeof(generate_session_keys_once)); + sizeof(generate_session_keys_once)); return SECSuccess; } @@ -146,22 +150,22 @@ ssl3_GenerateSessionTicketKeysPKCS11(void *data) SECKEYPublicKey *svrPubKey = ss->serverCerts[kt_rsa].serverKeyPair->pubKey; if (svrPrivKey == NULL || svrPubKey == NULL) { - SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", - SSL_GETPID(), ss->fd)); - goto loser; + SSL_DBG(("%d: SSL[%d]: Pub or priv key(s) is NULL.", + SSL_GETPID(), ss->fd)); + goto loser; } /* Get a copy of the session keys from shared memory. */ PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeysPKCS11(svrPrivKey, svrPubKey, - ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) - return PR_FAILURE; + ss->pkcs11PinArg, &key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], + &session_ticket_enc_key_pkcs11, &session_ticket_mac_key_pkcs11)) + return PR_FAILURE; rv = NSS_RegisterShutdown(ssl3_SessionTicketShutdown, NULL); if (rv != SECSuccess) - goto loser; + goto loser; return PR_SUCCESS; @@ -175,12 +179,12 @@ ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, PK11SymKey **aes_key, PK11SymKey **mac_key) { if (PR_CallOnceWithArg(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeysPKCS11, ss) != PR_SUCCESS) + return SECFailure; if (session_ticket_enc_key_pkcs11 == NULL || - session_ticket_mac_key_pkcs11 == NULL) - return SECFailure; + session_ticket_mac_key_pkcs11 == NULL) + return SECFailure; *aes_key = session_ticket_enc_key_pkcs11; *mac_key = session_ticket_mac_key_pkcs11; @@ -192,11 +196,11 @@ static PRStatus ssl3_GenerateSessionTicketKeys(void) { PORT_Memcpy(key_name, SESS_TICKET_KEY_NAME_PREFIX, - sizeof(SESS_TICKET_KEY_NAME_PREFIX)); + sizeof(SESS_TICKET_KEY_NAME_PREFIX)); if (!ssl_GetSessionTicketKeys(&key_name[SESS_TICKET_KEY_NAME_PREFIX_LEN], - session_ticket_enc_key, session_ticket_mac_key)) - return PR_FAILURE; + session_ticket_enc_key, session_ticket_mac_key)) + return PR_FAILURE; session_ticket_keys_initialized = PR_TRUE; return PR_SUCCESS; @@ -208,11 +212,11 @@ ssl3_GetSessionTicketKeys(const unsigned char **aes_key, PRUint32 *mac_key_length) { if (PR_CallOnce(&generate_session_keys_once, - ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) - return SECFailure; + ssl3_GenerateSessionTicketKeys) != PR_SUCCESS) + return SECFailure; if (!session_ticket_keys_initialized) - return SECFailure; + return SECFailure; *aes_key = session_ticket_enc_key; *aes_key_length = sizeof(session_ticket_enc_key); @@ -237,6 +241,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, + { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, @@ -268,7 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersSSL3[] = { * The server's table of hello senders is dynamic, in the socket struct, * and sender functions are registered there. */ -static const +static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, @@ -285,7 +290,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { /* any extra entries will appear as { 0, NULL } */ }; -static const +static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn } /* any extra entries will appear as { 0, NULL } */ @@ -296,8 +301,8 @@ arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { int i; for (i = 0; i < len; i++) { - if (ex_type == array[i]) - return PR_TRUE; + if (ex_type == array[i]) + return PR_TRUE; } return PR_FALSE; } @@ -306,14 +311,14 @@ PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->negotiated, - xtnData->numNegotiated, ex_type); + xtnData->numNegotiated, ex_type); } static PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type) { TLSExtensionData *xtnData = &ss->xtnData; return arrayContainsExtension(xtnData->advertised, - xtnData->numAdvertised, ex_type); + xtnData->numAdvertised, ex_type); } /* Format an SNI extension, using the name from the socket's URL, @@ -326,11 +331,11 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, { SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { PRUint32 len; PRNetAddr netAddr; - + /* must have a hostname */ if (!ss->url || !ss->url[0]) return 0; @@ -342,10 +347,10 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, len = PORT_Strlen(ss->url); if (append && maxBytes >= len + 9) { /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); + rv = ssl3_AppendHandshakeNumber(ss, ssl_server_name_xtn, 2); if (rv != SECSuccess) return -1; /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, len + 5, 2); if (rv != SECSuccess) return -1; /* length of server_name_list */ rv = ssl3_AppendHandshakeNumber(ss, len + 3, 2); @@ -358,8 +363,8 @@ ssl3_SendServerNameXtn(sslSocket * ss, PRBool append, if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_server_name_xtn; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_server_name_xtn; } } return len + 9; @@ -401,7 +406,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECSuccess; } /* length of server_name_list */ - listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (listLenBytes == 0 || listLenBytes != data->len) { return SECFailure; } @@ -412,7 +417,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRInt32 type; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); if (!ldata.len) { return SECFailure; } @@ -440,7 +445,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; PRBool nametypePresent = PR_FALSE; /* Name Type (sni_host_name) */ - type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); + type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { if (names[j].type == type) { @@ -472,16 +477,16 @@ loser: PORT_Free(names); return SECFailure; } - + /* Called by both clients and servers. * Clients sends a filled in session ticket if one is available, and otherwise * sends an empty ticket. Servers always send empty tickets. */ PRInt32 ssl3_SendSessionTicketXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; NewSessionTicket *session_ticket = NULL; @@ -489,7 +494,7 @@ ssl3_SendSessionTicketXtn( /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return 0; + return 0; /* Empty extension length = extension_type (2-bytes) + * length(extension_data) (2-bytes) @@ -501,53 +506,53 @@ ssl3_SendSessionTicketXtn( * the extension always respond with an empty extension. */ if (!ss->sec.isServer) { - /* The caller must be holding sid->u.ssl3.lock for reading. We cannot - * just acquire and release the lock within this function because the - * caller will call this function twice, and we need the inputs to be - * consistent between the two calls. Note that currently the caller - * will only be holding the lock when we are the client and when we're - * attempting to resume an existing session. - */ + /* The caller must be holding sid->u.ssl3.lock for reading. We cannot + * just acquire and release the lock within this function because the + * caller will call this function twice, and we need the inputs to be + * consistent between the two calls. Note that currently the caller + * will only be holding the lock when we are the client and when we're + * attempting to resume an existing session. + */ - session_ticket = &sid->u.ssl3.locked.sessionTicket; - if (session_ticket->ticket.data) { - if (ss->xtnData.ticketTimestampVerified) { - extension_length += session_ticket->ticket.len; - } else if (!append && - (session_ticket->ticket_lifetime_hint == 0 || - (session_ticket->ticket_lifetime_hint + - session_ticket->received_timestamp > ssl_Time()))) { - extension_length += session_ticket->ticket.len; - ss->xtnData.ticketTimestampVerified = PR_TRUE; - } - } + session_ticket = &sid->u.ssl3.locked.sessionTicket; + if (session_ticket->ticket.data) { + if (ss->xtnData.ticketTimestampVerified) { + extension_length += session_ticket->ticket.len; + } else if (!append && + (session_ticket->ticket_lifetime_hint == 0 || + (session_ticket->ticket_lifetime_hint + + session_ticket->received_timestamp > ssl_Time()))) { + extension_length += session_ticket->ticket.len; + ss->xtnData.ticketTimestampVerified = PR_TRUE; + } + } } if (append && maxBytes >= extension_length) { - SECStatus rv; - /* extension_type */ + SECStatus rv; + /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); if (rv != SECSuccess) - goto loser; - if (session_ticket && session_ticket->ticket.data && - ss->xtnData.ticketTimestampVerified) { - rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, - session_ticket->ticket.len, 2); - ss->xtnData.ticketTimestampVerified = PR_FALSE; - ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; - } else { - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - } + goto loser; + if (session_ticket && session_ticket->ticket.data && + ss->xtnData.ticketTimestampVerified) { + rv = ssl3_AppendHandshakeVariable(ss, session_ticket->ticket.data, + session_ticket->ticket.len, 2); + ss->xtnData.ticketTimestampVerified = PR_FALSE; + ss->xtnData.sentSessionTicketInClientHello = PR_TRUE; + } else { + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + } if (rv != SECSuccess) - goto loser; + goto loser; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_session_ticket_xtn; - } + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_session_ticket_xtn; + } } else if (maxBytes < extension_length) { - PORT_Assert(0); + PORT_Assert(0); return 0; } return extension_length; @@ -559,12 +564,13 @@ ssl3_SendSessionTicketXtn( /* handle an incoming Next Protocol Negotiation extension. */ static SECStatus -ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) { if (ss->firstHsDone || data->len != 0) { - /* Clients MUST send an empty NPN extension, if any. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + /* Clients MUST send an empty NPN extension, if any. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -585,71 +591,57 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) unsigned int offset = 0; while (offset < length) { - unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; - /* Reject embedded nulls to protect against buggy applications that - * store protocol identifiers in null-terminated strings. - */ - if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - offset = newOffset; + unsigned int newOffset = offset + 1 + (unsigned int) data[offset]; + /* Reject embedded nulls to protect against buggy applications that + * store protocol identifiers in null-terminated strings. + */ + if (newOffset > length || data[offset] == 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + offset = newOffset; } if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } return SECSuccess; } +/* protocol selection handler for ALPN (server side) and NPN (client side) */ static SECStatus -ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) +ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; unsigned char resultBuffer[255]; SECItem result = { siBuffer, resultBuffer, 0 }; - PORT_Assert(!ss->firstHsDone); - - if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { - /* If the server negotiated ALPN then it has already told us what - * protocol to use, so it doesn't make sense for us to try to negotiate - * a different one by sending the NPN handshake message. However, if - * we've negotiated NPN then we're required to send the NPN handshake - * message. Thus, these two extensions cannot both be negotiated on the - * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) - return rv; - - /* ss->nextProtoCallback cannot normally be NULL if we negotiated the - * extension. However, It is possible that an application erroneously - * cleared the callback between the time we sent the ClientHello and now. - */ - PORT_Assert(ss->nextProtoCallback != NULL); - if (!ss->nextProtoCallback) { - /* XXX Use a better error code. This is an application error, not an - * NSS bug. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } + return rv; + PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); + result.data, &result.len, sizeof resultBuffer); if (rv != SECSuccess) - return rv; + return rv; /* If the callback wrote more than allowed to |result| it has corrupted our * stack. */ if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + if (ex_type == ssl_app_layer_protocol_xtn && + ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { + /* The callback might say OK, but then it's picked a default. + * That's OK for NPN, but not ALPN. */ + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); + (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -658,6 +650,78 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } +/* handle an incoming ALPN extension at the server */ +static SECStatus +ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) +{ + int count; + SECStatus rv; + + /* We expressly don't want to allow ALPN on renegotiation, + * despite it being permitted by the spec. */ + if (ss->firstHsDone || data->len == 0) { + /* Clients MUST send a non-empty ALPN extension. */ + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; + } + + /* unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello */ + count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (count < 0) { + return SECFailure; /* fatal alert was sent */ + } + if (count != data->len) { + return ssl3_DecodeError(ss); + } + + if (!ss->nextProtoCallback) { + /* we're not configured for it */ + return SECSuccess; + } + + rv = ssl3_SelectAppProtocol(ss, ex_type, data); + if (rv != SECSuccess) { + return rv; + } + + /* prepare to send back a response, if we negotiated */ + if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { + return ssl3_RegisterServerHelloExtensionSender( + ss, ex_type, ssl3_ServerSendAppProtoXtn); + } + return SECSuccess; +} + +static SECStatus +ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data) +{ + PORT_Assert(!ss->firstHsDone); + + if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) { + /* If the server negotiated ALPN then it has already told us what + * protocol to use, so it doesn't make sense for us to try to negotiate + * a different one by sending the NPN handshake message. However, if + * we've negotiated NPN then we're required to send the NPN handshake + * message. Thus, these two extensions cannot both be negotiated on the + * same connection. */ + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + /* We should only get this call if we sent the extension, so + * ss->nextProtoCallback needs to be non-NULL. However, it is possible + * that an application erroneously cleared the callback between the time + * we sent the ClientHello and now. */ + if (!ss->nextProtoCallback) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + return SECFailure; + } + + return ssl3_SelectAppProtocol(ss, ex_type, data); +} + static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { @@ -666,8 +730,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; } /* The extension data from the server has the following format: @@ -675,15 +739,15 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * uint8 len; * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); + ((PRUint16) d[1]); if (name_list_len != data->len - 2 || d[2] != data->len - 3) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + return SECFailure; } protocol_name.data = data->data + 3; @@ -697,29 +761,29 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, - PRUint32 maxBytes) + PRUint32 maxBytes) { PRInt32 extension_length; /* Renegotiations do not send this extension. */ if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) { - return 0; + return 0; } extension_length = 4; if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_next_proto_nego_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_next_proto_nego_xtn; } else if (maxBytes < extension_length) { - return 0; + return 0; } return extension_length; @@ -736,66 +800,108 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) /* Renegotiations do not send this extension. */ if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) { - return 0; + return 0; } extension_length = 2 /* extension type */ + 2 /* extension length */ + - 2 /* protocol name list length */ + - ss->opt.nextProtoNego.len; + 2 /* protocol name list length */ + + ss->opt.nextProtoNego.len; if (append && maxBytes >= extension_length) { - /* NPN requires that the client's fallback protocol is first in the - * list. However, ALPN sends protocols in preference order. So we - * allocate a buffer and move the first protocol to the end of the - * list. */ - SECStatus rv; - const unsigned int len = ss->opt.nextProtoNego.len; + /* NPN requires that the client's fallback protocol is first in the + * list. However, ALPN sends protocols in preference order. So we + * allocate a buffer and move the first protocol to the end of the + * list. */ + SECStatus rv; + const unsigned int len = ss->opt.nextProtoNego.len; - alpn_protos = PORT_Alloc(len); - if (alpn_protos == NULL) { - return SECFailure; - } - if (len > 0) { - /* Each protocol string is prefixed with a single byte length. */ - unsigned int i = ss->opt.nextProtoNego.data[0] + 1; - if (i <= len) { - memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); - memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); - } else { - /* This seems to be invalid data so we'll send as-is. */ - memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); - } - } + alpn_protos = PORT_Alloc(len); + if (alpn_protos == NULL) { + return SECFailure; + } + if (len > 0) { + /* Each protocol string is prefixed with a single byte length. */ + unsigned int i = ss->opt.nextProtoNego.data[0] + 1; + if (i <= len) { + memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i); + memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i); + } else { + /* This seems to be invalid data so we'll send as-is. */ + memcpy(alpn_protos, ss->opt.nextProtoNego.data, len); + } + } - rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); - if (rv != SECSuccess) { - goto loser; - } - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) { - goto loser; - } - rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2); - PORT_Free(alpn_protos); - alpn_protos = NULL; - if (rv != SECSuccess) { - goto loser; - } - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_app_layer_protocol_xtn; + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + goto loser; + } + rv = ssl3_AppendHandshakeVariable(ss, alpn_protos, len, 2); + PORT_Free(alpn_protos); + alpn_protos = NULL; + if (rv != SECSuccess) { + goto loser; + } + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_app_layer_protocol_xtn; } else if (maxBytes < extension_length) { - return 0; + return 0; } return extension_length; loser: if (alpn_protos) { - PORT_Free(alpn_protos); + PORT_Free(alpn_protos); } return -1; } +static PRInt32 +ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +{ + PRInt32 extension_length; + + /* we're in over our heads if any of these fail */ + PORT_Assert(ss->opt.enableALPN); + PORT_Assert(ss->ssl3.nextProto.data); + PORT_Assert(ss->ssl3.nextProto.len > 0); + PORT_Assert(ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED); + PORT_Assert(!ss->firstHsDone); + + extension_length = 2 /* extension type */ + 2 /* extension length */ + + 2 /* protocol name list */ + 1 /* name length */ + + ss->ssl3.nextProto.len; + + if (append && maxBytes >= extension_length) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.nextProto.len + 1, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data, + ss->ssl3.nextProto.len, 1); + if (rv != SECSuccess) { + return -1; + } + } else if (maxBytes < extension_length) { + return 0; + } + + return extension_length; +} + static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) @@ -812,9 +918,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, static PRInt32 ssl3_ServerSendStatusRequestXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 extension_length; SECStatus rv; @@ -822,29 +928,29 @@ ssl3_ServerSendStatusRequestXtn( PRBool haveStatus = PR_FALSE; for (i = kt_null; i < kt_kea_size; i++) { - /* TODO: This is a temporary workaround. - * The correct code needs to see if we have an OCSP response for - * the server certificate being used, rather than if we have any - * OCSP response. See also ssl3_SendCertificateStatus. - */ - if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { - haveStatus = PR_TRUE; - break; - } + /* TODO: This is a temporary workaround. + * The correct code needs to see if we have an OCSP response for + * the server certificate being used, rather than if we have any + * OCSP response. See also ssl3_SendCertificateStatus. + */ + if (ss->certStatusArray[i] && ss->certStatusArray[i]->len) { + haveStatus = PR_TRUE; + break; + } } if (!haveStatus) - return 0; + return 0; extension_length = 2 + 2; if (append && maxBytes >= extension_length) { - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); - if (rv != SECSuccess) - return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - return -1; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); + if (rv != SECSuccess) + return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, 0, 2); + if (rv != SECSuccess) + return -1; } return extension_length; @@ -954,14 +1060,14 @@ ssl3_SendNewSessionTicket(sslSocket *ss) * must be >= 0 */ SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake", - SSL_GETPID(), ss->fd)); + SSL_GETPID(), ss->fd)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); ticket.ticket_lifetime_hint = TLS_EX_SESS_TICKET_LIFETIME_HINT; cert_length = (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) ? - 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; + 3 + ss->sec.ci.sid->peerCert->derCert.len : 0; /* Get IV and encryption keys */ ivItem.data = iv; @@ -971,47 +1077,47 @@ ssl3_SendNewSessionTicket(sslSocket *ss) #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); } if (rv != SECSuccess) goto loser; if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) { - /* The master secret is available unwrapped. */ - ms_item.data = ss->ssl3.pwSpec->msItem.data; - ms_item.len = ss->ssl3.pwSpec->msItem.len; - ms_is_wrapped = PR_FALSE; + /* The master secret is available unwrapped. */ + ms_item.data = ss->ssl3.pwSpec->msItem.data; + ms_item.len = ss->ssl3.pwSpec->msItem.len; + ms_is_wrapped = PR_FALSE; } else { - /* Extract the master secret wrapped. */ - sslSessionID sid; - PORT_Memset(&sid, 0, sizeof(sslSessionID)); + /* Extract the master secret wrapped. */ + sslSessionID sid; + PORT_Memset(&sid, 0, sizeof(sslSessionID)); - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { - effectiveExchKeyType = kt_rsa; - } else { - effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; - } + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + effectiveExchKeyType = kt_rsa; + } else { + effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; + } - rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, - effectiveExchKeyType); - if (rv == SECSuccess) { - if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) - goto loser; - memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, - sid.u.ssl3.keys.wrapped_master_secret_len); - ms_item.data = wrapped_ms; - ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; - msWrapMech = sid.u.ssl3.masterWrapMech; - } else { - /* TODO: else send an empty ticket. */ - goto loser; - } - ms_is_wrapped = PR_TRUE; + rv = ssl3_CacheWrappedMasterSecret(ss, &sid, ss->ssl3.pwSpec, + effectiveExchKeyType); + if (rv == SECSuccess) { + if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms)) + goto loser; + memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret, + sid.u.ssl3.keys.wrapped_master_secret_len); + ms_item.data = wrapped_ms; + ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len; + msWrapMech = sid.u.ssl3.masterWrapMech; + } else { + /* TODO: else send an empty ticket. */ + goto loser; + } + ms_is_wrapped = PR_TRUE; } /* Prep to send negotiated name */ srvName = &ss->ssl3.pwSpec->srvVirtName; @@ -1019,55 +1125,55 @@ ssl3_SendNewSessionTicket(sslSocket *ss) srvNameLen = 2 + srvName->len; /* len bytes + name len */ } - ciphertext_length = - sizeof(PRUint16) /* ticket_version */ - + sizeof(SSL3ProtocolVersion) /* ssl_version */ - + sizeof(ssl3CipherSuite) /* ciphersuite */ - + 1 /* compression */ - + 10 /* cipher spec parameters */ - + 1 /* SessionTicket.ms_is_wrapped */ - + 1 /* effectiveExchKeyType */ - + 4 /* msWrapMech */ - + 2 /* master_secret.length */ - + ms_item.len /* master_secret */ - + 1 /* client_auth_type */ - + cert_length /* cert */ + ciphertext_length = + sizeof(PRUint16) /* ticket_version */ + + sizeof(SSL3ProtocolVersion) /* ssl_version */ + + sizeof(ssl3CipherSuite) /* ciphersuite */ + + 1 /* compression */ + + 10 /* cipher spec parameters */ + + 1 /* SessionTicket.ms_is_wrapped */ + + 1 /* effectiveExchKeyType */ + + 4 /* msWrapMech */ + + 2 /* master_secret.length */ + + ms_item.len /* master_secret */ + + 1 /* client_auth_type */ + + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ - + sizeof(ticket.ticket_lifetime_hint); + + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - - (ciphertext_length % AES_BLOCK_SIZE); + (ciphertext_length % AES_BLOCK_SIZE); ciphertext_length += padding_length; message_length = - sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ - + 2 /* length field for NewSessionTicket.ticket */ - + SESS_TICKET_KEY_NAME_LEN /* key_name */ - + AES_BLOCK_SIZE /* iv */ - + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ - + ciphertext_length /* encrypted_state */ - + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ + sizeof(ticket.ticket_lifetime_hint) /* ticket_lifetime_hint */ + + 2 /* length field for NewSessionTicket.ticket */ + + SESS_TICKET_KEY_NAME_LEN /* key_name */ + + AES_BLOCK_SIZE /* iv */ + + 2 /* length field for NewSessionTicket.ticket.encrypted_state */ + + ciphertext_length /* encrypted_state */ + + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */ if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL) - goto loser; + goto loser; plaintext = plaintext_item; /* ticket_version */ rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION, - sizeof(PRUint16)); + sizeof(PRUint16)); if (rv != SECSuccess) goto loser; /* ssl_version */ rv = ssl3_AppendNumberToItem(&plaintext, ss->version, - sizeof(SSL3ProtocolVersion)); + sizeof(SSL3ProtocolVersion)); if (rv != SECSuccess) goto loser; /* ciphersuite */ - rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, - sizeof(ssl3CipherSuite)); + rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite, + sizeof(ssl3CipherSuite)); if (rv != SECSuccess) goto loser; - + /* compression */ rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1); if (rv != SECSuccess) goto loser; @@ -1096,24 +1202,24 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* client_identity */ if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) { - rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendNumberToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.len, 3); - if (rv != SECSuccess) goto loser; - rv = ssl3_AppendToItem(&plaintext, - ss->sec.ci.sid->peerCert->derCert.data, - ss->sec.ci.sid->peerCert->derCert.len); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.len, 3); + if (rv != SECSuccess) goto loser; + rv = ssl3_AppendToItem(&plaintext, + ss->sec.ci.sid->peerCert->derCert.data, + ss->sec.ci.sid->peerCert->derCert.len); + if (rv != SECSuccess) goto loser; } else { - rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); - if (rv != SECSuccess) goto loser; + rv = ssl3_AppendNumberToItem(&plaintext, 0, 1); + if (rv != SECSuccess) goto loser; } /* timestamp */ now = ssl_Time(); rv = ssl3_AppendNumberToItem(&plaintext, now, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; if (srvNameLen) { @@ -1134,39 +1240,39 @@ ssl3_SendNewSessionTicket(sslSocket *ss) PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) - plaintext.data[i] = (unsigned char)padding_length; + plaintext.data[i] = (unsigned char)padding_length; if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) { - rv = SECFailure; - goto loser; + rv = SECFailure; + goto loser; } /* Generate encrypted portion of ticket. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, - NSS_AES_CBC, 1, AES_BLOCK_SIZE); - if (rv != SECSuccess) goto loser; + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, + NSS_AES_CBC, 1, AES_BLOCK_SIZE); + if (rv != SECSuccess) goto loser; - rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, - ciphertext.len, plaintext_item.data, - plaintext_item.len); - if (rv != SECSuccess) goto loser; - } else + rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, + ciphertext.len, plaintext_item.data, + plaintext_item.len); + if (rv != SECSuccess) goto loser; + } else #endif { - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_ENCRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) - goto loser; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_ENCRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) + goto loser; - rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, - (int *)&ciphertext.len, ciphertext.len, - plaintext_item.data, plaintext_item.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + rv = PK11_CipherOp(aes_ctx_pkcs11, ciphertext.data, + (int *)&ciphertext.len, ciphertext.len, + plaintext_item.data, plaintext_item.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Convert ciphertext length to network order. */ @@ -1176,40 +1282,40 @@ ssl3_SendNewSessionTicket(sslSocket *ss) /* Compute MAC. */ #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - mac_key_length, PR_FALSE) != SECSuccess) - goto loser; + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + mac_key_length, PR_FALSE) != SECSuccess) + goto loser; - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); - HMAC_Update(hmac_ctx, iv, sizeof(iv)); - HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); - HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); - HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)); - } else + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); + HMAC_Update(hmac_ctx, iv, sizeof(iv)); + HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); + HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); + HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)); + } else #endif { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) - goto loser; + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) + goto loser; - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, - SESS_TICKET_KEY_NAME_LEN); - rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); - rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); - rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) goto loser; + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, + SESS_TICKET_KEY_NAME_LEN); + rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); + rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); + rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) goto loser; } /* Serialize the handshake message. */ @@ -1217,11 +1323,11 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_lifetime_hint, - sizeof(ticket.ticket_lifetime_hint)); + sizeof(ticket.ticket_lifetime_hint)); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshakeNumber(ss, - message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); + message_length - sizeof(ticket.ticket_lifetime_hint) - 2, 2); if (rv != SECSuccess) goto loser; rv = ssl3_AppendHandshake(ss, key_name, SESS_TICKET_KEY_NAME_LEN); @@ -1238,9 +1344,9 @@ ssl3_SendNewSessionTicket(sslSocket *ss) loser: if (plaintext_item.data) - SECITEM_FreeItem(&plaintext_item, PR_FALSE); + SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) - SECITEM_FreeItem(&ciphertext, PR_FALSE); + SECITEM_FreeItem(&ciphertext, PR_FALSE); return rv; } @@ -1253,7 +1359,7 @@ ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { if (data->len != 0) - return SECFailure; + return SECFailure; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1272,7 +1378,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, /* Ignore the SessionTicket extension if processing is disabled. */ if (!ss->opt.enableSessionTickets) - return SECSuccess; + return SECSuccess; /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1282,302 +1388,302 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, * instead of terminating the current connection. */ if (data->len == 0) { - ss->xtnData.emptySessionTicket = PR_TRUE; + ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; - SECItem extension_data; - EncryptedSessionTicket enc_session_ticket; - unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; - unsigned int computed_mac_length; + int i; + SECItem extension_data; + EncryptedSessionTicket enc_session_ticket; + unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; + unsigned int computed_mac_length; #ifndef NO_PKCS11_BYPASS - const SECHashObject *hashObj; - const unsigned char *aes_key; - const unsigned char *mac_key; - PRUint32 aes_key_length; - PRUint32 mac_key_length; - PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; - HMACContext *hmac_ctx; - PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; - AESContext *aes_ctx; + const SECHashObject *hashObj; + const unsigned char *aes_key; + const unsigned char *mac_key; + PRUint32 aes_key_length; + PRUint32 mac_key_length; + PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; + HMACContext *hmac_ctx; + PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; + AESContext *aes_ctx; #endif - PK11SymKey *aes_key_pkcs11; - PK11SymKey *mac_key_pkcs11; - PK11Context *hmac_ctx_pkcs11; - CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *aes_ctx_pkcs11; - CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; - unsigned char * padding; - PRUint32 padding_length; - unsigned char *buffer; - unsigned int buffer_len; - PRInt32 temp; - SECItem cert_item; + PK11SymKey *aes_key_pkcs11; + PK11SymKey *mac_key_pkcs11; + PK11Context *hmac_ctx_pkcs11; + CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; + PK11Context *aes_ctx_pkcs11; + CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; + unsigned char * padding; + PRUint32 padding_length; + unsigned char *buffer; + unsigned int buffer_len; + PRInt32 temp; + SECItem cert_item; PRInt8 nameType = TLS_STE_NO_SERVER_NAME; - /* Turn off stateless session resumption if the client sends a - * SessionTicket extension, even if the extension turns out to be - * malformed (ss->sec.ci.sid is non-NULL when doing session - * renegotiation.) - */ - if (ss->sec.ci.sid != NULL) { - if (ss->sec.uncache) - ss->sec.uncache(ss->sec.ci.sid); - ssl_FreeSID(ss->sec.ci.sid); - ss->sec.ci.sid = NULL; - } + /* Turn off stateless session resumption if the client sends a + * SessionTicket extension, even if the extension turns out to be + * malformed (ss->sec.ci.sid is non-NULL when doing session + * renegotiation.) + */ + if (ss->sec.ci.sid != NULL) { + if (ss->sec.uncache) + ss->sec.uncache(ss->sec.ci.sid); + ssl_FreeSID(ss->sec.ci.sid); + ss->sec.ci.sid = NULL; + } - extension_data.data = data->data; /* Keep a copy for future use. */ - extension_data.len = data->len; + extension_data.data = data->data; /* Keep a copy for future use. */ + extension_data.len = data->len; - if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) + != SECSuccess) + return SECFailure; - /* Get session ticket keys. */ + /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, - &mac_key, &mac_key_length); - } else + if (ss->opt.bypassPKCS11) { + rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, + &mac_key, &mac_key_length); + } else #endif - { - rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, - &mac_key_pkcs11); - } - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", - SSL_GETPID(), ss->fd)); - goto loser; - } + { + rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, + &mac_key_pkcs11); + } + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", + SSL_GETPID(), ss->fd)); + goto loser; + } - /* If the ticket sent by the client was generated under a key different - * from the one we have, bypass ticket processing. - */ - if (PORT_Memcmp(enc_session_ticket.key_name, key_name, - SESS_TICKET_KEY_NAME_LEN) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + /* If the ticket sent by the client was generated under a key different + * from the one we have, bypass ticket processing. + */ + if (PORT_Memcmp(enc_session_ticket.key_name, key_name, + SESS_TICKET_KEY_NAME_LEN) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - /* Verify the MAC on the ticket. MAC verification may also - * fail if the MAC key has been recently refreshed. - */ + /* Verify the MAC on the ticket. MAC verification may also + * fail if the MAC key has been recently refreshed. + */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - hmac_ctx = (HMACContext *)hmac_ctx_buf; - hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); - if (HMAC_Init(hmac_ctx, hashObj, mac_key, - sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) - goto no_ticket; - HMAC_Begin(hmac_ctx); - HMAC_Update(hmac_ctx, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)) != SECSuccess) - goto no_ticket; - } else + if (ss->opt.bypassPKCS11) { + hmac_ctx = (HMACContext *)hmac_ctx_buf; + hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); + if (HMAC_Init(hmac_ctx, hashObj, mac_key, + sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) + goto no_ticket; + HMAC_Begin(hmac_ctx); + HMAC_Update(hmac_ctx, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)) != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem macParam; - macParam.data = NULL; - macParam.len = 0; - hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, - CKA_SIGN, mac_key_pkcs11, &macParam); - if (!hmac_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", - SSL_GETPID(), ss->fd, PORT_GetError())); - goto no_ticket; - } else { - SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", - SSL_GETPID(), ss->fd)); - } - rv = PK11_DigestBegin(hmac_ctx_pkcs11); - rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, - extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (rv != SECSuccess) { - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - goto no_ticket; - } - rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, - &computed_mac_length, sizeof(computed_mac)); - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } - if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, - computed_mac_length) != 0) { - SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + { + SECItem macParam; + macParam.data = NULL; + macParam.len = 0; + hmac_ctx_pkcs11 = PK11_CreateContextBySymKey(macMech, + CKA_SIGN, mac_key_pkcs11, &macParam); + if (!hmac_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.", + SSL_GETPID(), ss->fd, PORT_GetError())); + goto no_ticket; + } else { + SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.", + SSL_GETPID(), ss->fd)); + } + rv = PK11_DigestBegin(hmac_ctx_pkcs11); + rv = PK11_DigestOp(hmac_ctx_pkcs11, extension_data.data, + extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); + if (rv != SECSuccess) { + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + goto no_ticket; + } + rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, + &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } + if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac, + computed_mac_length) != 0) { + SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - /* We ignore key_name for now. - * This is ok as MAC verification succeeded. - */ + /* We ignore key_name for now. + * This is ok as MAC verification succeeded. + */ - /* Decrypt the ticket. */ + /* Decrypt the ticket. */ - /* Plaintext is shorter than the ciphertext due to padding. */ - decrypted_state = SECITEM_AllocItem(NULL, NULL, - enc_session_ticket.encrypted_state.len); + /* Plaintext is shorter than the ciphertext due to padding. */ + decrypted_state = SECITEM_AllocItem(NULL, NULL, + enc_session_ticket.encrypted_state.len); #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - aes_ctx = (AESContext *)aes_ctx_buf; - rv = AES_InitContext(aes_ctx, aes_key, - sizeof(session_ticket_enc_key), enc_session_ticket.iv, - NSS_AES_CBC, 0,AES_BLOCK_SIZE); - if (rv != SECSuccess) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + if (ss->opt.bypassPKCS11) { + aes_ctx = (AESContext *)aes_ctx_buf; + rv = AES_InitContext(aes_ctx, aes_key, + sizeof(session_ticket_enc_key), enc_session_ticket.iv, + NSS_AES_CBC, 0,AES_BLOCK_SIZE); + if (rv != SECSuccess) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - rv = AES_Decrypt(aes_ctx, decrypted_state->data, - &decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - if (rv != SECSuccess) - goto no_ticket; - } else + rv = AES_Decrypt(aes_ctx, decrypted_state->data, + &decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + if (rv != SECSuccess) + goto no_ticket; + } else #endif - { - SECItem ivItem; - ivItem.data = enc_session_ticket.iv; - ivItem.len = AES_BLOCK_SIZE; - aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, - CKA_DECRYPT, aes_key_pkcs11, &ivItem); - if (!aes_ctx_pkcs11) { - SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", - SSL_GETPID(), ss->fd)); - goto no_ticket; - } + { + SECItem ivItem; + ivItem.data = enc_session_ticket.iv; + ivItem.len = AES_BLOCK_SIZE; + aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, + CKA_DECRYPT, aes_key_pkcs11, &ivItem); + if (!aes_ctx_pkcs11) { + SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", + SSL_GETPID(), ss->fd)); + goto no_ticket; + } - rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, - (int *)&decrypted_state->len, decrypted_state->len, - enc_session_ticket.encrypted_state.data, - enc_session_ticket.encrypted_state.len); - PK11_Finalize(aes_ctx_pkcs11); - PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); - if (rv != SECSuccess) - goto no_ticket; - } + rv = PK11_CipherOp(aes_ctx_pkcs11, decrypted_state->data, + (int *)&decrypted_state->len, decrypted_state->len, + enc_session_ticket.encrypted_state.data, + enc_session_ticket.encrypted_state.len); + PK11_Finalize(aes_ctx_pkcs11); + PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); + if (rv != SECSuccess) + goto no_ticket; + } - /* Check padding. */ - padding_length = - (PRUint32)decrypted_state->data[decrypted_state->len - 1]; - if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) - goto no_ticket; + /* Check padding. */ + padding_length = + (PRUint32)decrypted_state->data[decrypted_state->len - 1]; + if (padding_length == 0 || padding_length > AES_BLOCK_SIZE) + goto no_ticket; - padding = &decrypted_state->data[decrypted_state->len - padding_length]; - for (i = 0; i < padding_length; i++, padding++) { - if (padding_length != (PRUint32)*padding) - goto no_ticket; - } + padding = &decrypted_state->data[decrypted_state->len - padding_length]; + for (i = 0; i < padding_length; i++, padding++) { + if (padding_length != (PRUint32)*padding) + goto no_ticket; + } - /* Deserialize session state. */ - buffer = decrypted_state->data; - buffer_len = decrypted_state->len; + /* Deserialize session state. */ + buffer = decrypted_state->data; + buffer_len = decrypted_state->len; - parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); - if (parsed_session_ticket == NULL) { - rv = SECFailure; - goto loser; - } + parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket)); + if (parsed_session_ticket == NULL) { + rv = SECFailure; + goto loser; + } - /* Read ticket_version (which is ignored for now.) */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; + /* Read ticket_version (which is ignored for now.) */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; - /* Read SSLVersion. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; + /* Read SSLVersion. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp; - /* Read cipher_suite. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; + /* Read cipher_suite. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp; - /* Read compression_method. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; + /* Read compression_method. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->compression_method = (SSLCompressionMethod)temp; - /* Read cipher spec parameters. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authAlgorithm = (SSLSignType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->authKeyBits = (PRUint32)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaType = (SSLKEAType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->keaKeyBits = (PRUint32)temp; + /* Read cipher spec parameters. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authAlgorithm = (SSLSignType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->authKeyBits = (PRUint32)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaType = (SSLKEAType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->keaKeyBits = (PRUint32)temp; - /* Read wrapped master_secret. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_is_wrapped = (PRBool)temp; + /* Read wrapped master_secret. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_is_wrapped = (PRBool)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->exchKeyType = (SSL3KEAType)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp; - temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp < 0) goto no_ticket; - parsed_session_ticket->ms_length = (PRUint16)temp; - if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ - parsed_session_ticket->ms_length > - sizeof(parsed_session_ticket->master_secret)) - goto no_ticket; - - /* Allow for the wrapped master secret to be longer. */ - if (buffer_len < parsed_session_ticket->ms_length) - goto no_ticket; - PORT_Memcpy(parsed_session_ticket->master_secret, buffer, - parsed_session_ticket->ms_length); - buffer += parsed_session_ticket->ms_length; - buffer_len -= parsed_session_ticket->ms_length; + temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); + if (temp < 0) goto no_ticket; + parsed_session_ticket->ms_length = (PRUint16)temp; + if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */ + parsed_session_ticket->ms_length > + sizeof(parsed_session_ticket->master_secret)) + goto no_ticket; - /* Read client_identity */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->client_identity.client_auth_type = - (ClientAuthenticationType)temp; - switch(parsed_session_ticket->client_identity.client_auth_type) { + /* Allow for the wrapped master secret to be longer. */ + if (buffer_len < parsed_session_ticket->ms_length) + goto no_ticket; + PORT_Memcpy(parsed_session_ticket->master_secret, buffer, + parsed_session_ticket->ms_length); + buffer += parsed_session_ticket->ms_length; + buffer_len -= parsed_session_ticket->ms_length; + + /* Read client_identity */ + temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->client_identity.client_auth_type = + (ClientAuthenticationType)temp; + switch(parsed_session_ticket->client_identity.client_auth_type) { case CLIENT_AUTH_ANONYMOUS: - break; + break; case CLIENT_AUTH_CERTIFICATE: - rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, - &buffer, &buffer_len); - if (rv != SECSuccess) goto no_ticket; - rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, - &cert_item); - if (rv != SECSuccess) goto no_ticket; - break; + rv = ssl3_ConsumeHandshakeVariable(ss, &cert_item, 3, + &buffer, &buffer_len); + if (rv != SECSuccess) goto no_ticket; + rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert, + &cert_item); + if (rv != SECSuccess) goto no_ticket; + break; default: - goto no_ticket; - } - /* Read timestamp. */ - temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - parsed_session_ticket->timestamp = (PRUint32)temp; + goto no_ticket; + } + /* Read timestamp. */ + temp = ssl3_ConsumeHandshakeNumber(ss, 4, &buffer, &buffer_len); + if (temp < 0) + goto no_ticket; + parsed_session_ticket->timestamp = (PRUint32)temp; /* Read server name */ nameType = - ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); + ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); if (nameType != TLS_STE_NO_SERVER_NAME) { SECItem name_item; rv = ssl3_ConsumeHandshakeVariable(ss, &name_item, 2, &buffer, @@ -1589,99 +1695,99 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } - /* Done parsing. Check that all bytes have been consumed. */ - if (buffer_len != padding_length) - goto no_ticket; + /* Done parsing. Check that all bytes have been consumed. */ + if (buffer_len != padding_length) + goto no_ticket; - /* Use the ticket if it has not expired, otherwise free the allocated - * memory since the ticket is of no use. - */ - if (parsed_session_ticket->timestamp != 0 && - parsed_session_ticket->timestamp + - TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { + /* Use the ticket if it has not expired, otherwise free the allocated + * memory since the ticket is of no use. + */ + if (parsed_session_ticket->timestamp != 0 && + parsed_session_ticket->timestamp + + TLS_EX_SESS_TICKET_LIFETIME_HINT > ssl_Time()) { - sid = ssl3_NewSessionID(ss, PR_TRUE); - if (sid == NULL) { - rv = SECFailure; - goto loser; - } + sid = ssl3_NewSessionID(ss, PR_TRUE); + if (sid == NULL) { + rv = SECFailure; + goto loser; + } - /* Copy over parameters. */ - sid->version = parsed_session_ticket->ssl_version; - sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; - sid->u.ssl3.compression = parsed_session_ticket->compression_method; - sid->authAlgorithm = parsed_session_ticket->authAlgorithm; - sid->authKeyBits = parsed_session_ticket->authKeyBits; - sid->keaType = parsed_session_ticket->keaType; - sid->keaKeyBits = parsed_session_ticket->keaKeyBits; + /* Copy over parameters. */ + sid->version = parsed_session_ticket->ssl_version; + sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite; + sid->u.ssl3.compression = parsed_session_ticket->compression_method; + sid->authAlgorithm = parsed_session_ticket->authAlgorithm; + sid->authKeyBits = parsed_session_ticket->authKeyBits; + sid->keaType = parsed_session_ticket->keaType; + sid->keaKeyBits = parsed_session_ticket->keaKeyBits; - /* Copy master secret. */ + /* Copy master secret. */ #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11 && - parsed_session_ticket->ms_is_wrapped) - goto no_ticket; + if (ss->opt.bypassPKCS11 && + parsed_session_ticket->ms_is_wrapped) + goto no_ticket; #endif - if (parsed_session_ticket->ms_length > - sizeof(sid->u.ssl3.keys.wrapped_master_secret)) - goto no_ticket; - PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, - parsed_session_ticket->master_secret, - parsed_session_ticket->ms_length); - sid->u.ssl3.keys.wrapped_master_secret_len = - parsed_session_ticket->ms_length; - sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; - sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; - sid->u.ssl3.keys.msIsWrapped = - parsed_session_ticket->ms_is_wrapped; - sid->u.ssl3.masterValid = PR_TRUE; - sid->u.ssl3.keys.resumable = PR_TRUE; + if (parsed_session_ticket->ms_length > + sizeof(sid->u.ssl3.keys.wrapped_master_secret)) + goto no_ticket; + PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret, + parsed_session_ticket->master_secret, + parsed_session_ticket->ms_length); + sid->u.ssl3.keys.wrapped_master_secret_len = + parsed_session_ticket->ms_length; + sid->u.ssl3.exchKeyType = parsed_session_ticket->exchKeyType; + sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech; + sid->u.ssl3.keys.msIsWrapped = + parsed_session_ticket->ms_is_wrapped; + sid->u.ssl3.masterValid = PR_TRUE; + sid->u.ssl3.keys.resumable = PR_TRUE; - /* Copy over client cert from session ticket if there is one. */ - if (parsed_session_ticket->peer_cert.data != NULL) { - if (sid->peerCert != NULL) - CERT_DestroyCertificate(sid->peerCert); - sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, - &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); - if (sid->peerCert == NULL) { - rv = SECFailure; - goto loser; - } - } - if (parsed_session_ticket->srvName.data != NULL) { + /* Copy over client cert from session ticket if there is one. */ + if (parsed_session_ticket->peer_cert.data != NULL) { + if (sid->peerCert != NULL) + CERT_DestroyCertificate(sid->peerCert); + sid->peerCert = CERT_NewTempCertificate(ss->dbHandle, + &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE); + if (sid->peerCert == NULL) { + rv = SECFailure; + goto loser; + } + } + if (parsed_session_ticket->srvName.data != NULL) { sid->u.ssl3.srvName = parsed_session_ticket->srvName; } - ss->statelessResume = PR_TRUE; - ss->sec.ci.sid = sid; - } + ss->statelessResume = PR_TRUE; + ss->sec.ci.sid = sid; + } } if (0) { no_ticket: - SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", - SSL_GETPID(), ss->fd)); - ssl3stats = SSL_GetStatistics(); - SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); + SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.", + SSL_GETPID(), ss->fd)); + ssl3stats = SSL_GetStatistics(); + SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures ); } rv = SECSuccess; loser: - /* ss->sec.ci.sid == sid if it did NOT come here via goto statement - * in that case do not free sid - */ - if (sid && (ss->sec.ci.sid != sid)) { - ssl_FreeSID(sid); - sid = NULL; - } + /* ss->sec.ci.sid == sid if it did NOT come here via goto statement + * in that case do not free sid + */ + if (sid && (ss->sec.ci.sid != sid)) { + ssl_FreeSID(sid); + sid = NULL; + } if (decrypted_state != NULL) { - SECITEM_FreeItem(decrypted_state, PR_TRUE); - decrypted_state = NULL; + SECITEM_FreeItem(decrypted_state, PR_TRUE); + decrypted_state = NULL; } if (parsed_session_ticket != NULL) { - if (parsed_session_ticket->peer_cert.data) { - SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); - } - PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); + if (parsed_session_ticket->peer_cert.data) { + SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE); + } + PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket)); } return rv; @@ -1692,11 +1798,11 @@ loser: * cannot be freed. The caller is expected to call this function * on a shallow copy of the structure. */ -static SECStatus +static SECStatus ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes) { if (bytes > item->len) - return SECFailure; + return SECFailure; *buf = item->data; item->data += bytes; @@ -1709,30 +1815,30 @@ ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data, EncryptedSessionTicket *enc_session_ticket) { if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name, - SESS_TICKET_KEY_NAME_LEN) != SECSuccess) - return SECFailure; + SESS_TICKET_KEY_NAME_LEN) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv, - AES_BLOCK_SIZE) != SECSuccess) - return SECFailure; + AES_BLOCK_SIZE) != SECSuccess) + return SECFailure; if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state, - 2, &data->data, &data->len) != SECSuccess) - return SECFailure; + 2, &data->data, &data->len) != SECSuccess) + return SECFailure; if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac, - TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) - return SECFailure; + TLS_EX_SESS_TICKET_MAC_LENGTH) != SECSuccess) + return SECFailure; if (data->len != 0) /* Make sure that we have consumed all bytes. */ - return SECFailure; + return SECFailure; return SECSuccess; } /* go through hello extensions in buffer "b". - * For each one, find the extension handler in the table, and - * if present, invoke that handler. + * For each one, find the extension handler in the table, and + * if present, invoke that handler. * Servers ignore any extensions with unknown extension types. * Clients reject any extensions with unadvertised extension types. */ -SECStatus +SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) { const ssl3HelloExtensionHandler * handlers; @@ -1746,68 +1852,68 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) } while (*length) { - const ssl3HelloExtensionHandler * handler; - SECStatus rv; - PRInt32 extension_type; - SECItem extension_data; + const ssl3HelloExtensionHandler * handler; + SECStatus rv; + PRInt32 extension_type; + SECItem extension_data; - /* Get the extension's type field */ - extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); - if (extension_type < 0) /* failure to decode extension_type */ - return SECFailure; /* alert already sent */ + /* Get the extension's type field */ + extension_type = ssl3_ConsumeHandshakeNumber(ss, 2, b, length); + if (extension_type < 0) /* failure to decode extension_type */ + return SECFailure; /* alert already sent */ - /* get the data for this extension, so we can pass it or skip it. */ - rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); - if (rv != SECSuccess) - return rv; + /* get the data for this extension, so we can pass it or skip it. */ + rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); + if (rv != SECSuccess) + return rv; - /* Check whether the server sent an extension which was not advertised - * in the ClientHello. - */ - if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + /* Check whether the server sent an extension which was not advertised + * in the ClientHello. + */ + if (!ss->sec.isServer && + !ssl3_ClientExtensionAdvertised(ss, extension_type)) + return SECFailure; /* TODO: send unsupported_extension alert */ - /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) - return SECFailure; + /* Check whether an extension has been sent multiple times. */ + if (ssl3_ExtensionNegotiated(ss, extension_type)) + return SECFailure; - /* find extension_type in table of Hello Extension Handlers */ - for (handler = handlers; handler->ex_type >= 0; handler++) { - /* if found, call this handler */ - if (handler->ex_type == extension_type) { - rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, - &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; - } - } + /* find extension_type in table of Hello Extension Handlers */ + for (handler = handlers; handler->ex_type >= 0; handler++) { + /* if found, call this handler */ + if (handler->ex_type == extension_type) { + rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, + &extension_data); + /* Ignore this result */ + /* Treat all bad extensions as unrecognized types. */ + break; + } + } } return SECSuccess; } /* Add a callback function to the table of senders of server hello extensions. */ -SECStatus +SECStatus ssl3_RegisterServerHelloExtensionSender(sslSocket *ss, PRUint16 ex_type, - ssl3HelloExtensionSenderFunc cb) + ssl3HelloExtensionSenderFunc cb) { int i; ssl3HelloExtensionSender *sender = &ss->xtnData.serverSenders[0]; for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { if (!sender->ex_sender) { - sender->ex_type = ex_type; - sender->ex_sender = cb; - return SECSuccess; - } - /* detect duplicate senders */ - PORT_Assert(sender->ex_type != ex_type); - if (sender->ex_type == ex_type) { - /* duplicate */ - break; - } + sender->ex_type = ex_type; + sender->ex_sender = cb; + return SECSuccess; + } + /* detect duplicate senders */ + PORT_Assert(sender->ex_type != ex_type); + if (sender->ex_type == ex_type) { + /* duplicate */ + break; + } } PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -1823,18 +1929,18 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, int i; if (!sender) { - sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? + sender = ss->version > SSL_LIBRARY_VERSION_3_0 ? &clientHelloSendersTLS[0] : &clientHelloSendersSSL3[0]; } for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) { - if (sender->ex_sender) { - PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); - if (extLen < 0) - return -1; - maxBytes -= extLen; - total_exten_len += extLen; - } + if (sender->ex_sender) { + PRInt32 extLen = (*sender->ex_sender)(ss, append, maxBytes); + if (extLen < 0) + return -1; + maxBytes -= extLen; + total_exten_len += extLen; + } } return total_exten_len; } @@ -1847,48 +1953,48 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, * Verify Data (TLS): 12 bytes (client) or 24 bytes (server) * Verify Data (SSL): 36 bytes (client) or 72 bytes (server) */ -static PRInt32 +static PRInt32 ssl3_SendRenegotiationInfoXtn( - sslSocket * ss, - PRBool append, - PRUint32 maxBytes) + sslSocket * ss, + PRBool append, + PRUint32 maxBytes) { PRInt32 len, needed; /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send - * both the SCSV and the empty RI, so when we send SCSV in + * both the SCSV and the empty RI, so when we send SCSV in * the initial handshake, we don't also send RI. */ if (!ss || ss->ssl3.hs.sendingSCSV) - return 0; - len = !ss->firstHsDone ? 0 : - (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 - : ss->ssl3.hs.finishedBytes); + return 0; + len = !ss->firstHsDone ? 0 : + (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 + : ss->ssl3.hs.finishedBytes); needed = 5 + len; if (append && maxBytes >= needed) { - SECStatus rv; - /* extension_type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); - if (rv != SECSuccess) return -1; - /* length of extension_data */ - rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); - if (rv != SECSuccess) return -1; - /* verify_Data from previous Finished message(s) */ - rv = ssl3_AppendHandshakeVariable(ss, - ss->ssl3.hs.finishedMsgs.data, len, 1); - if (rv != SECSuccess) return -1; - if (!ss->sec.isServer) { - TLSExtensionData *xtnData = &ss->xtnData; - xtnData->advertised[xtnData->numAdvertised++] = - ssl_renegotiation_info_xtn; - } + SECStatus rv; + /* extension_type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); + if (rv != SECSuccess) return -1; + /* length of extension_data */ + rv = ssl3_AppendHandshakeNumber(ss, len + 1, 2); + if (rv != SECSuccess) return -1; + /* verify_Data from previous Finished message(s) */ + rv = ssl3_AppendHandshakeVariable(ss, + ss->ssl3.hs.finishedMsgs.data, len, 1); + if (rv != SECSuccess) return -1; + if (!ss->sec.isServer) { + TLSExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = + ssl_renegotiation_info_xtn; + } } return needed; } static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, - SECItem *data) + SECItem *data) { SECStatus rv = SECSuccess; @@ -1897,7 +2003,7 @@ ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, PORT_Assert(ss->sec.isServer); /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_ServerSendStatusRequestXtn); + ssl3_ServerSendStatusRequestXtn); return rv; } @@ -1909,25 +2015,25 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 len = 0; if (ss->firstHsDone) { - len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes - : ss->ssl3.hs.finishedBytes * 2; + len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes + : ss->ssl3.hs.finishedBytes * 2; } if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); - return SECFailure; + data->data[0] != len || (len && + NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len))) { + /* Can we do this here? Or, must we arrange for the caller to do it? */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + return SECFailure; } /* remember that we got this extension and it was correct. */ ss->peerRequestedProtection = 1; ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; if (ss->sec.isServer) { - /* prepare to send back the appropriate response */ - rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + /* prepare to send back the appropriate response */ + rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, + ssl3_SendRenegotiationInfoXtn); } return rv; } @@ -1940,60 +2046,60 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) SECStatus rv; if (!ss) - return 0; + return 0; if (!ss->sec.isServer) { - /* Client side */ + /* Client side */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + if (append && maxBytes >= 4 + ext_data_len) { + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); + if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; + } - return 4 + ext_data_len; + return 4 + ext_data_len; } /* Server side */ if (append && maxBytes >= 9) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); - if (rv != SECSuccess) return -1; - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); } return 9; @@ -2011,121 +2117,121 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECItem litem; if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { + /* Client side */ + if (!data->data || !data->len) { /* malformed */ return SECFailure; - } + } - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; + } + /* Now check that the number of ciphers listed is 1 (len = 2) */ + if (ciphers.len != 2) { + return SECFailure; + } - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } - if (!found) { - return SECFailure; - } + if (!found) { + return SECFailure; + } - /* Get the srtp_mki value */ + /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { return SECFailure; } - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } + /* We didn't offer an MKI, so this must be 0 length */ + /* XXX RFC 5764 Section 4.1.3 says: + * If the client detects a nonzero-length MKI in the server's + * response that is different than the one the client offered, + * then the client MUST abort the handshake and SHOULD send an + * invalid_parameter alert. + * + * Due to a limitation of the ssl3_HandleHelloExtensions function, + * returning SECFailure here won't abort the handshake. It will + * merely cause the use_srtp extension to be not negotiated. We + * should fix this. See NSS bug 753136. + */ + if (litem.len != 0) { + return SECFailure; + } - if (data->len != 0) { + if (data->len != 0) { /* malformed */ return SECFailure; - } + } - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; } /* Server side */ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { - /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP - * preferences have been set. */ - return SECSuccess; + /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP + * preferences have been set. */ + return SECSuccess; } if (!data->data || data->len < 5) { - /* malformed */ - return SECFailure; + /* malformed */ + return SECFailure; } /* Get the cipher list */ rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); + &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Check that the list is even length */ if (ciphers.len % 2) { - return SECFailure; + return SECFailure; } /* Walk through the offered list and pick the most preferred of our * ciphers, if any */ for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) { - for (j = 0; j + 1 < ciphers.len; j += 2) { - cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + for (j = 0; j + 1 < ciphers.len; j += 2) { + cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1]; + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } } /* Get the srtp_mki value */ rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } if (data->len != 0) { - return SECFailure; /* Malformed */ + return SECFailure; /* Malformed */ } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ - return SECSuccess; + /* No matching ciphers */ + return SECSuccess; } /* OK, we have a valid cipher and we've selected it */ @@ -2133,7 +2239,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_SendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2149,59 +2255,59 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return SECSuccess; + return SECSuccess; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, - &data->len); + &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); - return SECFailure; + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + return SECFailure; } numAlgorithms = algorithms.len/2; /* We don't care to process excessive numbers of algorithms. */ if (numAlgorithms > 512) { - numAlgorithms = 512; + numAlgorithms = 512; } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); + PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - return SECFailure; + return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; for (i = 0; i < numAlgorithms; i++) { - unsigned char tls_hash = *(b++); - unsigned char tls_sig = *(b++); - SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); + unsigned char tls_hash = *(b++); + unsigned char tls_sig = *(b++); + SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); - if (hash == SEC_OID_UNKNOWN) { - /* We ignore formats that we don't understand. */ - continue; - } - /* tls_sig support will be checked later in - * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; - ss->ssl3.hs.numClientSigAndHash++; + if (hash == SEC_OID_UNKNOWN) { + /* We ignore formats that we don't understand. */ + continue; + } + /* tls_sig support will be checked later in + * ssl3_PickSignatureHashAlgorithm. */ + ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; + ss->ssl3.hs.numClientSigAndHash++; } if (!ss->ssl3.hs.numClientSigAndHash) { - /* We didn't understand any of the client's requested signature - * formats. We'll use the defaults. */ - PORT_Free(ss->ssl3.hs.clientSigAndHash); - ss->ssl3.hs.clientSigAndHash = NULL; + /* We didn't understand any of the client's requested signature + * formats. We'll use the defaults. */ + PORT_Free(ss->ssl3.hs.clientSigAndHash); + ss->ssl3.hs.clientSigAndHash = NULL; } return SECSuccess; @@ -2213,49 +2319,49 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) { static const unsigned char signatureAlgorithms[] = { - /* This block is the contents of our signature_algorithms extension, in - * wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, + /* This block is the contents of our signature_algorithms extension, in + * wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + tls_hash_sha256, tls_sig_rsa, + tls_hash_sha384, tls_sig_rsa, + tls_hash_sha1, tls_sig_rsa, #ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, + tls_hash_sha256, tls_sig_ecdsa, + tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha1, tls_sig_ecdsa, #endif - tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, + tls_hash_sha256, tls_sig_dsa, + tls_hash_sha1, tls_sig_dsa, }; PRInt32 extension_length; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { - return 0; + return 0; } extension_length = - 2 /* extension type */ + - 2 /* extension length */ + - 2 /* supported_signature_algorithms length */ + - sizeof(signatureAlgorithms); + 2 /* extension type */ + + 2 /* extension length */ + + 2 /* supported_signature_algorithms length */ + + sizeof(signatureAlgorithms); if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, - sizeof(signatureAlgorithms), 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, + sizeof(signatureAlgorithms), 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; + PORT_Assert(0); + return 0; } return extension_length; @@ -2268,18 +2374,18 @@ unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) { unsigned int recordLength = 1 /* handshake message type */ + - 3 /* handshake message length */ + - clientHelloLength; + 3 /* handshake message length */ + + clientHelloLength; unsigned int extensionLength; if (recordLength < 256 || recordLength >= 512) { - return 0; + return 0; } extensionLength = 512 - recordLength; /* Extensions take at least four bytes to encode. */ if (extensionLength < 4) { - extensionLength = 4; + extensionLength = 4; } return extensionLength; @@ -2290,28 +2396,28 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) * that we don't trigger bugs in F5 products. */ PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, - PRUint32 maxBytes) + PRUint32 maxBytes) { unsigned int paddingLen = extensionLen - 4; static unsigned char padding[256]; if (extensionLen == 0) { - return 0; + return 0; } if (extensionLen < 4 || - extensionLen > maxBytes || - paddingLen > sizeof(padding)) { - PORT_Assert(0); - return -1; + extensionLen > maxBytes || + paddingLen > sizeof(padding)) { + PORT_Assert(0); + return -1; } if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) - return -1; + return -1; if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) - return -1; + return -1; if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) - return -1; + return -1; return extensionLen; } diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index d341ff94..4d4aa10b 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -17,25 +17,25 @@ typedef PRUint16 SSL3ProtocolVersion; typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ -#define MAX_CERT_TYPES 10 -#define MAX_COMPRESSION_METHODS 10 -#define MAX_MAC_LENGTH 64 -#define MAX_PADDING_LENGTH 64 -#define MAX_KEY_LENGTH 64 -#define EXPORT_KEY_LENGTH 5 -#define SSL3_RANDOM_LENGTH 32 +#define MAX_CERT_TYPES 10 +#define MAX_COMPRESSION_METHODS 10 +#define MAX_MAC_LENGTH 64 +#define MAX_PADDING_LENGTH 64 +#define MAX_KEY_LENGTH 64 +#define EXPORT_KEY_LENGTH 5 +#define SSL3_RANDOM_LENGTH 32 -#define SSL3_RECORD_HEADER_LENGTH 5 +#define SSL3_RECORD_HEADER_LENGTH 5 /* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */ #define DTLS_RECORD_HEADER_LENGTH 13 -#define MAX_FRAGMENT_LENGTH 16384 - +#define MAX_FRAGMENT_LENGTH 16384 + typedef enum { - content_change_cipher_spec = 20, + content_change_cipher_spec = 20, content_alert = 21, - content_handshake = 22, + content_handshake = 22, content_application_data = 23 } SSL3ContentType; @@ -77,11 +77,11 @@ typedef enum { close_notify = 0, unexpected_message = 10, bad_record_mac = 20, - decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ - record_overflow = 22, /* TLS only */ + decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */ + record_overflow = 22, /* TLS only */ decompression_failure = 30, handshake_failure = 40, - no_certificate = 41, /* SSL3 only, NOT TLS */ + no_certificate = 41, /* SSL3 only, NOT TLS */ bad_certificate = 42, unsupported_certificate = 43, certificate_revoked = 44, @@ -106,7 +106,8 @@ typedef enum { certificate_unobtainable = 111, unrecognized_name = 112, bad_certificate_status_response = 113, - bad_certificate_hash_value = 114 + bad_certificate_hash_value = 114, + no_application_protocol = 120 } SSL3AlertDescription; @@ -116,44 +117,44 @@ typedef struct { } SSL3Alert; typedef enum { - hello_request = 0, - client_hello = 1, - server_hello = 2, + hello_request = 0, + client_hello = 1, + server_hello = 2, hello_verify_request = 3, - new_session_ticket = 4, - certificate = 11, + new_session_ticket = 4, + certificate = 11, server_key_exchange = 12, - certificate_request = 13, - server_hello_done = 14, - certificate_verify = 15, - client_key_exchange = 16, - finished = 20, + certificate_request = 13, + server_hello_done = 14, + certificate_verify = 15, + client_key_exchange = 16, + finished = 20, certificate_status = 22, - next_proto = 67 + next_proto = 67 } SSL3HandshakeType; typedef struct { PRUint8 empty; } SSL3HelloRequest; - + typedef struct { SSL3Opaque rand[SSL3_RANDOM_LENGTH]; } SSL3Random; - + typedef struct { SSL3Opaque id[32]; PRUint8 length; } SSL3SessionID; - + typedef struct { SSL3ProtocolVersion client_version; SSL3Random random; SSL3SessionID session_id; SECItem cipher_suites; - PRUint8 cm_count; + PRUint8 cm_count; SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS]; } SSL3ClientHello; - + typedef struct { SSL3ProtocolVersion server_version; SSL3Random random; @@ -161,29 +162,29 @@ typedef struct { ssl3CipherSuite cipher_suite; SSLCompressionMethod compression_method; } SSL3ServerHello; - + typedef struct { SECItem list; } SSL3Certificate; /* SSL3SignType moved to ssl.h */ -/* The SSL key exchange method used */ +/* The SSL key exchange method used */ typedef enum { - kea_null, - kea_rsa, + kea_null, + kea_rsa, kea_rsa_export, kea_rsa_export_1024, - kea_dh_dss, - kea_dh_dss_export, - kea_dh_rsa, + kea_dh_dss, + kea_dh_dss_export, + kea_dh_rsa, kea_dh_rsa_export, - kea_dhe_dss, - kea_dhe_dss_export, - kea_dhe_rsa, + kea_dhe_dss, + kea_dhe_dss_export, + kea_dhe_rsa, kea_dhe_rsa_export, - kea_dh_anon, - kea_dh_anon_export, + kea_dh_anon, + kea_dh_anon_export, kea_rsa_fips, kea_ecdh_ecdsa, kea_ecdhe_ecdsa, @@ -191,7 +192,7 @@ typedef enum { kea_ecdhe_rsa, kea_ecdh_anon } SSL3KeyExchangeAlgorithm; - + typedef struct { SECItem modulus; SECItem exponent; @@ -205,8 +206,8 @@ typedef struct { typedef struct { union { - SSL3ServerDHParams dh; - SSL3ServerRSAParams rsa; + SSL3ServerDHParams dh; + SSL3ServerRSAParams rsa; } u; } SSL3ServerParams; @@ -250,56 +251,56 @@ typedef struct { unsigned int len; SECOidTag hashAlg; union { - PRUint8 raw[64]; - SSL3HashesIndividually s; + PRUint8 raw[64]; + SSL3HashesIndividually s; } u; } SSL3Hashes; typedef struct { union { - SSL3Opaque anonymous; - SSL3Hashes certified; + SSL3Opaque anonymous; + SSL3Hashes certified; } u; } SSL3ServerKeyExchange; - + typedef enum { - ct_RSA_sign = 1, - ct_DSS_sign = 2, - ct_RSA_fixed_DH = 3, - ct_DSS_fixed_DH = 4, - ct_RSA_ephemeral_DH = 5, + ct_RSA_sign = 1, + ct_DSS_sign = 2, + ct_RSA_fixed_DH = 3, + ct_DSS_fixed_DH = 4, + ct_RSA_ephemeral_DH = 5, ct_DSS_ephemeral_DH = 6, - ct_ECDSA_sign = 64, - ct_RSA_fixed_ECDH = 65, - ct_ECDSA_fixed_ECDH = 66 + ct_ECDSA_sign = 64, + ct_RSA_fixed_ECDH = 65, + ct_ECDSA_fixed_ECDH = 66 } SSL3ClientCertificateType; - + typedef SECItem *SSL3DistinquishedName; typedef struct { SSL3Opaque client_version[2]; SSL3Opaque random[46]; } SSL3RSAPreMasterSecret; - + typedef SECItem SSL3EncryptedPreMasterSecret; typedef SSL3Opaque SSL3MasterSecret[48]; typedef enum { implicit, explicit } SSL3PublicValueEncoding; - + typedef struct { union { - SSL3Opaque implicit; - SECItem explicit; + SSL3Opaque implicit; + SECItem explicit; } dh_public; } SSL3ClientDiffieHellmanPublic; - + typedef struct { union { - SSL3EncryptedPreMasterSecret rsa; - SSL3ClientDiffieHellmanPublic diffie_helman; + SSL3EncryptedPreMasterSecret rsa; + SSL3ClientDiffieHellmanPublic diffie_helman; } exchange_keys; } SSL3ClientKeyExchange; @@ -312,7 +313,7 @@ typedef enum { sender_server = 0x53525652 } SSL3Sender; -typedef SSL3HashesIndividually SSL3Finished; +typedef SSL3HashesIndividually SSL3Finished; typedef struct { SSL3Opaque verify_data[12]; @@ -320,7 +321,7 @@ typedef struct { /* * TLS extension related data structures and constants. - */ + */ /* SessionTicket extension related data structures. */ @@ -339,7 +340,7 @@ typedef enum { typedef struct { ClientAuthenticationType client_auth_type; union { - SSL3Opaque *certificate_list; + SSL3Opaque *certificate_list; } identity; } ClientIdentity; @@ -355,7 +356,7 @@ typedef struct { unsigned char *mac; } EncryptedSessionTicket; -#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 +#define TLS_EX_SESS_TICKET_MAC_LENGTH 32 #define TLS_STE_NO_SERVER_NAME -1 diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 07b61d53..38520859 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -8,179 +8,179 @@ #define __SSL_ERR_H_ -#define SSL_ERROR_BASE (-0x3000) -#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) +#define SSL_ERROR_BASE (-0x3000) +#define SSL_ERROR_LIMIT (SSL_ERROR_BASE + 1000) #define IS_SSL_ERROR(code) \ (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), -SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), -SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), -/* +SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0), +SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1), +SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2), +/* * Received an alert reporting what we did wrong. (more alerts below) */ -SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), -SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), -SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), - /* error 5 is obsolete */ -SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), -SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), -SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), -SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), -SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), - /* error 10 is obsolete */ -SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), -SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), -SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), -SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), -SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), -/* +SSL_ERROR_NO_CERTIFICATE /*_ALERT */ = (SSL_ERROR_BASE + 3), +SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4), +SSL_ERROR_UNUSED_5 = (SSL_ERROR_BASE + 5), + /* error 5 is obsolete */ +SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6), +SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7), +SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8), +SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9), +SSL_ERROR_UNUSED_10 = (SSL_ERROR_BASE + 10), + /* error 10 is obsolete */ +SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11), +SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12), +SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13), +SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14), +SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15), +/* * Received an alert reporting what we did wrong. * (two more alerts above, and many more below) */ -SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), +SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16), SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17), -SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), -SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), +SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18), +SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19), -SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), -SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), -SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), -SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), -SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), -SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), -SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), -/* +SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20), +SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21), +SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22), +SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23), +SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24), +SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25), +SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26), +/* * Received a malformed (too long or short) SSL handshake. */ -SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), -SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), -SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), -SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), -SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), -SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), -SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), -SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), -SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), -SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), -/* +SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27), +SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28), +SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29), +SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30), +SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31), +SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32), +SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33), +SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34), +SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35), +SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36), +/* * Received a malformed (too long or short) SSL record. */ -SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), -SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), -SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), -SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), +SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37), +SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38), +SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39), +SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40), /* * Received an SSL handshake that was inappropriate for the state we're in. * E.g. Server received message from server, or wrong state in state machine. */ -SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), -SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), -SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), -SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), -SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), -SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), -SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), -SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), -SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), -SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), +SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41), +SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42), +SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43), +SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44), +SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45), +SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46), +SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47), +SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48), +SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49), +SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50), /* * Received an SSL record that was inappropriate for the state we're in. */ -SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), -SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), -SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), -SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA= (SSL_ERROR_BASE + 54), +SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51), +SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52), +SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53), +SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54), /* * Received record/message with unknown discriminant. */ -SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), -SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), -SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), -/* +SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55), +SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56), +SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57), +/* * Received an alert reporting what we did wrong. (more alerts above) */ -SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), -SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), -SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), -SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), -SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), -SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), -SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), +SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58), +SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59), +SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60), +SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61), +SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62), +SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63), +SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64), -SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), -SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), -SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), -SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), -SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), +SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65), +SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66), +SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67), +SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68), +SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69), -SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), -SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ -SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), +SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70), +SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71), /* don't use */ +SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72), -SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), -SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), -SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), -SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), -SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), -SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), -SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), -SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), -SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), -SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), -SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), -SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), -SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), -SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), -SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), -SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), +SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73), +SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74), +SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75), +SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76), +SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77), +SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78), +SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79), +SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80), +SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81), +SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82), +SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83), +SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84), +SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85), +SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86), +SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87), +SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88), /* SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA became obsolete in NSS 3.14. */ -SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), -SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), +SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89), +SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90), -SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), -SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), -SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), -SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), -SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), -SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), -SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), -SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), -SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), -SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), -SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), -SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), +SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91), +SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92), +SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93), +SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94), +SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95), +SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96), +SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97), +SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98), +SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99), +SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100), +SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101), +SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102), -SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), +SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103), -SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), -SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), -SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), -SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), -SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), +SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104), +SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105), +SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106), +SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107), +SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108), SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109), -SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), +SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), -SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), +SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112), SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), -SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), +SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115), -SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), +SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 116), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118), SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119), -SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), -SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), +SSL_ERROR_INVALID_VERSION_RANGE = (SSL_ERROR_BASE + 120), +SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121), SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122), SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123), @@ -189,11 +189,14 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124), SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125), -SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), -SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), +SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (SSL_ERROR_BASE + 126), +SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127), SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128), -SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ +SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129), +SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), + +SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 180b6ae7..7a283c73 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -1,5 +1,5 @@ /* - * Various and sundry protocol constants. DON'T CHANGE THESE. These values + * Various and sundry protocol constants. DON'T CHANGE THESE. These values * are mostly defined by the SSL2, SSL3, or TLS protocol specifications. * Cipher kinds and ciphersuites are part of the public API. * @@ -11,75 +11,77 @@ #define __sslproto_h_ /* All versions less than 3_0 are treated as SSL version 2 */ -#define SSL_LIBRARY_VERSION_2 0x0002 -#define SSL_LIBRARY_VERSION_3_0 0x0300 -#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 -#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 -#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 +#define SSL_LIBRARY_VERSION_2 0x0002 +#define SSL_LIBRARY_VERSION_3_0 0x0300 +#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 +#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 +#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 /* Note: this is the internal format, not the wire format */ -#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 +#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 /* deprecated old name */ -#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 +#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 -/* The DTLS version used in the spec */ +/* The DTLS versions used in the spec */ #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) +#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) /* Header lengths of some of the messages */ -#define SSL_HL_ERROR_HBYTES 3 -#define SSL_HL_CLIENT_HELLO_HBYTES 9 -#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 -#define SSL_HL_CLIENT_FINISHED_HBYTES 1 -#define SSL_HL_SERVER_HELLO_HBYTES 11 -#define SSL_HL_SERVER_VERIFY_HBYTES 1 -#define SSL_HL_SERVER_FINISHED_HBYTES 1 -#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 -#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 +#define SSL_HL_ERROR_HBYTES 3 +#define SSL_HL_CLIENT_HELLO_HBYTES 9 +#define SSL_HL_CLIENT_MASTER_KEY_HBYTES 10 +#define SSL_HL_CLIENT_FINISHED_HBYTES 1 +#define SSL_HL_SERVER_HELLO_HBYTES 11 +#define SSL_HL_SERVER_VERIFY_HBYTES 1 +#define SSL_HL_SERVER_FINISHED_HBYTES 1 +#define SSL_HL_REQUEST_CERTIFICATE_HBYTES 2 +#define SSL_HL_CLIENT_CERTIFICATE_HBYTES 6 /* Security handshake protocol codes */ -#define SSL_MT_ERROR 0 -#define SSL_MT_CLIENT_HELLO 1 -#define SSL_MT_CLIENT_MASTER_KEY 2 -#define SSL_MT_CLIENT_FINISHED 3 -#define SSL_MT_SERVER_HELLO 4 -#define SSL_MT_SERVER_VERIFY 5 -#define SSL_MT_SERVER_FINISHED 6 -#define SSL_MT_REQUEST_CERTIFICATE 7 -#define SSL_MT_CLIENT_CERTIFICATE 8 +#define SSL_MT_ERROR 0 +#define SSL_MT_CLIENT_HELLO 1 +#define SSL_MT_CLIENT_MASTER_KEY 2 +#define SSL_MT_CLIENT_FINISHED 3 +#define SSL_MT_SERVER_HELLO 4 +#define SSL_MT_SERVER_VERIFY 5 +#define SSL_MT_SERVER_FINISHED 6 +#define SSL_MT_REQUEST_CERTIFICATE 7 +#define SSL_MT_CLIENT_CERTIFICATE 8 /* Certificate types */ -#define SSL_CT_X509_CERTIFICATE 0x01 +#define SSL_CT_X509_CERTIFICATE 0x01 #if 0 /* XXX Not implemented yet */ -#define SSL_PKCS6_CERTIFICATE 0x02 +#define SSL_PKCS6_CERTIFICATE 0x02 #endif -#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 +#define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01 /* Error codes */ -#define SSL_PE_NO_CYPHERS 0x0001 -#define SSL_PE_NO_CERTIFICATE 0x0002 -#define SSL_PE_BAD_CERTIFICATE 0x0004 -#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 +#define SSL_PE_NO_CYPHERS 0x0001 +#define SSL_PE_NO_CERTIFICATE 0x0002 +#define SSL_PE_BAD_CERTIFICATE 0x0004 +#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 /* Cypher kinds (not the spec version!) */ -#define SSL_CK_RC4_128_WITH_MD5 0x01 -#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 -#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 -#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 -#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 -#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 -#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 +#define SSL_CK_RC4_128_WITH_MD5 0x01 +#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02 +#define SSL_CK_RC2_128_CBC_WITH_MD5 0x03 +#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04 +#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05 +#define SSL_CK_DES_64_CBC_WITH_MD5 0x06 +#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07 -/* Cipher enables. These are used only for SSL_EnableCipher - * These values define the SSL2 suites, and do not colide with the +/* Cipher enables. These are used only for SSL_EnableCipher + * These values define the SSL2 suites, and do not colide with the * SSL3 Cipher suites defined below. */ -#define SSL_EN_RC4_128_WITH_MD5 0xFF01 -#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 -#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 -#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 -#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 -#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 -#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 +#define SSL_EN_RC4_128_WITH_MD5 0xFF01 +#define SSL_EN_RC4_128_EXPORT40_WITH_MD5 0xFF02 +#define SSL_EN_RC2_128_CBC_WITH_MD5 0xFF03 +#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 0xFF04 +#define SSL_EN_IDEA_128_CBC_WITH_MD5 0xFF05 +#define SSL_EN_DES_64_CBC_WITH_MD5 0xFF06 +#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5 0xFF07 /* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */ #ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES @@ -117,66 +119,66 @@ #define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA #endif -#define TLS_NULL_WITH_NULL_NULL 0x0000 +#define TLS_NULL_WITH_NULL_NULL 0x0000 -#define TLS_RSA_WITH_NULL_MD5 0x0001 -#define TLS_RSA_WITH_NULL_SHA 0x0002 -#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 -#define TLS_RSA_WITH_RC4_128_MD5 0x0004 -#define TLS_RSA_WITH_RC4_128_SHA 0x0005 -#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 -#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 -#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 -#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 -#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a +#define TLS_RSA_WITH_NULL_MD5 0x0001 +#define TLS_RSA_WITH_NULL_SHA 0x0002 +#define TLS_RSA_EXPORT_WITH_RC4_40_MD5 0x0003 +#define TLS_RSA_WITH_RC4_128_MD5 0x0004 +#define TLS_RSA_WITH_RC4_128_SHA 0x0005 +#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 0x0006 +#define TLS_RSA_WITH_IDEA_CBC_SHA 0x0007 +#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0008 +#define TLS_RSA_WITH_DES_CBC_SHA 0x0009 +#define TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x000a -#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b -#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c -#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d -#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e -#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f -#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 +#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA 0x000b +#define TLS_DH_DSS_WITH_DES_CBC_SHA 0x000c +#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA 0x000d +#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA 0x000e +#define TLS_DH_RSA_WITH_DES_CBC_SHA 0x000f +#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA 0x0010 -#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 -#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 -#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 -#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 -#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 -#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 +#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 0x0011 +#define TLS_DHE_DSS_WITH_DES_CBC_SHA 0x0012 +#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x0013 +#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 0x0014 +#define TLS_DHE_RSA_WITH_DES_CBC_SHA 0x0015 +#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x0016 -#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 -#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 -#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 -#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a -#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b +#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 0x0017 +#define TLS_DH_anon_WITH_RC4_128_MD5 0x0018 +#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 0x0019 +#define TLS_DH_anon_WITH_DES_CBC_SHA 0x001a +#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 0x001b -#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ -#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */ +#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */ -#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F -#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 -#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 -#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 -#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 -#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 +#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F +#define TLS_DH_DSS_WITH_AES_128_CBC_SHA 0x0030 +#define TLS_DH_RSA_WITH_AES_128_CBC_SHA 0x0031 +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x0032 +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 +#define TLS_DH_anon_WITH_AES_128_CBC_SHA 0x0034 -#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 -#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 -#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 -#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 -#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 -#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A -#define TLS_RSA_WITH_NULL_SHA256 0x003B -#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C -#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D +#define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 +#define TLS_DH_DSS_WITH_AES_256_CBC_SHA 0x0036 +#define TLS_DH_RSA_WITH_AES_256_CBC_SHA 0x0037 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x0038 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 +#define TLS_DH_anon_WITH_AES_256_CBC_SHA 0x003A +#define TLS_RSA_WITH_NULL_SHA256 0x003B +#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C +#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D -#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 -#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 -#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 -#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 -#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 -#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 +#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 +#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 +#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 +#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA 0x0046 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 @@ -187,14 +189,14 @@ #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B -#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 -#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 -#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 -#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 -#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 -#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 +#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 +#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 +#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 +#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 0x0089 -#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 +#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E @@ -204,7 +206,7 @@ * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending * back an empty Renegotiation Info (RI) server hello extension. */ -#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF +#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF /* Cipher Suite Values starting with 0xC000 are defined in informational * RFCs. @@ -248,18 +250,18 @@ #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /* Netscape "experimental" cipher suites. */ -#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 -#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 +#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 +#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 /* New non-experimental openly spec'ed versions of those cipher suites. */ -#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff -#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe +#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff +#define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe /* DTLS-SRTP cipher suites from RFC 5764 */ /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ -#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 -#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 -#define SRTP_NULL_HMAC_SHA1_80 0x0005 -#define SRTP_NULL_HMAC_SHA1_32 0x0006 +#define SRTP_AES128_CM_HMAC_SHA1_80 0x0001 +#define SRTP_AES128_CM_HMAC_SHA1_32 0x0002 +#define SRTP_NULL_HMAC_SHA1_80 0x0005 +#define SRTP_NULL_HMAC_SHA1_32 0x0006 #endif /* __sslproto_h_ */ diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 5144bc18..ee357b63 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -1,5 +1,5 @@ /* - * vtables (and methods that call through them) for the 4 types of + * vtables (and methods that call through them) for the 4 types of * SSLSockets supported. Only one type is still supported. * Various other functions. * @@ -21,7 +21,7 @@ #define SET_ERROR_CODE /* reminder */ -static const sslSocketOps ssl_default_ops = { /* No SSL. */ +static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefConnect, NULL, ssl_DefBind, @@ -36,7 +36,7 @@ static const sslSocketOps ssl_default_ops = { /* No SSL. */ ssl_DefGetsockname }; -static const sslSocketOps ssl_secure_ops = { /* SSL. */ +static const sslSocketOps ssl_secure_ops = { /* SSL. */ ssl_SecureConnect, NULL, ssl_DefBind, @@ -56,19 +56,19 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ */ static sslOptions ssl_defaults = { { siBuffer, NULL, 0 }, /* nextProtoNego */ - PR_TRUE, /* useSecurity */ - PR_FALSE, /* useSocks */ - PR_FALSE, /* requestCertificate */ - 2, /* requireCertificate */ - PR_FALSE, /* handshakeAsClient */ - PR_FALSE, /* handshakeAsServer */ - PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ - PR_FALSE, /* unusedBit9 */ - PR_FALSE, /* unusedBit10 */ - PR_FALSE, /* noCache */ - PR_FALSE, /* fdx */ - PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ - PR_TRUE, /* detectRollBack */ + PR_TRUE, /* useSecurity */ + PR_FALSE, /* useSocks */ + PR_FALSE, /* requestCertificate */ + 2, /* requireCertificate */ + PR_FALSE, /* handshakeAsClient */ + PR_FALSE, /* handshakeAsServer */ + PR_FALSE, /* enableSSL2 */ /* now defaults to off in NSS 3.13 */ + PR_FALSE, /* unusedBit9 */ + PR_FALSE, /* unusedBit10 */ + PR_FALSE, /* noCache */ + PR_FALSE, /* fdx */ + PR_FALSE, /* v2CompatibleHello */ /* now defaults to off in NSS 3.13 */ + PR_TRUE, /* detectRollBack */ PR_FALSE, /* noStepDown */ PR_FALSE, /* bypassPKCS11 */ PR_FALSE, /* noLocks */ @@ -107,9 +107,9 @@ sslSessionIDUncacheFunc ssl_sid_uncache; static PRBool ssl_inited = PR_FALSE; static PRDescIdentity ssl_layer_id; -PRBool locksEverDisabled; /* implicitly PR_FALSE */ -PRBool ssl_force_locks; /* implicitly PR_FALSE */ -int ssl_lock_readers = 1; /* default true. */ +PRBool locksEverDisabled; /* implicitly PR_FALSE */ +PRBool ssl_force_locks; /* implicitly PR_FALSE */ +int ssl_lock_readers = 1; /* default true. */ char ssl_debug; char ssl_trace; FILE * ssl_trace_iob; @@ -128,7 +128,7 @@ static const PRUint16 srtpCiphers[] = { static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant); static SECStatus ssl_MakeLocks(sslSocket *ss); static void ssl_SetDefaultsFromEnvironment(void); -static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, +static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id); /************************************************************************/ @@ -149,8 +149,8 @@ ssl_GetPrivate(PRFileDesc *fd) if (fd->methods->file_type != PR_DESC_LAYERED || fd->identity != ssl_layer_id) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)fd->secret; @@ -163,9 +163,9 @@ ssl_GetPrivate(PRFileDesc *fd) return ss; } -/* This function tries to find the SSL layer in the stack. +/* This function tries to find the SSL layer in the stack. * It searches for the first SSL layer at or below the argument fd, - * and failing that, it searches for the nearest SSL layer above the + * and failing that, it searches for the nearest SSL layer above the * argument fd. It returns the private sslSocket from the found layer. */ sslSocket * @@ -179,8 +179,8 @@ ssl_FindSocket(PRFileDesc *fd) layer = PR_GetIdentitiesLayer(fd, ssl_layer_id); if (layer == NULL) { - PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); - return NULL; + PORT_SetError(PR_BAD_DESCRIPTOR_ERROR); + return NULL; } ss = (sslSocket *)layer->secret; @@ -201,94 +201,94 @@ ssl_DupSocket(sslSocket *os) ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant); if (ss) { - ss->opt = os->opt; - ss->opt.useSocks = PR_FALSE; - ss->vrange = os->vrange; + ss->opt = os->opt; + ss->opt.useSocks = PR_FALSE; + ss->vrange = os->vrange; - ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); - ss->url = !os->url ? NULL : PORT_Strdup(os->url); + ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID); + ss->url = !os->url ? NULL : PORT_Strdup(os->url); - ss->ops = os->ops; - ss->rTimeout = os->rTimeout; - ss->wTimeout = os->wTimeout; - ss->cTimeout = os->cTimeout; - ss->dbHandle = os->dbHandle; + ss->ops = os->ops; + ss->rTimeout = os->rTimeout; + ss->wTimeout = os->wTimeout; + ss->cTimeout = os->cTimeout; + ss->dbHandle = os->dbHandle; - /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ - ss->allowedByPolicy = os->allowedByPolicy; - ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; - ss->chosenPreference = os->chosenPreference; - PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); - PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, - sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); - ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; + /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */ + ss->allowedByPolicy = os->allowedByPolicy; + ss->maybeAllowedByPolicy= os->maybeAllowedByPolicy; + ss->chosenPreference = os->chosenPreference; + PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites); + PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, + sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); + ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; - if (os->cipherSpecs) { - ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); - if (ss->cipherSpecs) - PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, - os->sizeCipherSpecs); - ss->sizeCipherSpecs = os->sizeCipherSpecs; - ss->preferredCipher = os->preferredCipher; - } else { - ss->cipherSpecs = NULL; /* produced lazily */ - ss->sizeCipherSpecs = 0; - ss->preferredCipher = NULL; - } - if (ss->opt.useSecurity) { - /* This int should be SSLKEAType, but CC on Irix complains, - * during the for loop. - */ - int i; - sslServerCerts * oc = os->serverCerts; - sslServerCerts * sc = ss->serverCerts; - - for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { - if (oc->serverCert && oc->serverCertChain) { - sc->serverCert = CERT_DupCertificate(oc->serverCert); - sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); - if (!sc->serverCertChain) - goto loser; - } else { - sc->serverCert = NULL; - sc->serverCertChain = NULL; - } - sc->serverKeyPair = oc->serverKeyPair ? - ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; - if (oc->serverKeyPair && !sc->serverKeyPair) - goto loser; - sc->serverKeyBits = oc->serverKeyBits; - ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : - SECITEM_DupArray(NULL, os->certStatusArray[i]); - } - ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : - ssl3_GetKeyPairRef(os->stepDownKeyPair); - ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : - ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + if (os->cipherSpecs) { + ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); + if (ss->cipherSpecs) + PORT_Memcpy(ss->cipherSpecs, os->cipherSpecs, + os->sizeCipherSpecs); + ss->sizeCipherSpecs = os->sizeCipherSpecs; + ss->preferredCipher = os->preferredCipher; + } else { + ss->cipherSpecs = NULL; /* produced lazily */ + ss->sizeCipherSpecs = 0; + ss->preferredCipher = NULL; + } + if (ss->opt.useSecurity) { + /* This int should be SSLKEAType, but CC on Irix complains, + * during the for loop. + */ + int i; + sslServerCerts * oc = os->serverCerts; + sslServerCerts * sc = ss->serverCerts; + + for (i=kt_null; i < kt_kea_size; i++, oc++, sc++) { + if (oc->serverCert && oc->serverCertChain) { + sc->serverCert = CERT_DupCertificate(oc->serverCert); + sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); + if (!sc->serverCertChain) + goto loser; + } else { + sc->serverCert = NULL; + sc->serverCertChain = NULL; + } + sc->serverKeyPair = oc->serverKeyPair ? + ssl3_GetKeyPairRef(oc->serverKeyPair) : NULL; + if (oc->serverKeyPair && !sc->serverKeyPair) + goto loser; + sc->serverKeyBits = oc->serverKeyBits; + ss->certStatusArray[i] = !os->certStatusArray[i] ? NULL : + SECITEM_DupArray(NULL, os->certStatusArray[i]); + } + ss->stepDownKeyPair = !os->stepDownKeyPair ? NULL : + ssl3_GetKeyPairRef(os->stepDownKeyPair); + ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : + ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); /* * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. * XXX We should detect this, and not just march on with NULL pointers. */ - ss->authCertificate = os->authCertificate; - ss->authCertificateArg = os->authCertificateArg; - ss->getClientAuthData = os->getClientAuthData; - ss->getClientAuthDataArg = os->getClientAuthDataArg; + ss->authCertificate = os->authCertificate; + ss->authCertificateArg = os->authCertificateArg; + ss->getClientAuthData = os->getClientAuthData; + ss->getClientAuthDataArg = os->getClientAuthDataArg; ss->sniSocketConfig = os->sniSocketConfig; ss->sniSocketConfigArg = os->sniSocketConfigArg; - ss->handleBadCert = os->handleBadCert; - ss->badCertArg = os->badCertArg; - ss->handshakeCallback = os->handshakeCallback; - ss->handshakeCallbackData = os->handshakeCallbackData; - ss->canFalseStartCallback = os->canFalseStartCallback; - ss->canFalseStartCallbackData = os->canFalseStartCallbackData; - ss->pkcs11PinArg = os->pkcs11PinArg; - - /* Create security data */ - rv = ssl_CopySecurityInfo(ss, os); - if (rv != SECSuccess) { - goto loser; - } - } + ss->handleBadCert = os->handleBadCert; + ss->badCertArg = os->badCertArg; + ss->handshakeCallback = os->handshakeCallback; + ss->handshakeCallbackData = os->handshakeCallbackData; + ss->canFalseStartCallback = os->canFalseStartCallback; + ss->canFalseStartCallbackData = os->canFalseStartCallbackData; + ss->pkcs11PinArg = os->pkcs11PinArg; + + /* Create security data */ + rv = ssl_CopySecurityInfo(ss, os); + if (rv != SECSuccess) { + goto loser; + } + } } return ss; @@ -302,33 +302,33 @@ ssl_DestroyLocks(sslSocket *ss) { /* Destroy locks. */ if (ss->firstHandshakeLock) { - PZ_DestroyMonitor(ss->firstHandshakeLock); - ss->firstHandshakeLock = NULL; + PZ_DestroyMonitor(ss->firstHandshakeLock); + ss->firstHandshakeLock = NULL; } if (ss->ssl3HandshakeLock) { - PZ_DestroyMonitor(ss->ssl3HandshakeLock); - ss->ssl3HandshakeLock = NULL; + PZ_DestroyMonitor(ss->ssl3HandshakeLock); + ss->ssl3HandshakeLock = NULL; } if (ss->specLock) { - NSSRWLock_Destroy(ss->specLock); - ss->specLock = NULL; + NSSRWLock_Destroy(ss->specLock); + ss->specLock = NULL; } if (ss->recvLock) { - PZ_DestroyLock(ss->recvLock); - ss->recvLock = NULL; + PZ_DestroyLock(ss->recvLock); + ss->recvLock = NULL; } if (ss->sendLock) { - PZ_DestroyLock(ss->sendLock); - ss->sendLock = NULL; + PZ_DestroyLock(ss->sendLock); + ss->sendLock = NULL; } if (ss->xmitBufLock) { - PZ_DestroyMonitor(ss->xmitBufLock); - ss->xmitBufLock = NULL; + PZ_DestroyMonitor(ss->xmitBufLock); + ss->xmitBufLock = NULL; } if (ss->recvBufLock) { - PZ_DestroyMonitor(ss->recvBufLock); - ss->recvBufLock = NULL; + PZ_DestroyMonitor(ss->recvBufLock); + ss->recvBufLock = NULL; } } @@ -351,36 +351,36 @@ ssl_DestroySocketContents(sslSocket *ss) ssl_DestroyGather(&ss->gs); if (ss->peerID != NULL) - PORT_Free(ss->peerID); + PORT_Free(ss->peerID); if (ss->url != NULL) - PORT_Free((void *)ss->url); /* CONST */ + PORT_Free((void *)ss->url); /* CONST */ if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; } /* Clean up server configuration */ for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - if (sc->serverCert != NULL) - CERT_DestroyCertificate(sc->serverCert); - if (sc->serverCertChain != NULL) - CERT_DestroyCertificateList(sc->serverCertChain); - if (sc->serverKeyPair != NULL) - ssl3_FreeKeyPair(sc->serverKeyPair); - if (ss->certStatusArray[i] != NULL) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } + sslServerCerts * sc = ss->serverCerts + i; + if (sc->serverCert != NULL) + CERT_DestroyCertificate(sc->serverCert); + if (sc->serverCertChain != NULL) + CERT_DestroyCertificateList(sc->serverCertChain); + if (sc->serverKeyPair != NULL) + ssl3_FreeKeyPair(sc->serverKeyPair); + if (ss->certStatusArray[i] != NULL) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } } if (ss->stepDownKeyPair) { - ssl3_FreeKeyPair(ss->stepDownKeyPair); - ss->stepDownKeyPair = NULL; + ssl3_FreeKeyPair(ss->stepDownKeyPair); + ss->stepDownKeyPair = NULL; } if (ss->ephemeralECDHKeyPair) { - ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); - ss->ephemeralECDHKeyPair = NULL; + ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); + ss->ephemeralECDHKeyPair = NULL; } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); PORT_Assert(!ss->xtnData.sniNameArr); @@ -428,7 +428,7 @@ ssl_FreeSocket(sslSocket *ss) } /************************************************************************/ -SECStatus +SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled) { PRFileDesc * osfd = ss->fd->lower; @@ -506,26 +506,26 @@ static void ssl_EnableTLS(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; - vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_TLS_1_0; + vrange->max = SSL_LIBRARY_VERSION_TLS_1_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled version to include TLS 1.0 */ - vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); + /* Expand the range of enabled version to include TLS 1.0 */ + vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0); } else { - /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ - if (vrange->min == SSL_LIBRARY_VERSION_3_0) { - vrange->max = SSL_LIBRARY_VERSION_3_0; - } else { - /* Only TLS was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */ + if (vrange->min == SSL_LIBRARY_VERSION_3_0) { + vrange->max = SSL_LIBRARY_VERSION_3_0; + } else { + /* Only TLS was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -536,28 +536,28 @@ static void ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on) { if (SSL3_ALL_VERSIONS_DISABLED(vrange)) { - if (on) { - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_3_0; - } /* else don't change anything */ - return; + if (on) { + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_3_0; + } /* else don't change anything */ + return; } if (on) { - /* Expand the range of enabled versions to include SSL 3.0. We know - * SSL 3.0 or some version of TLS is already enabled at this point, so - * we don't need to change vrange->max. - */ - vrange->min = SSL_LIBRARY_VERSION_3_0; + /* Expand the range of enabled versions to include SSL 3.0. We know + * SSL 3.0 or some version of TLS is already enabled at this point, so + * we don't need to change vrange->max. + */ + vrange->min = SSL_LIBRARY_VERSION_3_0; } else { - /* Disable SSL 3.0, leaving TLS unaffected. */ - if (vrange->max > SSL_LIBRARY_VERSION_3_0) { - vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); - } else { - /* Only SSL 3.0 was enabled, so now no versions are. */ - vrange->min = SSL_LIBRARY_VERSION_NONE; - vrange->max = SSL_LIBRARY_VERSION_NONE; - } + /* Disable SSL 3.0, leaving TLS unaffected. */ + if (vrange->max > SSL_LIBRARY_VERSION_3_0) { + vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0); + } else { + /* Only SSL 3.0 was enabled, so now no versions are. */ + vrange->min = SSL_LIBRARY_VERSION_NONE; + vrange->max = SSL_LIBRARY_VERSION_NONE; + } } } @@ -569,8 +569,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) PRBool holdingLocks; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + return SECFailure; } holdingLocks = (!ss->opt.noLocks); @@ -579,140 +579,140 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) switch (which) { case SSL_SOCKS: - ss->opt.useSocks = PR_FALSE; - rv = PrepareSocket(ss); - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - break; + ss->opt.useSocks = PR_FALSE; + rv = PrepareSocket(ss); + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + break; case SSL_SECURITY: - ss->opt.useSecurity = on; - rv = PrepareSocket(ss); - break; + ss->opt.useSecurity = on; + rv = PrepareSocket(ss); + break; case SSL_REQUEST_CERTIFICATE: - ss->opt.requestCertificate = on; - break; + ss->opt.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ss->opt.requireCertificate = on; - break; + ss->opt.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ss->opt.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsClient = on; - break; + if ( ss->opt.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ss->opt.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - break; - } - ss->opt.handshakeAsServer = on; - break; + if ( ss->opt.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + break; + } + ss->opt.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableTLS(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableTLS(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL3: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ssl_EnableSSL3(&ss->vrange, on); - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ssl_EnableSSL3(&ss->vrange, on); + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_ENABLE_SSL2: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.enableSSL2 = on; - if (on) { - ss->opt.v2CompatibleHello = on; - } - ss->preferredCipher = NULL; - if (ss->cipherSpecs) { - PORT_Free(ss->cipherSpecs); - ss->cipherSpecs = NULL; - ss->sizeCipherSpecs = 0; - } - break; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.enableSSL2 = on; + if (on) { + ss->opt.v2CompatibleHello = on; + } + ss->preferredCipher = NULL; + if (ss->cipherSpecs) { + PORT_Free(ss->cipherSpecs); + ss->cipherSpecs = NULL; + ss->sizeCipherSpecs = 0; + } + break; case SSL_NO_CACHE: - ss->opt.noCache = on; - break; + ss->opt.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ss->opt.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - ss->opt.fdx = on; - break; + if (on && ss->opt.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + ss->opt.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: if (IS_DTLS(ss)) { - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; /* not allowed */ - } - break; - } - ss->opt.v2CompatibleHello = on; - if (!on) { - ss->opt.enableSSL2 = on; - } - break; - - case SSL_ROLLBACK_DETECTION: - ss->opt.detectRollBack = on; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; /* not allowed */ + } + break; + } + ss->opt.v2CompatibleHello = on; + if (!on) { + ss->opt.enableSSL2 = on; + } break; - case SSL_NO_STEP_DOWN: - ss->opt.noStepDown = on; - if (on) - SSL_DisableExportCipherSuites(fd); - break; + case SSL_ROLLBACK_DETECTION: + ss->opt.detectRollBack = on; + break; + + case SSL_NO_STEP_DOWN: + ss->opt.noStepDown = on; + if (on) + SSL_DisableExportCipherSuites(fd); + break; case SSL_BYPASS_PKCS11: - if (ss->handshakeBegun) { - PORT_SetError(PR_INVALID_STATE_ERROR); - rv = SECFailure; - } else { + if (ss->handshakeBegun) { + PORT_SetError(PR_INVALID_STATE_ERROR); + rv = SECFailure; + } else { if (PR_FALSE != on) { if (PR_SUCCESS == SSL_BypassSetup() ) { #ifdef NO_PKCS11_BYPASS @@ -726,67 +726,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) } else { ss->opt.bypassPKCS11 = PR_FALSE; } - } - break; + } + break; case SSL_NO_LOCKS: - if (on && ss->opt.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ss->opt.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } else if (!holdingLocks) { - rv = ssl_MakeLocks(ss); - if (rv != SECSuccess) { - ss->opt.noLocks = PR_TRUE; - } - } - break; + if (on && ss->opt.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ss->opt.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } else if (!holdingLocks) { + rv = ssl_MakeLocks(ss); + if (rv != SECSuccess) { + ss->opt.noLocks = PR_TRUE; + } + } + break; case SSL_ENABLE_SESSION_TICKETS: - ss->opt.enableSessionTickets = on; - break; + ss->opt.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ss->opt.enableDeflate = on; - break; + ss->opt.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ss->opt.enableRenegotiation = on; - break; + ss->opt.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ss->opt.requireSafeNegotiation = on; - break; + ss->opt.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ss->opt.enableFalseStart = on; - break; + ss->opt.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ss->opt.cbcRandomIV = on; - break; + ss->opt.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ss->opt.enableOCSPStapling = on; break; case SSL_ENABLE_NPN: - ss->opt.enableNPN = on; - break; + ss->opt.enableNPN = on; + break; case SSL_ENABLE_ALPN: - ss->opt.enableALPN = on; - break; + ss->opt.enableALPN = on; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } /* We can't use the macros for releasing the locks here, @@ -795,8 +795,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) * regardless of the current value of ss->opt.noLocks. */ if (holdingLocks) { - PZ_ExitMonitor((ss)->ssl3HandshakeLock); - PZ_ExitMonitor((ss)->firstHandshakeLock); + PZ_ExitMonitor((ss)->ssl3HandshakeLock); + PZ_ExitMonitor((ss)->firstHandshakeLock); } return rv; @@ -810,13 +810,13 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); - *pOn = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd)); + *pOn = PR_FALSE; + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -830,11 +830,11 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ss->opt.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ss->opt.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; - break; + on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ss->opt.enableSSL2; break; case SSL_NO_CACHE: on = ss->opt.noCache; break; case SSL_ENABLE_FDX: on = ss->opt.fdx; break; @@ -844,12 +844,12 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ss->opt.bypassPKCS11; break; case SSL_NO_LOCKS: on = ss->opt.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ss->opt.enableSessionTickets; - break; + on = ss->opt.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ss->opt.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: + case SSL_REQUIRE_SAFE_NEGOTIATION: on = ss->opt.requireSafeNegotiation; break; case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; @@ -858,8 +858,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } ssl_ReleaseSSL3HandshakeLock(ss); @@ -876,8 +876,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) PRBool on = PR_FALSE; if (!pOn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_SetDefaultsFromEnvironment(); @@ -890,13 +890,13 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_HANDSHAKE_AS_CLIENT: on = ssl_defaults.handshakeAsClient; break; case SSL_HANDSHAKE_AS_SERVER: on = ssl_defaults.handshakeAsServer; break; case SSL_ENABLE_TLS: - on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; - break; + on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0; + break; case SSL_ENABLE_SSL3: - on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; - break; + on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0; + break; case SSL_ENABLE_SSL2: on = ssl_defaults.enableSSL2; break; - case SSL_NO_CACHE: on = ssl_defaults.noCache; break; + case SSL_NO_CACHE: on = ssl_defaults.noCache; break; case SSL_ENABLE_FDX: on = ssl_defaults.fdx; break; case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello; break; case SSL_ROLLBACK_DETECTION: on = ssl_defaults.detectRollBack; break; @@ -904,14 +904,14 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_BYPASS_PKCS11: on = ssl_defaults.bypassPKCS11; break; case SSL_NO_LOCKS: on = ssl_defaults.noLocks; break; case SSL_ENABLE_SESSION_TICKETS: - on = ssl_defaults.enableSessionTickets; - break; + on = ssl_defaults.enableSessionTickets; + break; case SSL_ENABLE_DEFLATE: on = ssl_defaults.enableDeflate; break; - case SSL_ENABLE_RENEGOTIATION: + case SSL_ENABLE_RENEGOTIATION: on = ssl_defaults.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: - on = ssl_defaults.requireSafeNegotiation; - break; + case SSL_REQUIRE_SAFE_NEGOTIATION: + on = ssl_defaults.requireSafeNegotiation; + break; case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break; case SSL_ENABLE_OCSP_STAPLING: @@ -921,8 +921,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + rv = SECFailure; } *pOn = on; @@ -942,91 +942,91 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) SECStatus status = ssl_Init(); if (status != SECSuccess) { - return status; + return status; } ssl_SetDefaultsFromEnvironment(); switch (which) { case SSL_SOCKS: - ssl_defaults.useSocks = PR_FALSE; - if (on) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - break; + ssl_defaults.useSocks = PR_FALSE; + if (on) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + break; case SSL_SECURITY: - ssl_defaults.useSecurity = on; - break; + ssl_defaults.useSecurity = on; + break; case SSL_REQUEST_CERTIFICATE: - ssl_defaults.requestCertificate = on; - break; + ssl_defaults.requestCertificate = on; + break; case SSL_REQUIRE_CERTIFICATE: - ssl_defaults.requireCertificate = on; - break; + ssl_defaults.requireCertificate = on; + break; case SSL_HANDSHAKE_AS_CLIENT: - if ( ssl_defaults.handshakeAsServer && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsClient = on; - break; + if ( ssl_defaults.handshakeAsServer && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsClient = on; + break; case SSL_HANDSHAKE_AS_SERVER: - if ( ssl_defaults.handshakeAsClient && on ) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.handshakeAsServer = on; - break; + if ( ssl_defaults.handshakeAsClient && on ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.handshakeAsServer = on; + break; case SSL_ENABLE_TLS: - ssl_EnableTLS(&versions_defaults_stream, on); - break; + ssl_EnableTLS(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL3: - ssl_EnableSSL3(&versions_defaults_stream, on); - break; + ssl_EnableSSL3(&versions_defaults_stream, on); + break; case SSL_ENABLE_SSL2: - ssl_defaults.enableSSL2 = on; - if (on) { - ssl_defaults.v2CompatibleHello = on; - } - break; + ssl_defaults.enableSSL2 = on; + if (on) { + ssl_defaults.v2CompatibleHello = on; + } + break; case SSL_NO_CACHE: - ssl_defaults.noCache = on; - break; + ssl_defaults.noCache = on; + break; case SSL_ENABLE_FDX: - if (on && ssl_defaults.noLocks) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - ssl_defaults.fdx = on; - break; + if (on && ssl_defaults.noLocks) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + ssl_defaults.fdx = on; + break; case SSL_V2_COMPATIBLE_HELLO: - ssl_defaults.v2CompatibleHello = on; - if (!on) { - ssl_defaults.enableSSL2 = on; - } - break; + ssl_defaults.v2CompatibleHello = on; + if (!on) { + ssl_defaults.enableSSL2 = on; + } + break; - case SSL_ROLLBACK_DETECTION: - ssl_defaults.detectRollBack = on; - break; + case SSL_ROLLBACK_DETECTION: + ssl_defaults.detectRollBack = on; + break; - case SSL_NO_STEP_DOWN: - ssl_defaults.noStepDown = on; - if (on) - SSL_DisableDefaultExportCipherSuites(); - break; + case SSL_NO_STEP_DOWN: + ssl_defaults.noStepDown = on; + if (on) + SSL_DisableDefaultExportCipherSuites(); + break; case SSL_BYPASS_PKCS11: if (PR_FALSE != on) { @@ -1042,76 +1042,76 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) } else { ssl_defaults.bypassPKCS11 = PR_FALSE; } - break; + break; case SSL_NO_LOCKS: - if (on && ssl_defaults.fdx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - if (on && ssl_force_locks) - on = PR_FALSE; /* silent override */ - ssl_defaults.noLocks = on; - if (on) { - locksEverDisabled = PR_TRUE; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); - } - break; + if (on && ssl_defaults.fdx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (on && ssl_force_locks) + on = PR_FALSE; /* silent override */ + ssl_defaults.noLocks = on; + if (on) { + locksEverDisabled = PR_TRUE; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED."); + } + break; case SSL_ENABLE_SESSION_TICKETS: - ssl_defaults.enableSessionTickets = on; - break; + ssl_defaults.enableSessionTickets = on; + break; case SSL_ENABLE_DEFLATE: - ssl_defaults.enableDeflate = on; - break; + ssl_defaults.enableDeflate = on; + break; case SSL_ENABLE_RENEGOTIATION: - ssl_defaults.enableRenegotiation = on; - break; + ssl_defaults.enableRenegotiation = on; + break; case SSL_REQUIRE_SAFE_NEGOTIATION: - ssl_defaults.requireSafeNegotiation = on; - break; + ssl_defaults.requireSafeNegotiation = on; + break; case SSL_ENABLE_FALSE_START: - ssl_defaults.enableFalseStart = on; - break; + ssl_defaults.enableFalseStart = on; + break; case SSL_CBC_RANDOM_IV: - ssl_defaults.cbcRandomIV = on; - break; + ssl_defaults.cbcRandomIV = on; + break; case SSL_ENABLE_OCSP_STAPLING: ssl_defaults.enableOCSPStapling = on; break; case SSL_ENABLE_NPN: - ssl_defaults.enableNPN = on; - break; + ssl_defaults.enableNPN = on; + break; case SSL_ENABLE_ALPN: - ssl_defaults.enableALPN = on; - break; + ssl_defaults.enableALPN = on; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; } /* function tells us if the cipher suite is one that we no longer support. */ -static PRBool +static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) { switch (suite) { case SSL_FORTEZZA_DMS_WITH_NULL_SHA: case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: - return PR_TRUE; + return PR_TRUE; default: - return PR_FALSE; + return PR_FALSE; } } @@ -1123,14 +1123,14 @@ SECStatus SSL_SetPolicy(long which, int policy) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPolicySet(which, policy); } @@ -1140,15 +1140,15 @@ SSL_CipherPolicySet(PRInt32 which, PRInt32 policy) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) { - rv = SECSuccess; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_SetPolicy(which, policy); + rv = ssl2_SetPolicy(which, policy); } else { - rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); + rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); } return rv; } @@ -1159,16 +1159,16 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) SECStatus rv; if (!oPolicy) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *oPolicy = SSL_NOT_ALLOWED; - rv = SECSuccess; + *oPolicy = SSL_NOT_ALLOWED; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_GetPolicy(which, oPolicy); + rv = ssl2_GetPolicy(which, oPolicy); } else { - rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); + rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy); } return rv; } @@ -1176,20 +1176,20 @@ SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy) /* Part of the public NSS API. * Since this is a global (not per-socket) setting, we cannot use the * HandshakeLock to protect this. Probably want a global lock. - * These changes have no effect on any sslSockets already created. + * These changes have no effect on any sslSockets already created. */ SECStatus SSL_EnableCipher(long which, PRBool enabled) { if ((which & 0xfffe) == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) { - /* one of the two old FIPS ciphers */ - if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) - which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; - else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) - which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; + /* one of the two old FIPS ciphers */ + if (which == SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA) + which = SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA; + else if (which == SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA) + which = SSL_RSA_FIPS_WITH_DES_CBC_SHA; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; return SSL_CipherPrefSetDefault(which, enabled); } @@ -1199,39 +1199,39 @@ SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled) SECStatus rv = ssl_Init(); if (rv != SECSuccess) { - return rv; + return rv; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSetDefault(which, enabled); + rv = ssl2_CipherPrefSetDefault(which, enabled); } else { - rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled) { SECStatus rv; - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGetDefault(which, enabled); + rv = ssl2_CipherPrefGetDefault(which, enabled); } else { - rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled); } return rv; } @@ -1241,47 +1241,47 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd)); + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) - return SECSuccess; + return SECSuccess; if (enabled && ss->opt.noStepDown && SSL_IsExportCipherSuite(which)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; } if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefSet(ss, which, enabled); + rv = ssl2_CipherPrefSet(ss, which, enabled); } else { - rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled); } return rv; } -SECStatus +SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) { SECStatus rv; sslSocket *ss = ssl_FindSocket(fd); - + if (!enabled) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); - *enabled = PR_FALSE; - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd)); + *enabled = PR_FALSE; + return SECFailure; } if (ssl_IsRemovedCipherSuite(which)) { - *enabled = PR_FALSE; - rv = SECSuccess; + *enabled = PR_FALSE; + rv = SECSuccess; } else if (SSL_IS_SSL2_CIPHER(which)) { - rv = ssl2_CipherPrefGet(ss, which, enabled); + rv = ssl2_CipherPrefGet(ss, which, enabled); } else { - rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); + rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); } return rv; } @@ -1293,9 +1293,9 @@ NSS_SetDomesticPolicy(void) const PRUint16 *cipher; for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { - status = SSL_SetPolicy(*cipher, SSL_ALLOWED); - if (status != SECSuccess) - break; + status = SSL_SetPolicy(*cipher, SSL_ALLOWED); + if (status != SECSuccess) + break; } return status; } @@ -1321,37 +1321,37 @@ ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant) sslSocket * ns = NULL; PRStatus rv; PRNetAddr addr; - SECStatus status = ssl_Init(); + SECStatus status = ssl_Init(); if (status != SECSuccess) { - return NULL; + return NULL; } if (model == NULL) { - /* Just create a default socket if we're given NULL for the model */ - ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); + /* Just create a default socket if we're given NULL for the model */ + ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant); } else { - sslSocket * ss = ssl_FindSocket(model); - if (ss == NULL || ss->protocolVariant != variant) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", - SSL_GETPID(), model)); - return NULL; - } - ns = ssl_DupSocket(ss); + sslSocket * ss = ssl_FindSocket(model); + if (ss == NULL || ss->protocolVariant != variant) { + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD", + SSL_GETPID(), model)); + return NULL; + } + ns = ssl_DupSocket(ss); } if (ns == NULL) - return NULL; + return NULL; rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER); if (rv != PR_SUCCESS) { - ssl_FreeSocket(ns); - SET_ERROR_CODE - return NULL; + ssl_FreeSocket(ns); + SET_ERROR_CODE + return NULL; } #if defined(DEBUG) || defined(FORCE_PR_ASSERT) { - sslSocket * ss = ssl_FindSocket(fd); - PORT_Assert(ss == ns); + sslSocket * ss = ssl_FindSocket(fd); + PORT_Assert(ss == ns); } #endif ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr)); @@ -1370,16 +1370,21 @@ DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd) return ssl_ImportFD(model, fd, ssl_variant_datagram); } +/* SSL_SetNextProtoCallback is used to select an application protocol + * for ALPN and NPN. For ALPN, this runs on the server; for NPN it + * runs on the client. */ +/* Note: The ALPN version doesn't allow for the use of a default, setting a + * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */ SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, - void *arg) + void *arg) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(), + fd)); + return SECFailure; } ssl_GetSSL3HandshakeLock(ss); @@ -1390,55 +1395,52 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback, return SECSuccess; } -/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when +/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when * SSL_SetNextProtoNego is used. */ static SECStatus ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd, - const unsigned char *protos, unsigned int protos_len, - unsigned char *protoOut, unsigned int *protoOutLen, - unsigned int protoMaxLen) + const unsigned char *protos, unsigned int protos_len, + unsigned char *protoOut, unsigned int *protoOutLen, + unsigned int protoMaxLen) { unsigned int i, j; const unsigned char *result; sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", - SSL_GETPID(), fd)); - return SECFailure; - } - - if (protos_len == 0) { - /* The server supports the extension, but doesn't have any protocols - * configured. In this case we request our favoured protocol. */ - goto pick_first; + SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback", + SSL_GETPID(), fd)); + return SECFailure; } /* For each protocol in server preference, see if we support it. */ for (i = 0; i < protos_len; ) { - for (j = 0; j < ss->opt.nextProtoNego.len; ) { - if (protos[i] == ss->opt.nextProtoNego.data[j] && - PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], - protos[i]) == 0) { - /* We found a match. */ - ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; - result = &protos[i]; - goto found; - } - j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; - } - i += 1 + (unsigned int)protos[i]; + for (j = 0; j < ss->opt.nextProtoNego.len; ) { + if (protos[i] == ss->opt.nextProtoNego.data[j] && + PORT_Memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1], + protos[i]) == 0) { + /* We found a match. */ + ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED; + result = &protos[i]; + goto found; + } + j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j]; + } + i += 1 + (unsigned int)protos[i]; } -pick_first: + /* The other side supports the extension, and either doesn't have any + * protocols configured, or none of its options match ours. In this case we + * request our favoured protocol. */ + /* This will be treated as a failure for ALPN. */ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP; result = ss->opt.nextProtoNego.data; found: if (protoMaxLen < result[0]) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } memcpy(protoOut, result + 1, result[0]); *protoOutLen = result[0]; @@ -1447,7 +1449,7 @@ found: SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, - unsigned int length) + unsigned int length) { sslSocket *ss; SECStatus rv; @@ -1455,13 +1457,13 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", + SSL_GETPID(), fd)); + return SECFailure; } if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess) - return SECFailure; + return SECFailure; ssl_GetSSL3HandshakeLock(ss); SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); @@ -1469,87 +1471,87 @@ SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data, ssl_ReleaseSSL3HandshakeLock(ss); if (rv != SECSuccess) - return rv; + return rv; return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL); } SECStatus SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf, - unsigned int *bufLen, unsigned int bufLenMax) + unsigned int *bufLen, unsigned int bufLenMax) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), - fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(), + fd)); + return SECFailure; } if (!state || !buf || !bufLen) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *state = ss->ssl3.nextProtoState; if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && - ss->ssl3.nextProto.data) { - if (ss->ssl3.nextProto.len > bufLenMax) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } - PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); - *bufLen = ss->ssl3.nextProto.len; + ss->ssl3.nextProto.data) { + if (ss->ssl3.nextProto.len > bufLenMax) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); + *bufLen = ss->ssl3.nextProto.len; } else { - *bufLen = 0; + *bufLen = 0; } return SECSuccess; } SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd, - const PRUint16 *ciphers, - unsigned int numCiphers) + const PRUint16 *ciphers, + unsigned int numCiphers) { sslSocket *ss; unsigned int i; ss = ssl_FindSocket(fd); if (!ss || !IS_DTLS(ss)) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ss->ssl3.dtlsSRTPCipherCount = 0; for (i = 0; i < numCiphers; i++) { - const PRUint16 *srtpCipher = srtpCiphers; + const PRUint16 *srtpCipher = srtpCiphers; - while (*srtpCipher) { - if (ciphers[i] == *srtpCipher) - break; - srtpCipher++; - } - if (*srtpCipher) { - ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = - ciphers[i]; - } else { - SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " - "suite specified: 0x%04hx", SSL_GETPID(), fd, - ciphers[i])); - } + while (*srtpCipher) { + if (ciphers[i] == *srtpCipher) + break; + srtpCipher++; + } + if (*srtpCipher) { + ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] = + ciphers[i]; + } else { + SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher " + "suite specified: 0x%04hx", SSL_GETPID(), fd, + ciphers[i])); + } } if (ss->ssl3.dtlsSRTPCipherCount == 0) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1562,15 +1564,15 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } if (!ss->ssl3.dtlsSRTPCipherSuite) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *cipher = ss->ssl3.dtlsSRTPCipherSuite; @@ -1591,7 +1593,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) } sm = ssl_FindSocket(model); if (sm == NULL) { - SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", + SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD", SSL_GETPID(), model)); return NULL; } @@ -1601,7 +1603,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - + ss->opt = sm->opt; ss->vrange = sm->vrange; PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites); @@ -1630,15 +1632,15 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) sc->serverCertChain = CERT_DupCertList(mc->serverCertChain); if (!sc->serverCertChain) goto loser; - if (sm->certStatusArray[i]) { - if (ss->certStatusArray[i]) { - SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); - ss->certStatusArray[i] = NULL; - } - ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); - if (!ss->certStatusArray[i]) - goto loser; - } + if (sm->certStatusArray[i]) { + if (ss->certStatusArray[i]) { + SECITEM_FreeArray(ss->certStatusArray[i], PR_TRUE); + ss->certStatusArray[i] = NULL; + } + ss->certStatusArray[i] = SECITEM_DupArray(NULL, sm->certStatusArray[i]); + if (!ss->certStatusArray[i]) + goto loser; + } } if (mc->serverKeyPair) { if (sc->serverKeyPair) { @@ -1671,7 +1673,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) goto loser; } } - + if (sm->authCertificate) ss->authCertificate = sm->authCertificate; if (sm->authCertificateArg) @@ -1701,19 +1703,19 @@ loser: PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, - SSL3ProtocolVersion version) + SSL3ProtocolVersion version) { switch (protocolVariant) { case ssl_variant_stream: - return (version >= SSL_LIBRARY_VERSION_3_0 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_3_0 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); case ssl_variant_datagram: - return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && - version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); + return (version >= SSL_LIBRARY_VERSION_TLS_1_1 && + version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED); default: - /* Can't get here */ - PORT_Assert(PR_FALSE); - return PR_FALSE; + /* Can't get here */ + PORT_Assert(PR_FALSE); + return PR_FALSE; } } @@ -1722,35 +1724,35 @@ ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, */ static PRBool ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { return vrange && - vrange->min <= vrange->max && - ssl3_VersionIsSupported(protocolVariant, vrange->min) && - ssl3_VersionIsSupported(protocolVariant, vrange->max); + vrange->min <= vrange->max && + ssl3_VersionIsSupported(protocolVariant, vrange->min) && + ssl3_VersionIsSupported(protocolVariant, vrange->max); } SECStatus SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } switch (protocolVariant) { case ssl_variant_stream: - vrange->min = SSL_LIBRARY_VERSION_3_0; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_3_0; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; case ssl_variant_datagram: - vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; - vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; - break; + vrange->min = SSL_LIBRARY_VERSION_TLS_1_1; + vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED; + break; default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SECSuccess; @@ -1758,12 +1760,12 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, - SSLVersionRange *vrange) + SSLVersionRange *vrange) { if ((protocolVariant != ssl_variant_stream && - protocolVariant != ssl_variant_datagram) || !vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + protocolVariant != ssl_variant_datagram) || !vrange) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } *vrange = *VERSIONS_DEFAULTS(protocolVariant); @@ -1773,11 +1775,11 @@ SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant, SECStatus SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange) { if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } *VERSIONS_DEFAULTS(protocolVariant) = *vrange; @@ -1791,14 +1793,14 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeGet", + SSL_GETPID(), fd)); + return SECFailure; } if (!vrange) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1818,14 +1820,14 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) sslSocket *ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet", + SSL_GETPID(), fd)); + return SECFailure; } if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) { - PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); - return SECFailure; + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; } ssl_Get1stHandshakeLock(ss); @@ -1854,7 +1856,7 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return NULL; } - + return &ss->sec.ci.sid->peerCertStatus; } @@ -1867,15 +1869,15 @@ static PRFileDesc * PR_CALLBACK ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) { sslSocket *ss; - sslSocket *ns = NULL; - PRFileDesc *newfd = NULL; + sslSocket *ns = NULL; + PRFileDesc *newfd = NULL; PRFileDesc *osfd; PRStatus status; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); - return NULL; + SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd)); + return NULL; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1891,46 +1893,46 @@ ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout) /* First accept connection */ newfd = osfd->methods->accept(osfd, sockaddr, timeout); if (newfd == NULL) { - SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", - SSL_GETPID(), ss->fd, PORT_GetError())); + SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d", + SSL_GETPID(), ss->fd, PORT_GetError())); } else { - /* Create ssl module */ - ns = ssl_DupSocket(ss); + /* Create ssl module */ + ns = ssl_DupSocket(ss); } ssl_ReleaseSSL3HandshakeLock(ss); ssl_Release1stHandshakeLock(ss); SSL_UNLOCK_WRITER(ss); - SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ + SSL_UNLOCK_READER(ss); /* ss isn't used below here. */ if (ns == NULL) - goto loser; + goto loser; /* push ssl module onto the new socket */ status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER); if (status != PR_SUCCESS) - goto loser; + goto loser; /* Now start server connection handshake with client. ** Don't need locks here because nobody else has a reference to ns yet. */ if ( ns->opt.useSecurity ) { - if ( ns->opt.handshakeAsClient ) { - ns->handshake = ssl2_BeginClientHandshake; - ss->handshaking = sslHandshakingAsClient; - } else { - ns->handshake = ssl2_BeginServerHandshake; - ss->handshaking = sslHandshakingAsServer; - } + if ( ns->opt.handshakeAsClient ) { + ns->handshake = ssl2_BeginClientHandshake; + ss->handshaking = sslHandshakingAsClient; + } else { + ns->handshake = ssl2_BeginServerHandshake; + ss->handshaking = sslHandshakingAsServer; + } } ns->TCPconnected = 1; return newfd; loser: if (ns != NULL) - ssl_FreeSocket(ns); + ssl_FreeSocket(ns); if (newfd != NULL) - PR_Close(newfd); + PR_Close(newfd); return NULL; } @@ -1942,8 +1944,8 @@ ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd)); + return PR_FAILURE; } /* IF this is a listen socket, there shouldn't be any I/O going on */ @@ -1966,8 +1968,8 @@ ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -1986,8 +1988,8 @@ ssl_Listen(PRFileDesc *fd, PRIntn backlog) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd)); + return PR_FAILURE; } SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); @@ -2006,23 +2008,23 @@ ssl_Shutdown(PRFileDesc *fd, PRIntn how) PRStatus rv; if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd)); + return PR_FAILURE; } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_READER(ss); + SSL_LOCK_READER(ss); } if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_LOCK_WRITER(ss); + SSL_LOCK_WRITER(ss); } rv = (PRStatus)(*ss->ops->shutdown)(ss, how); if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_WRITER(ss); + SSL_UNLOCK_WRITER(ss); } if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) { - SSL_UNLOCK_READER(ss); + SSL_UNLOCK_READER(ss); } return rv; } @@ -2035,16 +2037,16 @@ ssl_Close(PRFileDesc *fd) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd)); + return PR_FAILURE; } /* There must not be any I/O going on */ SSL_LOCK_READER(ss); SSL_LOCK_WRITER(ss); - /* By the time this function returns, - ** ss is an invalid pointer, and the locks to which it points have + /* By the time this function returns, + ** ss is an invalid pointer, and the locks to which it points have ** been unlocked and freed. So, this is the ONE PLACE in all of SSL ** where the LOCK calls and the corresponding UNLOCK calls are not in ** the same function scope. The unlock calls are in ssl_FreeSocket(). @@ -2056,20 +2058,20 @@ ssl_Close(PRFileDesc *fd) static int PR_CALLBACK ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = timeout; if (!ss->opt.fdx) - ss->wTimeout = timeout; + ss->wTimeout = timeout; rv = (*ss->ops->recv)(ss, (unsigned char*)buf, len, flags); SSL_UNLOCK_READER(ss); return rv; @@ -2077,20 +2079,20 @@ ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags, static int PR_CALLBACK ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags, - PRIntervalTime timeout) + PRIntervalTime timeout) { sslSocket *ss; int rv; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = timeout; if (!ss->opt.fdx) - ss->rTimeout = timeout; + ss->rTimeout = timeout; rv = (*ss->ops->send)(ss, (const unsigned char*)buf, len, flags); SSL_UNLOCK_WRITER(ss); return rv; @@ -2104,13 +2106,13 @@ ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_READER(ss); ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->read)(ss, (unsigned char*)buf, len); SSL_UNLOCK_READER(ss); return rv; @@ -2124,13 +2126,13 @@ ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd)); + return SECFailure; } SSL_LOCK_WRITER(ss); ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; if (!ss->opt.fdx) - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; rv = (*ss->ops->write)(ss, (const unsigned char*)buf, len); SSL_UNLOCK_WRITER(ss); return rv; @@ -2143,8 +2145,8 @@ ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getpeername)(ss, addr); } @@ -2163,18 +2165,18 @@ ssl_GetPeerInfo(sslSocket *ss) PORT_Memset(&sin, 0, sizeof(sin)); rv = osfd->methods->getpeername(osfd, &sin); if (rv < 0) { - return SECFailure; + return SECFailure; } ss->TCPconnected = 1; if (sin.inet.family == PR_AF_INET) { PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer); - ss->sec.ci.port = sin.inet.port; + ss->sec.ci.port = sin.inet.port; } else if (sin.ipv6.family == PR_AF_INET6) { - ss->sec.ci.peer = sin.ipv6.ip; - ss->sec.ci.port = sin.ipv6.port; + ss->sec.ci.peer = sin.ipv6.ip; + ss->sec.ci.port = sin.ipv6.port; } else { - PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); - return SECFailure; + PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR); + return SECFailure; } return SECSuccess; } @@ -2186,29 +2188,29 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name) ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); - return PR_FAILURE; + SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd)); + return PR_FAILURE; } return (PRStatus)(*ss->ops->getsockname)(ss, name); } SECStatus SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, - SSLKEAType kea) + SSLKEAType kea) { sslSocket *ss; ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if ( kea <= 0 || kea >= kt_kea_size) { - SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: invalid key in SSL_SetStapledOCSPResponses", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->certStatusArray[kea]) { @@ -2216,7 +2218,7 @@ SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses, ss->certStatusArray[kea] = NULL; } if (responses) { - ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); + ss->certStatusArray[kea] = SECITEM_DupArray(NULL, responses); } return (ss->certStatusArray[kea] || !responses) ? SECSuccess : SECFailure; } @@ -2228,17 +2230,17 @@ SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID) ss = ssl_FindSocket(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", - SSL_GETPID(), fd)); - return SECFailure; + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID", + SSL_GETPID(), fd)); + return SECFailure; } if (ss->peerID) { - PORT_Free(ss->peerID); - ss->peerID = NULL; + PORT_Free(ss->peerID); + ss->peerID = NULL; } if (peerID) - ss->peerID = PORT_Strdup(peerID); + ss->peerID = PORT_Strdup(peerID); return (ss->peerID || !peerID) ? SECSuccess : SECFailure; } @@ -2248,117 +2250,117 @@ static PRInt16 PR_CALLBACK ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) { sslSocket *ss; - PRInt16 new_flags = how_flags; /* should select on these flags. */ + PRInt16 new_flags = how_flags; /* should select on these flags. */ PRNetAddr addr; *p_out_flags = 0; ss = ssl_GetPrivate(fd); if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", - SSL_GETPID(), fd)); - return 0; /* don't poll on this socket */ + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll", + SSL_GETPID(), fd)); + return 0; /* don't poll on this socket */ } - if (ss->opt.useSecurity && - ss->handshaking != sslHandshakingUndetermined && + if (ss->opt.useSecurity && + ss->handshaking != sslHandshakingUndetermined && !ss->firstHsDone && - (how_flags & PR_POLL_RW)) { - if (!ss->TCPconnected) { - ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); - } - /* If it's not connected, then presumably the application is polling - ** on read or write appropriately, so don't change it. - */ - if (ss->TCPconnected) { - if (!ss->handshakeBegun) { - /* If the handshake has not begun, poll on read or write - ** based on the local application's role in the handshake, - ** not based on what the application requested. - */ - new_flags &= ~PR_POLL_RW; - if (ss->handshaking == sslHandshakingAsClient) { - new_flags |= PR_POLL_WRITE; - } else { /* handshaking as server */ - new_flags |= PR_POLL_READ; - } - } else - /* First handshake is in progress */ - if (ss->lastWriteBlocked) { - if (new_flags & PR_POLL_READ) { - /* The caller is waiting for data to be received, - ** but the initial handshake is blocked on write, or the - ** client's first handshake record has not been written. - ** The code should select on write, not read. - */ - new_flags ^= PR_POLL_READ; /* don't select on read. */ - new_flags |= PR_POLL_WRITE; /* do select on write. */ - } - } else if (new_flags & PR_POLL_WRITE) { - /* The caller is trying to write, but the handshake is - ** blocked waiting for data to read, and the first - ** handshake has been sent. So do NOT to poll on write - ** unless we did false start. - */ - if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.canFalseStart)) { - new_flags ^= PR_POLL_WRITE; /* don't select on write. */ - } - new_flags |= PR_POLL_READ; /* do select on read. */ - } - } + (how_flags & PR_POLL_RW)) { + if (!ss->TCPconnected) { + ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr)); + } + /* If it's not connected, then presumably the application is polling + ** on read or write appropriately, so don't change it. + */ + if (ss->TCPconnected) { + if (!ss->handshakeBegun) { + /* If the handshake has not begun, poll on read or write + ** based on the local application's role in the handshake, + ** not based on what the application requested. + */ + new_flags &= ~PR_POLL_RW; + if (ss->handshaking == sslHandshakingAsClient) { + new_flags |= PR_POLL_WRITE; + } else { /* handshaking as server */ + new_flags |= PR_POLL_READ; + } + } else + /* First handshake is in progress */ + if (ss->lastWriteBlocked) { + if (new_flags & PR_POLL_READ) { + /* The caller is waiting for data to be received, + ** but the initial handshake is blocked on write, or the + ** client's first handshake record has not been written. + ** The code should select on write, not read. + */ + new_flags ^= PR_POLL_READ; /* don't select on read. */ + new_flags |= PR_POLL_WRITE; /* do select on write. */ + } + } else if (new_flags & PR_POLL_WRITE) { + /* The caller is trying to write, but the handshake is + ** blocked waiting for data to read, and the first + ** handshake has been sent. So do NOT to poll on write + ** unless we did false start. + */ + if (!(ss->version >= SSL_LIBRARY_VERSION_3_0 && + ss->ssl3.hs.canFalseStart)) { + new_flags ^= PR_POLL_WRITE; /* don't select on write. */ + } + new_flags |= PR_POLL_READ; /* do select on read. */ + } + } } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) { - *p_out_flags = PR_POLL_READ; /* it's ready already. */ - return new_flags; + *p_out_flags = PR_POLL_READ; /* it's ready already. */ + return new_flags; } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) && - (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ - new_flags |= PR_POLL_WRITE; /* also select on write. */ + (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */ + new_flags |= PR_POLL_WRITE; /* also select on write. */ } if (ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->ssl3.hs.restartTarget != NULL) { - /* Read and write will block until the asynchronous callback completes - * (e.g. until SSL_AuthCertificateComplete is called), so don't tell - * the caller to poll the socket unless there is pending write data. - */ - if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { - /* Ignore any newly-received data on the socket, but do wait for - * the socket to become writable again. Here, it is OK for an error - * to be detected, because our logic for sending pending write data - * will allow us to report the error to the caller without the risk - * of the application spinning. - */ - new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); - } else { - /* Unfortunately, clearing new_flags will make it impossible for - * the application to detect errors that it would otherwise be - * able to detect with PR_POLL_EXCEPT, until the asynchronous - * callback completes. However, we must clear all the flags to - * prevent the application from spinning (alternating between - * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv - * which won't actually report the I/O error while we are waiting - * for the asynchronous callback to complete). - */ - new_flags = 0; - } + ss->ssl3.hs.restartTarget != NULL) { + /* Read and write will block until the asynchronous callback completes + * (e.g. until SSL_AuthCertificateComplete is called), so don't tell + * the caller to poll the socket unless there is pending write data. + */ + if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) { + /* Ignore any newly-received data on the socket, but do wait for + * the socket to become writable again. Here, it is OK for an error + * to be detected, because our logic for sending pending write data + * will allow us to report the error to the caller without the risk + * of the application spinning. + */ + new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT); + } else { + /* Unfortunately, clearing new_flags will make it impossible for + * the application to detect errors that it would otherwise be + * able to detect with PR_POLL_EXCEPT, until the asynchronous + * callback completes. However, we must clear all the flags to + * prevent the application from spinning (alternating between + * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv + * which won't actually report the I/O error while we are waiting + * for the asynchronous callback to complete). + */ + new_flags = 0; + } } if (new_flags && (fd->lower->methods->poll != NULL)) { - PRInt16 lower_out_flags = 0; - PRInt16 lower_new_flags; - lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, - &lower_out_flags); - if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { - PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; - if (lower_out_flags & PR_POLL_READ) - out_flags |= PR_POLL_WRITE; - if (lower_out_flags & PR_POLL_WRITE) - out_flags |= PR_POLL_READ; - *p_out_flags = out_flags; - new_flags = how_flags; - } else { - *p_out_flags = lower_out_flags; - new_flags = lower_new_flags; - } + PRInt16 lower_out_flags = 0; + PRInt16 lower_new_flags; + lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags, + &lower_out_flags); + if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) { + PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW; + if (lower_out_flags & PR_POLL_READ) + out_flags |= PR_POLL_WRITE; + if (lower_out_flags & PR_POLL_WRITE) + out_flags |= PR_POLL_READ; + *p_out_flags = out_flags; + new_flags = how_flags; + } else { + *p_out_flags = lower_out_flags; + new_flags = lower_new_flags; + } } return new_flags; @@ -2366,8 +2368,8 @@ ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags) static PRInt32 PR_CALLBACK ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd, - const void *headers, PRInt32 hlen, - PRTransmitFileFlags flags, PRIntervalTime timeout) + const void *headers, PRInt32 hlen, + PRTransmitFileFlags flags, PRIntervalTime timeout) { PRSendFileData sfd; @@ -2393,7 +2395,7 @@ ssl_FdIsBlocking(PRFileDesc *fd) opt.value.non_blocking = PR_FALSE; status = PR_GetSocketOption(fd, &opt); if (status != PR_SUCCESS) - return PR_FALSE; + return PR_FALSE; return (PRBool)!opt.value.non_blocking; } @@ -2407,7 +2409,7 @@ PRInt32 sslFirstBufSize = 8 * 1024; PRInt32 sslCopyLimit = 1024; static PRInt32 PR_CALLBACK -ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, +ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, PRIntervalTime timeout) { PRInt32 i; @@ -2418,22 +2420,22 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, const PRInt32 first_len = sslFirstBufSize; const PRInt32 limit = sslCopyLimit; PRBool blocking; - PRIOVec myIov = { 0, 0 }; + PRIOVec myIov = { 0, 0 }; char buf[MAX_FRAGMENT_LENGTH]; if (vectors < 0) { - PORT_SetError(PR_INVALID_ARGUMENT_ERROR); - return -1; + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; } if (vectors > PR_MAX_IOVECTOR_SIZE) { - PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); - return -1; + PORT_SetError(PR_BUFFER_OVERFLOW_ERROR); + return -1; } for (i = 0; i < vectors; i++) { - if (iov[i].iov_len < 0) { - PORT_SetError(PR_INVALID_ARGUMENT_ERROR); - return -1; - } + if (iov[i].iov_len < 0) { + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); + return -1; + } } blocking = ssl_FdIsBlocking(fd); @@ -2442,105 +2444,105 @@ ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors, #define GET_VECTOR do { myIov = *iov++; --vectors; KILL_VECTORS } while (0) #define HANDLE_ERR(rv, len) \ if (rv != len) { \ - if (rv < 0) { \ - if (!blocking \ - && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ - && (sent > 0)) { \ - return sent; \ - } else { \ - return -1; \ - } \ - } \ - /* Only a nonblocking socket can have partial sends */ \ - PR_ASSERT(!blocking); \ - return sent + rv; \ - } + if (rv < 0) { \ + if (!blocking \ + && (PR_GetError() == PR_WOULD_BLOCK_ERROR) \ + && (sent > 0)) { \ + return sent; \ + } else { \ + return -1; \ + } \ + } \ + /* Only a nonblocking socket can have partial sends */ \ + PR_ASSERT(!blocking); \ + return sent + rv; \ + } #define SEND(bfr, len) \ do { \ - rv = ssl_Send(fd, bfr, len, 0, timeout); \ - HANDLE_ERR(rv, len) \ - sent += len; \ + rv = ssl_Send(fd, bfr, len, 0, timeout); \ + HANDLE_ERR(rv, len) \ + sent += len; \ } while (0) /* Make sure the first write is at least 8 KB, if possible. */ KILL_VECTORS if (!vectors) - return ssl_Send(fd, 0, 0, 0, timeout); + return ssl_Send(fd, 0, 0, 0, timeout); GET_VECTOR; if (!vectors) { - return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); + return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout); } if (myIov.iov_len < first_len) { - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - left = first_len - bufLen; - while (vectors && left) { - int toCopy; - GET_VECTOR; - toCopy = PR_MIN(left, myIov.iov_len); - PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); - bufLen += toCopy; - left -= toCopy; - myIov.iov_base += toCopy; - myIov.iov_len -= toCopy; - } - SEND( buf, bufLen ); + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + left = first_len - bufLen; + while (vectors && left) { + int toCopy; + GET_VECTOR; + toCopy = PR_MIN(left, myIov.iov_len); + PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy); + bufLen += toCopy; + left -= toCopy; + myIov.iov_base += toCopy; + myIov.iov_len -= toCopy; + } + SEND( buf, bufLen ); } while (vectors || myIov.iov_len) { - PRInt32 addLen; - if (!myIov.iov_len) { - GET_VECTOR; - } - while (myIov.iov_len >= K16) { - SEND(myIov.iov_base, K16); - myIov.iov_base += K16; - myIov.iov_len -= K16; - } - if (!myIov.iov_len) - continue; + PRInt32 addLen; + if (!myIov.iov_len) { + GET_VECTOR; + } + while (myIov.iov_len >= K16) { + SEND(myIov.iov_base, K16); + myIov.iov_base += K16; + myIov.iov_len -= K16; + } + if (!myIov.iov_len) + continue; - if (!vectors || myIov.iov_len > limit) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { - addLen = limit - myIov.iov_len; - } else - addLen = 0; + if (!vectors || myIov.iov_len > limit) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) { + addLen = limit - myIov.iov_len; + } else + addLen = 0; - if (!addLen) { - SEND( myIov.iov_base, myIov.iov_len ); - myIov.iov_len = 0; - continue; - } - PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); - bufLen = myIov.iov_len; - do { - GET_VECTOR; - PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); - myIov.iov_base += addLen; - myIov.iov_len -= addLen; - bufLen += addLen; + if (!addLen) { + SEND( myIov.iov_base, myIov.iov_len ); + myIov.iov_len = 0; + continue; + } + PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len); + bufLen = myIov.iov_len; + do { + GET_VECTOR; + PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen); + myIov.iov_base += addLen; + myIov.iov_len -= addLen; + bufLen += addLen; - left = PR_MIN( limit, K16 - bufLen); - if (!vectors /* no more left */ - || myIov.iov_len > 0 /* we didn't use that one all up */ - || bufLen >= K16 /* it's full. */ - ) { - addLen = 0; - } else if ((addLen = iov->iov_len % K16) <= left) { - /* Addlen is already computed. */; - } else if (vectors > 1 && - iov[1].iov_len % K16 + addLen <= left + limit) { - addLen = left; - } else - addLen = 0; + left = PR_MIN( limit, K16 - bufLen); + if (!vectors /* no more left */ + || myIov.iov_len > 0 /* we didn't use that one all up */ + || bufLen >= K16 /* it's full. */ + ) { + addLen = 0; + } else if ((addLen = iov->iov_len % K16) <= left) { + /* Addlen is already computed. */; + } else if (vectors > 1 && + iov[1].iov_len % K16 + addLen <= left + limit) { + addLen = left; + } else + addLen = 0; - } while (addLen); - SEND( buf, bufLen ); - } + } while (addLen); + SEND( buf, bufLen ); + } return sent; } @@ -2610,7 +2612,7 @@ ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info) static PRInt32 PR_CALLBACK ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, - PRNetAddr *addr, PRIntervalTime timeout) + PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2619,7 +2621,7 @@ ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags, static PRInt32 PR_CALLBACK ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, - const PRNetAddr *addr, PRIntervalTime timeout) + const PRNetAddr *addr, PRIntervalTime timeout) { PORT_Assert(0); PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); @@ -2628,41 +2630,41 @@ ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, static const PRIOMethods ssl_methods = { PR_DESC_LAYERED, - ssl_Close, /* close */ - ssl_Read, /* read */ - ssl_Write, /* write */ - ssl_Available, /* available */ - ssl_Available64, /* available64 */ - ssl_FSync, /* fsync */ - ssl_Seek, /* seek */ - ssl_Seek64, /* seek64 */ - ssl_FileInfo, /* fileInfo */ - ssl_FileInfo64, /* fileInfo64 */ - ssl_WriteV, /* writev */ - ssl_Connect, /* connect */ - ssl_Accept, /* accept */ - ssl_Bind, /* bind */ - ssl_Listen, /* listen */ - ssl_Shutdown, /* shutdown */ - ssl_Recv, /* recv */ - ssl_Send, /* send */ - ssl_RecvFrom, /* recvfrom */ - ssl_SendTo, /* sendto */ - ssl_Poll, /* poll */ + ssl_Close, /* close */ + ssl_Read, /* read */ + ssl_Write, /* write */ + ssl_Available, /* available */ + ssl_Available64, /* available64 */ + ssl_FSync, /* fsync */ + ssl_Seek, /* seek */ + ssl_Seek64, /* seek64 */ + ssl_FileInfo, /* fileInfo */ + ssl_FileInfo64, /* fileInfo64 */ + ssl_WriteV, /* writev */ + ssl_Connect, /* connect */ + ssl_Accept, /* accept */ + ssl_Bind, /* bind */ + ssl_Listen, /* listen */ + ssl_Shutdown, /* shutdown */ + ssl_Recv, /* recv */ + ssl_Send, /* send */ + ssl_RecvFrom, /* recvfrom */ + ssl_SendTo, /* sendto */ + ssl_Poll, /* poll */ PR_EmulateAcceptRead, /* acceptread */ ssl_TransmitFile, /* transmitfile */ - ssl_GetSockName, /* getsockname */ - ssl_GetPeerName, /* getpeername */ - NULL, /* getsockopt OBSOLETE */ - NULL, /* setsockopt OBSOLETE */ - NULL, /* getsocketoption */ - NULL, /* setsocketoption */ - PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL, /* reserved for future use */ - NULL /* reserved for future use */ + ssl_GetSockName, /* getsockname */ + ssl_GetPeerName, /* getpeername */ + NULL, /* getsockopt OBSOLETE */ + NULL, /* setsockopt OBSOLETE */ + NULL, /* getsocketoption */ + NULL, /* setsocketoption */ + PR_EmulateSendFile, /* Send a (partial) file with header/trailer*/ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL, /* reserved for future use */ + NULL /* reserved for future use */ }; @@ -2703,15 +2705,15 @@ ssl_SetupIOMethods(void) new_methods->transmitfile = my_methods->transmitfile; new_methods->getsockname = my_methods->getsockname; new_methods->getpeername = my_methods->getpeername; -/* new_methods->getsocketoption = my_methods->getsocketoption; */ -/* new_methods->setsocketoption = my_methods->setsocketoption; */ +/* new_methods->getsocketoption = my_methods->getsocketoption; */ +/* new_methods->setsocketoption = my_methods->setsocketoption; */ new_methods->sendfile = my_methods->sendfile; } static PRCallOnceType initIoLayerOnce; -static PRStatus +static PRStatus ssl_InitIOLayer(void) { ssl_layer_id = PR_GetUniqueIdentity("SSL"); @@ -2723,44 +2725,44 @@ ssl_InitIOLayer(void) static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id) { - PRFileDesc *layer = NULL; + PRFileDesc *layer = NULL; PRStatus status; if (!ssl_inited) { - status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); - if (status != PR_SUCCESS) - goto loser; + status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer); + if (status != PR_SUCCESS) + goto loser; } if (ns == NULL) - goto loser; + goto loser; layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods); if (layer == NULL) - goto loser; + goto loser; layer->secret = (PRFilePrivate *)ns; /* Here, "stack" points to the PRFileDesc on the top of the stack. ** "layer" points to a new FD that is to be inserted into the stack. - ** If layer is being pushed onto the top of the stack, then + ** If layer is being pushed onto the top of the stack, then ** PR_PushIOLayer switches the contents of stack and layer, and then - ** puts stack on top of layer, so that after it is done, the top of - ** stack is the same "stack" as it was before, and layer is now the + ** puts stack on top of layer, so that after it is done, the top of + ** stack is the same "stack" as it was before, and layer is now the ** FD for the former top of stack. ** After this call, stack always points to the top PRFD on the stack. - ** If this function fails, the contents of stack and layer are as + ** If this function fails, the contents of stack and layer are as ** they were before the call. */ status = PR_PushIOLayer(stack, id, layer); if (status != PR_SUCCESS) - goto loser; + goto loser; ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer; return PR_SUCCESS; loser: if (layer) { - layer->dtor(layer); /* free layer */ + layer->dtor(layer); /* free layer */ } return PR_FAILURE; } @@ -2770,28 +2772,28 @@ static SECStatus ssl_MakeLocks(sslSocket *ss) { ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->firstHandshakeLock) - goto loser; + if (!ss->firstHandshakeLock) + goto loser; ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL); - if (!ss->ssl3HandshakeLock) - goto loser; + if (!ss->ssl3HandshakeLock) + goto loser; ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL); - if (!ss->specLock) - goto loser; + if (!ss->specLock) + goto loser; ss->recvBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->recvBufLock) - goto loser; + if (!ss->recvBufLock) + goto loser; ss->xmitBufLock = PZ_NewMonitor(nssILockSSL); - if (!ss->xmitBufLock) - goto loser; + if (!ss->xmitBufLock) + goto loser; ss->writerThread = NULL; if (ssl_lock_readers) { - ss->recvLock = PZ_NewLock(nssILockSSL); - if (!ss->recvLock) - goto loser; - ss->sendLock = PZ_NewLock(nssILockSSL); - if (!ss->sendLock) - goto loser; + ss->recvLock = PZ_NewLock(nssILockSSL); + if (!ss->recvLock) + goto loser; + ss->sendLock = PZ_NewLock(nssILockSSL); + if (!ss->sendLock) + goto loser; } return SECSuccess; loser: @@ -2812,81 +2814,81 @@ ssl_SetDefaultsFromEnvironment(void) static int firsttime = 1; if (firsttime) { - char * ev; - firsttime = 0; + char * ev; + firsttime = 0; #ifdef DEBUG - ev = getenv("SSLDEBUGFILE"); - if (ev && ev[0]) { - ssl_trace_iob = fopen(ev, "w"); - } - if (!ssl_trace_iob) { - ssl_trace_iob = stderr; - } + ev = getenv("SSLDEBUGFILE"); + if (ev && ev[0]) { + ssl_trace_iob = fopen(ev, "w"); + } + if (!ssl_trace_iob) { + ssl_trace_iob = stderr; + } #ifdef TRACE - ev = getenv("SSLTRACE"); - if (ev && ev[0]) { - ssl_trace = atoi(ev); - SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); - } + ev = getenv("SSLTRACE"); + if (ev && ev[0]) { + ssl_trace = atoi(ev); + SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); + } #endif /* TRACE */ - ev = getenv("SSLDEBUG"); - if (ev && ev[0]) { - ssl_debug = atoi(ev); - SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); - } + ev = getenv("SSLDEBUG"); + if (ev && ev[0]) { + ssl_debug = atoi(ev); + SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); + } #endif /* DEBUG */ - ev = getenv("SSLKEYLOGFILE"); - if (ev && ev[0]) { - ssl_keylog_iob = fopen(ev, "a"); - if (!ssl_keylog_iob) { - SSL_TRACE(("SSL: failed to open key log file")); - } else { - if (ftell(ssl_keylog_iob) == 0) { - fputs("# SSL/TLS secrets log file, generated by NSS\n", - ssl_keylog_iob); - } - SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); - } - } + ev = getenv("SSLKEYLOGFILE"); + if (ev && ev[0]) { + ssl_keylog_iob = fopen(ev, "a"); + if (!ssl_keylog_iob) { + SSL_TRACE(("SSL: failed to open key log file")); + } else { + if (ftell(ssl_keylog_iob) == 0) { + fputs("# SSL/TLS secrets log file, generated by NSS\n", + ssl_keylog_iob); + } + SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev)); + } + } #ifndef NO_PKCS11_BYPASS - ev = getenv("SSLBYPASS"); - if (ev && ev[0]) { - ssl_defaults.bypassPKCS11 = (ev[0] == '1'); - SSL_TRACE(("SSL: bypass default set to %d", \ - ssl_defaults.bypassPKCS11)); - } + ev = getenv("SSLBYPASS"); + if (ev && ev[0]) { + ssl_defaults.bypassPKCS11 = (ev[0] == '1'); + SSL_TRACE(("SSL: bypass default set to %d", \ + ssl_defaults.bypassPKCS11)); + } #endif /* NO_PKCS11_BYPASS */ - ev = getenv("SSLFORCELOCKS"); - if (ev && ev[0] == '1') { - ssl_force_locks = PR_TRUE; - ssl_defaults.noLocks = 0; - strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); - SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); - } - ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); - if (ev) { - if (ev[0] == '1' || LOWER(ev[0]) == 'u') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; - else if (ev[0] == '0' || LOWER(ev[0]) == 'n') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; - else if (ev[0] == '2' || LOWER(ev[0]) == 'r') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; - else if (ev[0] == '3' || LOWER(ev[0]) == 't') - ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; - SSL_TRACE(("SSL: enableRenegotiation set to %d", - ssl_defaults.enableRenegotiation)); - } - ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); - if (ev && ev[0] == '1') { - ssl_defaults.requireSafeNegotiation = PR_TRUE; - SSL_TRACE(("SSL: requireSafeNegotiation set to %d", - PR_TRUE)); - } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); - if (ev && ev[0] == '0') { - ssl_defaults.cbcRandomIV = PR_FALSE; - SSL_TRACE(("SSL: cbcRandomIV set to 0")); - } + ev = getenv("SSLFORCELOCKS"); + if (ev && ev[0] == '1') { + ssl_force_locks = PR_TRUE; + ssl_defaults.noLocks = 0; + strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); + SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); + } + ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); + if (ev) { + if (ev[0] == '1' || LOWER(ev[0]) == 'u') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; + else if (ev[0] == '0' || LOWER(ev[0]) == 'n') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; + else if (ev[0] == '2' || LOWER(ev[0]) == 'r') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; + else if (ev[0] == '3' || LOWER(ev[0]) == 't') + ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; + SSL_TRACE(("SSL: enableRenegotiation set to %d", + ssl_defaults.enableRenegotiation)); + } + ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); + if (ev && ev[0] == '1') { + ssl_defaults.requireSafeNegotiation = PR_TRUE; + SSL_TRACE(("SSL: requireSafeNegotiation set to %d", + PR_TRUE)); + } + ev = getenv("NSS_SSL_CBC_RANDOM_IV"); + if (ev && ev[0] == '0') { + ssl_defaults.cbcRandomIV = PR_FALSE; + SSL_TRACE(("SSL: cbcRandomIV set to 0")); + } } #endif /* NSS_HAVE_GETENV */ } @@ -2902,76 +2904,75 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) ssl_SetDefaultsFromEnvironment(); if (ssl_force_locks) - makeLocks = PR_TRUE; + makeLocks = PR_TRUE; /* Make a new socket and get it ready */ ss = (sslSocket*) PORT_ZAlloc(sizeof(sslSocket)); if (ss) { /* This should be of type SSLKEAType, but CC on IRIX - * complains during the for loop. - */ - int i; - SECStatus status; - - ss->opt = ssl_defaults; - ss->opt.useSocks = PR_FALSE; - ss->opt.noLocks = !makeLocks; - ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); - ss->protocolVariant = protocolVariant; + * complains during the for loop. + */ + int i; + SECStatus status; - ss->peerID = NULL; - ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; - ss->cipherSpecs = NULL; + ss->opt = ssl_defaults; + ss->opt.useSocks = PR_FALSE; + ss->opt.noLocks = !makeLocks; + ss->vrange = *VERSIONS_DEFAULTS(protocolVariant); + ss->protocolVariant = protocolVariant; + + ss->peerID = NULL; + ss->rTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->wTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cTimeout = PR_INTERVAL_NO_TIMEOUT; + ss->cipherSpecs = NULL; ss->sizeCipherSpecs = 0; /* produced lazily */ ss->preferredCipher = NULL; ss->url = NULL; - for (i=kt_null; i < kt_kea_size; i++) { - sslServerCerts * sc = ss->serverCerts + i; - sc->serverCert = NULL; - sc->serverCertChain = NULL; - sc->serverKeyPair = NULL; - sc->serverKeyBits = 0; - ss->certStatusArray[i] = NULL; - } - ss->stepDownKeyPair = NULL; - ss->dbHandle = CERT_GetDefaultCertDB(); + for (i=kt_null; i < kt_kea_size; i++) { + sslServerCerts * sc = ss->serverCerts + i; + sc->serverCert = NULL; + sc->serverCertChain = NULL; + sc->serverKeyPair = NULL; + sc->serverKeyBits = 0; + ss->certStatusArray[i] = NULL; + } + ss->stepDownKeyPair = NULL; + ss->dbHandle = CERT_GetDefaultCertDB(); - /* Provide default implementation of hooks */ - ss->authCertificate = SSL_AuthCertificate; - ss->authCertificateArg = (void *)ss->dbHandle; + /* Provide default implementation of hooks */ + ss->authCertificate = SSL_AuthCertificate; + ss->authCertificateArg = (void *)ss->dbHandle; ss->sniSocketConfig = NULL; ss->sniSocketConfigArg = NULL; - ss->getClientAuthData = NULL; - ss->handleBadCert = NULL; - ss->badCertArg = NULL; - ss->pkcs11PinArg = NULL; - ss->ephemeralECDHKeyPair = NULL; + ss->getClientAuthData = NULL; + ss->handleBadCert = NULL; + ss->badCertArg = NULL; + ss->pkcs11PinArg = NULL; + ss->ephemeralECDHKeyPair = NULL; - ssl_ChooseOps(ss); - ssl2_InitSocketPolicy(ss); - ssl3_InitSocketPolicy(ss); - PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); + ssl_ChooseOps(ss); + ssl2_InitSocketPolicy(ss); + ssl3_InitSocketPolicy(ss); + PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight); - if (makeLocks) { - status = ssl_MakeLocks(ss); - if (status != SECSuccess) - goto loser; - } - status = ssl_CreateSecurityInfo(ss); - if (status != SECSuccess) - goto loser; - status = ssl_InitGather(&ss->gs); - if (status != SECSuccess) { + if (makeLocks) { + status = ssl_MakeLocks(ss); + if (status != SECSuccess) + goto loser; + } + status = ssl_CreateSecurityInfo(ss); + if (status != SECSuccess) + goto loser; + status = ssl_InitGather(&ss->gs); + if (status != SECSuccess) { loser: - ssl_DestroySocketContents(ss); - ssl_DestroyLocks(ss); - PORT_Free(ss); - ss = NULL; - } + ssl_DestroySocketContents(ss); + ssl_DestroyLocks(ss); + PORT_Free(ss); + ss = NULL; + } } return ss; } - diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index d4c2704b..ac771b6c 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,11 +19,11 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.15.5" +#define NSSUTIL_VERSION "3.16.2.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 15 -#define NSSUTIL_VPATCH 5 -#define NSSUTIL_VBUILD 0 +#define NSSUTIL_VMINOR 16 +#define NSSUTIL_VPATCH 2 +#define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 490dabaf..adca22a9 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -7,211 +7,211 @@ #include "utilrename.h" -#define SEC_ERROR_BASE (-0x2000) -#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) +#define SEC_ERROR_BASE (-0x2000) +#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000) #define IS_SEC_ERROR(code) \ (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT)) #ifndef NO_SECURITY_ERROR_ENUM typedef enum { -SEC_ERROR_IO = SEC_ERROR_BASE + 0, -SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, -SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, -SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, -SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, -SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, -SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, -SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, -SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, -SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, -SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, -SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, -SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, -SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, -SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, -SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, -SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, -SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, -SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, -SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, -SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, -SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, -SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), -SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), -SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), -SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), -SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), -SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), -SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), -SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), -SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), -SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), -SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), -SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), -SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), -SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), -SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), -SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), -SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), -SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), -SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), -SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), -SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), -SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), -SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), -SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), -SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), -SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), -SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), -SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), +SEC_ERROR_IO = SEC_ERROR_BASE + 0, +SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1, +SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2, +SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3, +SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4, +SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5, +SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6, +SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7, +SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8, +SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9, +SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10, +SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11, +SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12, +SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13, +SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14, +SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15, +SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16, +SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17, +SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18, +SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19, +SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20, +SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21, +SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22), +SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23), +SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24), +SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25), +SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26), +SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27), +SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28), +SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29), +SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30), +SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31), +SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32), +SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33), +SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34), +SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35), +SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36), +SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37), +SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38), +SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39), +SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40), +SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41), +SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42), +SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43), +SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44), +SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45), +SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46), +SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47), +SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48), +SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49), /* Fortezza Alerts */ -XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), -XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), -XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), -XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), -XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), -XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), -XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), -XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), -SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), -SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), -SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), -SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), -SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), -SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), -SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), -SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), -SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), -SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), -SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), -SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), -SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), -SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), -XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), -XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), -XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), -SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), -SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), -SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), -SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), -SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), -SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), -SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), -SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), -SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), -SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), -SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), -SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), -SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), -SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), -SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), -SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), -SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), -SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), -SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), -SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), +XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50), +XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51), +XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52), +XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53), +XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54), +XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55), +XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56), +XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57), +SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58), +SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59), +SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60), +SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61), +SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62), +SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63), +SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64), +SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65), +SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66), +SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67), +SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68), +SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69), +SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70), +SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71), +XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72), +XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73), +XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74), +SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75), +SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76), +SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77), +SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78), +SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79), +SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80), +SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81), +SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82), +SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83), +SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84), +SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85), +SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86), +SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87), +SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88), +SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89), +SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90), +SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91), +SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92), +SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93), +SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94), SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95), -SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), -SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), -SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), -SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), -SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), -SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), -SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), -SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), -SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), +SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96), +SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97), +SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98), +SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99), +SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100), +SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101), +SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102), +SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103), +SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104), SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = (SEC_ERROR_BASE + 105), -SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), -SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), -SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), -SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), -SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), -SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), -SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), -SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), -SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), -SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), -SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), -SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), -SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), -SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), -SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), -SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), -SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), -SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), -SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), -SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), -SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), -SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), -SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), -SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), -SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), -SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), +SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106), +SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107), +SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108), +SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109), +SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110), +SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111), +SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112), +SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113), +SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114), +SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115), +SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116), +SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118), +SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119), +SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120), +SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121), +SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122), +SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123), +SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124), +SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125), +SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126), +SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127), +SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128), +SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129), +SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130), +SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131), +SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132), /* smime stuff */ -SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), -SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), -SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), -SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), -SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), +SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133), +SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134), +SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135), +SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136), +SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137), SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138), SEC_ERROR_BUSY = (SEC_ERROR_BASE + 139), SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140), /* error codes used by elliptic curve code */ -SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), -SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), -SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), -SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), +SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141), +SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142), +SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143), +SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144), /* new revocation errors */ -SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), -SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), -SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), -SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), -SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), -SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), -SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), -SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), -SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), -SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), -SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), -SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), -SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), +SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145), +SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146), +SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147), +SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148), +SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149), +SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150), +SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151), +SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152), +SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153), +SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154), +SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155), +SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156), +SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157), -SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), -SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), -SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), +SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158), +SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159), +SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160), /* No longer used. Unknown AIA location types are now silently ignored. */ -SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), -SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), -SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), -SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), -SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), +SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161), +SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162), +SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163), +SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164), +SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), -SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), +SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), -SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), -SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), -SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), +SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), +SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), +SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), -SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), -SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), +SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170), +SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171), -SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), -SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), +SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172), +SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173), -SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), +SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174), -SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), +SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175), -SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), +SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176), -SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), +SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177), -SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), +SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178), /* Add new error codes above here. */ -SEC_ERROR_END_OF_LIST +SEC_ERROR_END_OF_LIST } SECErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index 1af4faf8..c0d2ba91 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -299,9 +299,15 @@ fi # created, we check for modutil to know whether the build # is complete. If a new file is created after that, the # following test for modutil should check for that instead. +# Exception: when building softoken only, shlibsign is the +# last file created. +if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then + LAST_FILE_BUILT=shlibsign +else + LAST_FILE_BUILT=modutil +fi -if [ ! -f ${DIST}/${OBJDIR}/bin/modutil -a \ - ! -f ${DIST}/${OBJDIR}/bin/modutil.exe ]; then +if [ ! -f ${DIST}/${OBJDIR}/bin/${LAST_FILE_BUILT}${PROG_SUFFIX} ]; then echo "Build Incomplete. Aborting test." >> ${LOGFILE} html_head "Testing Initialization" Exit "Checking for build" diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index 313c663f..1a23c19c 100644 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -1176,6 +1176,201 @@ cert_extensions() done < ${QADIR}/cert/certext.txt } +cert_make_with_param() +{ + DIRPASS="$1" + CERTNAME="$2" + MAKE="$3" + SUBJ="$4" + EXTRA="$5" + EXPECT="$6" + TESTNAME="$7" + + echo certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + ${BINDIR}/certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + # if we expected failure to create, then delete unexpected certificate + if [ "${EXPECT}" -ne 0 ]; then + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + fi + + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - ${EXTRA}" + cert_log "ERROR: ${TESTNAME} - ${EXTRA} failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_list_and_count_dns() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + EXPECTCOUNT="$4" + TESTNAME="$5" + + echo certutil ${DIRPASS} -L ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + LISTCOUNT=`${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} | grep -wc DNS` + if [ "${LISTCOUNT}" -ne "${EXPECTCOUNT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - list and count" + cert_log "ERROR: ${TESTNAME} - list and count failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_dump_ext_to_file() +{ + DIRPASS="$1" + CERTNAME="$2" + OID="$3" + OUTFILE="$4" + EXPECT="$5" + TESTNAME="$6" + + echo certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} + echo "writing output to ${OUTFILE}" + ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} > ${OUTFILE} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - dump to file" + cert_log "ERROR: ${TESTNAME} - dump to file failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_delete() +{ + DIRPASS="$1" + CERTNAME="$2" + EXPECT="$3" + TESTNAME="$4" + + echo certutil ${DIRPASS} -D ${CERTNAME} + ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME} + + RET=$? + if [ "${RET}" -ne "${EXPECT}" ]; then + CERTFAILED=1 + html_failed "${TESTNAME} (${COUNT}) - delete cert" + cert_log "ERROR: ${TESTNAME} - delete cert failed" + return 1 + fi + + html_passed "${TESTNAME} (${COUNT})" + return 0 +} + +cert_inc_count() +{ + COUNT=`expr ${COUNT} + 1` +} + +############################## cert_crl_ssl ############################ +# test adding subject-alt-name, dumping, and adding generic extension +######################################################################## +cert_san_and_generic_extensions() +{ + EXTDUMP=${CERT_EXTENSIONS_DIR}/sanext.der + + DIR="-d ${CERT_EXTENSIONS_DIR} -f ${R_PWFILE}" + CERTNAME="-n WithSAN" + MAKE="-S -t ,, -x -z ${R_NOISE_FILE}" + SUBJ="CN=example.com" + + TESTNAME="san-and-generic-extensions" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com" 255 \ + "create cert with invalid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN example.com,dns:www.example.com" 255 \ + "create cert with invalid SAN parameter" + + TN="create cert with valid SAN parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extSAN dns:example.com,dns:www.example.com" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_dump_ext_to_file "${DIR}" "${CERTNAME}" "2.5.29.17" "${EXTDUMP}" 0 \ + "dump extension 2.5.29.17 to file ${EXTDUMP}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric ${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric not-critical:${EXTDUMP},2.5.29.17:critical:${EXTDUMP}" 255 \ + "create cert with invalid generic ext parameter" + + TN="create cert with valid generic ext parameter" + + cert_inc_count + cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \ + "--extGeneric 2.5.29.17:not-critical:${EXTDUMP}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \ + "${TN}" + + cert_inc_count + cert_delete "${DIR}" "${CERTNAME}" 0 \ + "${TN}" + + cert_inc_count + cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \ + "expect failure to list cert, because we deleted it" +} + ############################## cert_crl_ssl ############################ # local shell function to generate certs and crls for SSL tests ######################################################################## @@ -1513,6 +1708,7 @@ if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then fi cert_eccurves cert_extensions +cert_san_and_generic_extensions cert_test_password cert_test_distrust cert_test_ocspresp diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh index a24af82c..12e78e18 100644 --- a/security/nss/tests/cipher/cipher.sh +++ b/security/nss/tests/cipher/cipher.sh @@ -129,6 +129,12 @@ if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then return 0 fi cipher_init -cipher_main -cipher_gcm +# Skip cipher_main if this an NSS without softoken build. +if [ "${NSS_BUILD_WITHOUT_SOFTOKEN}" != "1" ]; then + cipher_main +fi +# Skip cipher_gcm if this is a softoken only build. +if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then + cipher_gcm +fi cipher_cleanup From 98d377b37b0f9bd06d27ee782fd489fa67952a48 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Wed, 11 Jul 2018 21:35:15 +0800 Subject: [PATCH 08/20] cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2): bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650 --- security/nss/Makefile | 3 + security/nss/cmd/certutil/certutil.c | 2 +- security/nss/cmd/lib/secutil.c | 4 + security/nss/cmd/rsaperf/rsaperf.c | 10 +- security/nss/cmd/ssltap/ssltap.c | 1 + security/nss/cmd/tstclnt/tstclnt.c | 16 +- security/nss/coreconf/WIN32.mk | 45 +++- security/nss/doc/certutil.xml | 45 ++++ security/nss/doc/html/certutil.html | 14 +- security/nss/doc/html/pp.html | 6 +- security/nss/doc/nroff/certutil.1 | 90 +++++++- security/nss/doc/nroff/pp.1 | 20 +- security/nss/doc/pp.xml | 18 +- security/nss/lib/certdb/cert.h | 8 +- security/nss/lib/certdb/genname.h | 3 - security/nss/lib/certdb/xconst.c | 2 +- security/nss/lib/certhigh/certvfypkix.c | 70 +----- security/nss/lib/certhigh/certvfypkixprint.c | 206 ------------------ security/nss/lib/certhigh/manifest.mn | 1 - security/nss/lib/ckfw/builtins/bfind.c | 42 +++- security/nss/lib/ckfw/builtins/nssckbi.h | 6 +- security/nss/lib/crmf/respcli.c | 12 +- security/nss/lib/crmf/servget.c | 2 +- security/nss/lib/cryptohi/secsign.c | 2 +- security/nss/lib/cryptohi/secvfy.c | 204 ++++++++++------- security/nss/lib/freebl/Makefile | 10 + security/nss/lib/freebl/cts.c | 1 - security/nss/lib/freebl/ec.c | 5 + .../lib/freebl/mpi/mp_comba_amd64_masm.asm | 2 +- security/nss/lib/freebl/rsa.c | 29 ++- .../libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c | 2 +- security/nss/lib/nss/nss.def | 6 + security/nss/lib/nss/nss.h | 4 +- security/nss/lib/pk11wrap/dev3hack.c | 6 +- security/nss/lib/pk11wrap/pk11cert.c | 16 +- security/nss/lib/pk11wrap/pk11pub.h | 2 + security/nss/lib/pk11wrap/pk11util.c | 2 +- security/nss/lib/softoken/legacydb/lowcert.c | 2 +- security/nss/lib/softoken/legacydb/pcertdb.c | 6 +- security/nss/lib/softoken/pkcs11.c | 11 + security/nss/lib/softoken/pkcs11c.c | 78 +++---- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/ssl/SSLerrs.h | 4 + security/nss/lib/ssl/config.mk | 5 + security/nss/lib/ssl/dtlscon.c | 7 + security/nss/lib/ssl/ssl.h | 9 + security/nss/lib/ssl/ssl3con.c | 65 +++++- security/nss/lib/ssl/ssl3ecc.c | 48 ++-- security/nss/lib/ssl/ssl3ext.c | 99 ++++++++- security/nss/lib/ssl/ssl3prot.h | 6 + security/nss/lib/ssl/sslcon.c | 7 +- security/nss/lib/ssl/sslerr.h | 2 + security/nss/lib/ssl/sslimpl.h | 6 + security/nss/lib/ssl/sslproto.h | 9 + security/nss/lib/ssl/sslsecur.c | 6 +- security/nss/lib/ssl/sslsock.c | 29 ++- security/nss/lib/ssl/sslt.h | 5 +- security/nss/lib/util/manifest.mn | 2 + security/nss/lib/util/nssutil.def | 6 + security/nss/lib/util/nssutil.h | 4 +- security/nss/lib/util/pkcs1sig.c | 169 ++++++++++++++ security/nss/lib/util/pkcs1sig.h | 30 +++ security/nss/lib/util/quickder.c | 93 ++++++-- .../chains/scenarios/nameconstraints.cfg | 2 +- security/nss/tests/libpkix/certs/make-nc | 2 +- .../netscape/suites/security/ssl/sslt.c | 6 +- 66 files changed, 1082 insertions(+), 557 deletions(-) delete mode 100644 security/nss/lib/certhigh/certvfypkixprint.c create mode 100644 security/nss/lib/util/pkcs1sig.c create mode 100644 security/nss/lib/util/pkcs1sig.h diff --git a/security/nss/Makefile b/security/nss/Makefile index 6d01a1da..655c4d31 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -73,6 +73,9 @@ endif ifdef USE_DEBUG_RTL NSPR_CONFIGURE_OPTS += --enable-debug-rtl endif +ifdef USE_STATIC_RTL +NSPR_CONFIGURE_OPTS += --enable-static-rtl +endif ifdef NS_USE_GCC NSPR_COMPILERS = CC=gcc CXX=g++ endif diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index b2f12f3f..55b6a0c3 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -2367,7 +2367,7 @@ secuCommandFlag options_init[] = "keyAttrFlags"}, { /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE, "empty-password"}, - { /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE, + { /* opt_CertVersion */ 0, PR_TRUE, 0, PR_FALSE, "certVersion"}, { /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"}, { /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE, diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 0767be98..9f69f7fb 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -92,6 +92,7 @@ SECU_GetPasswordString(void *arg, char *prompt) output = fopen(consoleName, "w"); if (output == NULL) { fprintf(stderr, "Error opening output terminal for write\n"); + fclose(input); return NULL; } @@ -290,6 +291,9 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) output = fopen(consoleName, "w"); if (output == NULL) { PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); +#ifndef _WINDOWS + fclose(input); +#endif return NULL; } diff --git a/security/nss/cmd/rsaperf/rsaperf.c b/security/nss/cmd/rsaperf/rsaperf.c index c2f483c5..55503768 100644 --- a/security/nss/cmd/rsaperf/rsaperf.c +++ b/security/nss/cmd/rsaperf/rsaperf.c @@ -401,8 +401,6 @@ main(int argc, char **argv) Usage(progName); } - if (!doPriv && !doPub) doPriv = PR_TRUE; - if (doIters && doTime) Usage(progName); if (!doTime) { @@ -430,9 +428,7 @@ main(int argc, char **argv) if (useTokenKey) { CK_OBJECT_HANDLE kh = CK_INVALID_HANDLE; - CERTCertDBHandle* certdb = NULL; - certdb = CERT_GetDefaultCertDB(); - + cert = PK11_FindCertFromNickname(nickname, &pwData); if (cert == NULL) { fprintf(stderr, @@ -490,9 +486,7 @@ main(int argc, char **argv) exit(1); } - doKeyGen = PR_TRUE; /* Always do a keygen for session keys. - Import of hardcoded key is not supported */ - /* do a temporary keygen in selected slot */ + /* do a temporary keygen in selected slot */ if (!keybits) { keybits = DEFAULT_KEY_BITS; } diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 9614f05f..170420a6 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -403,6 +403,7 @@ const char * V2CipherString(int cs_int) case 0x00009E: cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256"; break; case 0x0000FF: cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; break; + case 0x005600: cs_str = "TLS_FALLBACK_SCSV"; break; case 0x00C001: cs_str = "TLS/ECDH-ECDSA/NULL/SHA"; break; case 0x00C002: cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA"; break; diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index b92dcb1a..664c54f7 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -180,7 +180,7 @@ static void PrintUsageHeader(const char *progName) fprintf(stderr, "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n" "[-d certdir] [-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n" - "[-V [min-version]:[max-version]] [-T]\n" + "[-V [min-version]:[max-version]] [-K] [-T]\n" "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n", progName); } @@ -206,6 +206,7 @@ static void PrintParameterUsage(void) "%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n" "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n", "-V [min]:[max]", "", "", ""); + fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K"); fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S"); fprintf(stderr, "%-20s Client speaks first. \n", "-f"); fprintf(stderr, "%-20s Use synchronous certificate validation " @@ -807,6 +808,7 @@ int main(int argc, char **argv) int enableCompression = 0; int enableFalseStart = 0; int enableCertStatus = 0; + int forceFallbackSCSV = 0; PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; @@ -852,7 +854,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BFKM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -874,6 +876,8 @@ int main(int argc, char **argv) case 'O': serverCertAuth.shouldPause = PR_FALSE; break; + case 'K': forceFallbackSCSV = PR_TRUE; break; + case 'M': switch (atoi(optstate->value)) { case 1: serverCertAuth.allowOCSPSideChannelData = PR_TRUE; @@ -1218,6 +1222,14 @@ int main(int argc, char **argv) return 1; } + if (forceFallbackSCSV) { + rv = SSL_OptionSet(s, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "error forcing fallback scsv"); + return 1; + } + } + /* enable cert status (OCSP stapling). */ rv = SSL_OptionSet(s, SSL_ENABLE_OCSP_STAPLING, enableCertStatus); if (rv != SECSuccess) { diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index afece499..bf46a83e 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -30,9 +30,16 @@ else BSDECHO = echo RC = rc.exe MT = mt.exe + # Check for clang-cl + CLANG_CL := $(shell expr `$(CC) -? 2>&1 | grep -w clang | wc -l` \> 0) # Determine compiler version - CC_VERSION := $(shell $(CC) 2>&1 | sed -ne \ + ifeq ($(CLANG_CL),1) + # clang-cl pretends to be MSVC 2012. + CC_VERSION := 17.00.00.00 + else + CC_VERSION := $(shell $(CC) 2>&1 | sed -ne \ 's|.* \([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p') + endif # Change the dots to spaces. _CC_VERSION_WORDS := $(subst ., ,$(CC_VERSION)) _CC_VMAJOR := $(word 1,$(_CC_VERSION_WORDS)) @@ -44,6 +51,8 @@ else # VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01. _MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \ $(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219) + # VC11 (2012). + _MSC_VER_GE_11 := $(shell expr $(_MSC_VER) \>= 1700) # VC12 (2013). _MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800) ifeq ($(_CC_VMAJOR),14) @@ -127,8 +136,26 @@ else # !NS_USE_GCC ifdef USE_DYNAMICBASE OS_DLLFLAGS += -DYNAMICBASE endif + # + # Define USE_DEBUG_RTL if you want to use the debug runtime library + # (RTL) in the debug build. + # Define USE_STATIC_RTL if you want to use the static RTL. + # + ifdef USE_DEBUG_RTL + ifdef USE_STATIC_RTL + OS_CFLAGS += -MTd + else + OS_CFLAGS += -MDd + endif + OS_CFLAGS += -D_CRTDBG_MAP_ALLOC + else + ifdef USE_STATIC_RTL + OS_CFLAGS += -MT + else + OS_CFLAGS += -MD + endif + endif ifdef BUILD_OPT - OS_CFLAGS += -MD ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) OPTIMIZER += -O1 else @@ -146,15 +173,6 @@ else # !NS_USE_GCC LDFLAGS += -DEBUG -OPT:REF endif else - # - # Define USE_DEBUG_RTL if you want to use the debug runtime library - # (RTL) in the debug build - # - ifdef USE_DEBUG_RTL - OS_CFLAGS += -MDd -D_CRTDBG_MAP_ALLOC - else - OS_CFLAGS += -MD - endif OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od NULLSTRING := SPACE := $(NULLSTRING) # end of the line @@ -194,6 +212,11 @@ ifdef USE_64 DEFINES += -D_AMD64_ else DEFINES += -D_X86_ + # VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring + # SSE2. + ifeq ($(_MSC_VER_GE_11),1) + OS_CFLAGS += -arch:IA32 + endif endif endif ifeq ($(CPU_ARCH), ALPHA) diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 87280679..b89fa492 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -203,6 +203,11 @@ If this option is not used, the validity check defaults to the current system ti + + --dump-ext-val OID + For single cert, print binary DER encoding of extension OID. + + -e Check a certificate's signature during the process of validating a certificate. @@ -213,6 +218,26 @@ If this option is not used, the validity check defaults to the current system ti Specify the email address of a certificate to list. Used with the -L command option. + + --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... + + +Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files. + + + +OID (example): 1.2.3.4 + + +critical-flag: critical or not-critical + + +filename: full path to a file containing an encoded extension + + + + + -f password-file Specify a file that will automatically supply the password to include in a certificate @@ -376,6 +401,15 @@ of the attribute codes: V (as an SSL server) +L (as an SSL CA) + + +A (as Any CA) + + +Y (Verify CA) + + S (as an email signer) @@ -648,6 +682,17 @@ of the attribute codes: Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280. + + --extSAN type:name[,type:name]... + +Create a Subject Alt Name extension with one or multiple names. + + +-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr + + + + --empty-password Use empty password when creating new certificate database with -N. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index c99513fc..907f90be 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL

          CERTUTIL

          Name

          certutil — Manage keys and certificate in both NSS databases and other NSS tokens

          Synopsis

          certutil [options] [[arguments]]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

          CERTUTIL

          Name

          certutil — Manage keys and certificate in both NSS databases and other NSS tokens

          Synopsis

          certutil [options] [[arguments]]

          STATUS

          This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

          Description

          The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

          Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

          Command Options and Arguments

          Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

          Command Options

          -A

          Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

          -B

          Run a series of commands from the specified batch file. This requires the -i argument.

          -C

          Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

          -D

          Delete a certificate from the certificate database.

          -E

          Add an email certificate to the certificate database.

          -F

          Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

          @@ -10,7 +10,9 @@ For certificate requests, ASCII output defaults to standard output unless redire

          If this option is not used, the validity check defaults to the current system time.

          -c issuer

          Identify the certificate of the CA from which a new certificate will derive its authenticity. Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string - with quotation marks if it contains spaces.

          -d [prefix]directory

          Specify the database directory containing the certificate and key database files.

          certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

          NSS recognizes the following prefixes:

          • sql: requests the newer database

          • dbm: requests the legacy database

          If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

          -e

          Check a certificate's signature during the process of validating a certificate.

          --email email-address

          Specify the email address of a certificate to list. Used with the -L command option.

          -f password-file

          Specify a file that will automatically supply the password to include in a certificate + with quotation marks if it contains spaces.

          -d [prefix]directory

          Specify the database directory containing the certificate and key database files.

          certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

          NSS recognizes the following prefixes:

          • sql: requests the newer database

          • dbm: requests the legacy database

          If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

          --dump-ext-val OID

          For single cert, print binary DER encoding of extension OID.

          -e

          Check a certificate's signature during the process of validating a certificate.

          --email email-address

          Specify the email address of a certificate to list. Used with the -L command option.

          --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...

          +Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files. +

          • OID (example): 1.2.3.4

          • critical-flag: critical or not-critical

          • filename: full path to a file containing an encoded extension

          -f password-file

          Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.

          -g keysize

          Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

          -h tokenname

          Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

          -i input_file

          Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

          -k key-type-or-id

          Specify the type or specific ID of a key.

          The valid key type options are rsa, dsa, ec, or all. The default @@ -54,7 +56,7 @@ of the attribute codes:

        The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:

        -t "TCu,Cu,Tu"

        - Use the -L option to see a list of the current certificates and trust attributes in a certificate database.

        -u certusage

        Specify a usage context to apply when validating a certificate with the -V option.

        The contexts are the following:

        • C (as an SSL client)

        • V (as an SSL server)

        • S (as an email signer)

        • R (as an email recipient)

        • O (as an OCSP status responder)

        • J (as an object signer)

        -v valid-months

        Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months.

        -w offset-months

        Set an offset from the current system time, in months, + Use the -L option to see a list of the current certificates and trust attributes in a certificate database.

        -u certusage

        Specify a usage context to apply when validating a certificate with the -V option.

        The contexts are the following:

        • C (as an SSL client)

        • V (as an SSL server)

        • L (as an SSL CA)

        • A (as Any CA)

        • Y (Verify CA)

        • S (as an email signer)

        • R (as an email recipient)

        • O (as an OCSP status responder)

        • J (as an object signer)

        -v valid-months

        Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months.

        -w offset-months

        Set an offset from the current system time, in months, for the beginning of a certificate's validity period. Use when creating the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is @@ -109,7 +111,11 @@ of the attribute codes: msTrustListSign

      • critical -

      X.509 certificate extensions are described in RFC 5280.

-7 emailAddrs

Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

-8 dns-names

Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

--extAIA

Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extSIA

Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extCP

Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extPM

Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extPC

Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extIA

Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extSKID

Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extNC

Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--empty-password

Use empty password when creating new certificate database with -N.

--keyAttrFlags attrflags

+

X.509 certificate extensions are described in RFC 5280.

-7 emailAddrs

Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

-8 dns-names

Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

--extAIA

Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extSIA

Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extCP

Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extPM

Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extPC

Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extIA

Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extSKID

Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extNC

Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.

--extSAN type:name[,type:name]...

+Create a Subject Alt Name extension with one or multiple names. +

+-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr +

--empty-password

Use empty password when creating new certificate database with -N.

--keyAttrFlags attrflags

PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}

--keyOpFlagsOn opflags, --keyOpFlagsOff opflags

PKCS #11 key Operation Flags. Comma separated list of one or more of the following: diff --git a/security/nss/doc/html/pp.html b/security/nss/doc/html/pp.html index 4407ef72..b9b8ed6e 100644 --- a/security/nss/doc/html/pp.html +++ b/security/nss/doc/html/pp.html @@ -1,7 +1,7 @@ -PP

PP

Name

pp — Prints certificates, keys, crls, and pkcs7 files

Synopsis

pp -t type [-a] [-i input] [-o output]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

Description

pp pretty-prints private and public key, certificate, certificate-request, +PP

PP

Name

pp — Prints certificates, keys, crls, and pkcs7 files

Synopsis

pp -t type [-a] [-i input] [-o output] [-u] [-w]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

Description

pp pretty-prints private and public key, certificate, certificate-request, pkcs7 or crl files -

Options

-t type

specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

-a
Input is in ascii encoded form (RFC1113)
-i inputfile
Define an input file to use (default is stdin)
-u outputfile
Define an output file to use (default is stdout)

Additional Resources

NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

IRC: Freenode at #dogtag-pki

Authors

The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

+

Options

-t type

specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

-a
Input is in ascii encoded form (RFC1113)
-i inputfile
Define an input file to use (default is stdin)
-o outputfile
Define an output file to use (default is stdout)
-u
Use UTF-8 (default is to show non-ascii as .)
-w
Don't wrap long output lines

Additional Resources

NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

IRC: Freenode at #dogtag-pki

Authors

The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

LICENSE

Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 1d7f247a..7ae5db01 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 5 June 2014 +.\" Date: 29 July 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "29 July 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -250,6 +250,11 @@ If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE is the default\&. .RE .PP +\-\-dump\-ext\-val OID +.RS 4 +For single cert, print binary DER encoding of extension OID\&. +.RE +.PP \-e .RS 4 Check a certificate\*(Aqs signature during the process of validating a certificate\&. @@ -260,6 +265,44 @@ Check a certificate\*(Aqs signature during the process of validating a certifica Specify the email address of a certificate to list\&. Used with the \-L command option\&. .RE .PP +\-\-extGeneric OID:critical\-flag:filename[,OID:critical\-flag:filename]\&.\&.\&. +.RS 4 +Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +OID (example): 1\&.2\&.3\&.4 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +critical\-flag: critical or not\-critical +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +filename: full path to a file containing an encoded extension +.RE +.RE +.PP \-f password\-file .RS 4 Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&. @@ -461,6 +504,42 @@ The contexts are the following: .sp -1 .IP \(bu 2.3 .\} +\fBL\fR +(as an SSL CA) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBA\fR +(as Any CA) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fBY\fR +(Verify CA) +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} \fBS\fR (as an email signer) .RE @@ -914,6 +993,13 @@ Add the Subject Key ID extension to the certificate\&. X\&.509 certificate exten Add a Name Constraint extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&. .RE .PP +\-\-extSAN type:name[,type:name]\&.\&.\&. +.RS 4 +Create a Subject Alt Name extension with one or multiple names\&. +.sp +\-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr +.RE +.PP \-\-empty\-password .RS 4 Use empty password when creating new certificate database with \-N\&. diff --git a/security/nss/doc/nroff/pp.1 b/security/nss/doc/nroff/pp.1 index 2c9aa5a6..ce376398 100644 --- a/security/nss/doc/nroff/pp.1 +++ b/security/nss/doc/nroff/pp.1 @@ -2,12 +2,12 @@ .\" Title: PP .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 5 June 2014 +.\" Date: 29 July 2014 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" +.TH "PP" "1" "29 July 2014" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -30,8 +30,8 @@ .SH "NAME" pp \- Prints certificates, keys, crls, and pkcs7 files .SH "SYNOPSIS" -.HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\fR\ 'u -\fBpp \-t type [\-a] [\-i input] [\-o output]\fR +.HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\ [\-u]\ [\-w]\fR\ 'u +\fBpp \-t type [\-a] [\-i input] [\-o output] [\-u] [\-w]\fR .SH "STATUS" .PP This documentation is still work in progress\&. Please contribute to the initial review in @@ -57,10 +57,20 @@ Input is in ascii encoded form (RFC1113) Define an input file to use (default is stdin) .RE .PP -\fB\-u \fR \fIoutputfile\fR +\fB\-o \fR \fIoutputfile\fR .RS 4 Define an output file to use (default is stdout) .RE +.PP +\fB\-u \fR +.RS 4 +Use UTF\-8 (default is to show non\-ascii as \&.) +.RE +.PP +\fB\-w \fR +.RS 4 +Don\*(Aqt wrap long output lines +.RE .SH "ADDITIONAL RESOURCES" .PP NSS is maintained in conjunction with PKI and security\-related projects through Mozilla and Fedora\&. The most closely\-related project is Dogtag PKI, with a project wiki at diff --git a/security/nss/doc/pp.xml b/security/nss/doc/pp.xml index 426838a5..24efdf87 100644 --- a/security/nss/doc/pp.xml +++ b/security/nss/doc/pp.xml @@ -26,7 +26,7 @@ - pp -t type [-a] [-i input] [-o output] + pp -t type [-a] [-i input] [-o output] [-u] [-w] @@ -73,12 +73,26 @@ - outputfile + outputfile Define an output file to use (default is stdout) + + + + Use UTF-8 (default is to show non-ascii as .) + + + + + + + Don't wrap long output lines + + + diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 4ebdf336..0e9e3919 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -1167,7 +1167,7 @@ CERT_DecodeNameConstraintsExtension(PLArenaPool *arena, /* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */ extern CERTAuthInfoAccess ** CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena, - SECItem *encodedExtension); + const SECItem *encodedExtension); extern CERTPrivKeyUsagePeriod * CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue); @@ -1561,6 +1561,12 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, extern CERTGeneralName * CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type); +/* + * Lookup a CERTGeneralNameType constant by its human readable string. + */ +extern CERTGeneralNameType +CERT_GetGeneralNameTypeFromString(const char *string); + /* * PKIX extension encoding routines */ diff --git a/security/nss/lib/certdb/genname.h b/security/nss/lib/certdb/genname.h index 1d94376d..091c82c1 100644 --- a/security/nss/lib/certdb/genname.h +++ b/security/nss/lib/certdb/genname.h @@ -26,9 +26,6 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName); extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name); -extern CERTGeneralNameType -CERT_GetGeneralNameTypeFromString(const char *string); - extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena, SECItem *dest); diff --git a/security/nss/lib/certdb/xconst.c b/security/nss/lib/certdb/xconst.c index d4a32f3f..495987c4 100644 --- a/security/nss/lib/certdb/xconst.c +++ b/security/nss/lib/certdb/xconst.c @@ -226,7 +226,7 @@ CERT_DecodeNameConstraintsExtension(PLArenaPool *arena, CERTAuthInfoAccess ** CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena, - SECItem *encodedExtension) + const SECItem *encodedExtension) { CERTAuthInfoAccess **info = NULL; SECStatus rv; diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index 4a6859c9..dcb2dbf2 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -27,20 +27,6 @@ extern PRLogModuleInfo *pkixLog; -#ifdef DEBUG_volkov -/* Temporary declarations of functioins. Will be removed with fix for - * 391183 */ -extern char * -pkix_Error2ASCII(PKIX_Error *error, void *plContext); - -extern void -cert_PrintCert(PKIX_PL_Cert *pkixCert, void *plContext); - -extern PKIX_Error * -cert_PrintCertChain(PKIX_List *pkixCertChain, void *plContext); - -#endif /* DEBUG */ - #ifdef PKIX_OBJECT_LEAK_TEST extern PKIX_UInt32 @@ -898,11 +884,6 @@ cert_GetLogFromVerifyNode( if (children == NULL) { PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT; if (node->error && node->error->errCode != errCode) { -#ifdef DEBUG_volkov - char *string = pkix_Error2ASCII(node->error, plContext); - fprintf(stderr, "Branch search finished with error: \t%s\n", string); - PKIX_PL_Free(string, NULL); -#endif if (log != NULL) { SECErrorCodes nssErrorCode = 0; CERTCertificate *cert = NULL; @@ -1003,9 +984,6 @@ cert_GetBuildResults( PKIX_TrustAnchor *trustAnchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *pkixCertChain = NULL; -#ifdef DEBUG_volkov - PKIX_Error *tmpPkixError = NULL; -#endif /* DEBUG */ PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults"); if (buildResult == NULL && error == NULL) { @@ -1014,11 +992,6 @@ cert_GetBuildResults( if (error) { SECErrorCodes nssErrorCode = 0; -#ifdef DEBUG_volkov - char *temp = pkix_Error2ASCII(error, plContext); - fprintf(stderr, "BUILD ERROR:\n%s\n", temp); - PKIX_PL_Free(temp, NULL); -#endif /* DEBUG */ if (verifyNode) { PKIX_Error *tmpError = cert_GetLogFromVerifyNode(log, verifyNode, plContext); @@ -1037,13 +1010,6 @@ cert_GetBuildResults( plContext), PKIX_BUILDRESULTGETCERTCHAINFAILED); -#ifdef DEBUG_volkov - tmpPkixError = cert_PrintCertChain(pkixCertChain, plContext); - if (tmpPkixError) { - PKIX_PL_Object_DecRef((PKIX_PL_Object*)tmpPkixError, plContext); - } -#endif - PKIX_CHECK( cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext), PKIX_CERTCHAINTONSSCHAINFAILED); @@ -1065,13 +1031,7 @@ cert_GetBuildResults( plContext), PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED); -#ifdef DEBUG_volkov - if (pvalidChain == NULL) { - cert_PrintCert(trustedCert, plContext); - } -#endif - - PKIX_CHECK( + PKIX_CHECK( PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot, plContext), PKIX_CERTGETCERTCERTIFICATEFAILED); @@ -1158,10 +1118,6 @@ cert_VerifyCertChainPkix( SECStatus rv = SECFailure; void *plContext = NULL; -#ifdef DEBUG_volkov - CERTCertificate *trustedRoot = NULL; - CERTCertList *validChain = NULL; -#endif /* DEBUG */ #ifdef PKIX_OBJECT_LEAK_TEST int leakedObjNum = 0; @@ -1196,10 +1152,6 @@ do { result = NULL; verifyNode = NULL; error = NULL; -#ifdef DEBUG_volkov - trustedRoot = NULL; - validChain = NULL; -#endif /* DEBUG */ errorGenerated = PKIX_FALSE; stackPosition = 0; @@ -1242,29 +1194,11 @@ do { rv = SECSuccess; cleanup: - error = cert_GetBuildResults(result, verifyNode, error, log, -#ifdef DEBUG_volkov - &trustedRoot, &validChain, -#else - NULL, NULL, -#endif /* DEBUG */ + error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL, plContext); if (error) { -#ifdef DEBUG_volkov - char *temp = pkix_Error2ASCII(error, plContext); - fprintf(stderr, "GET BUILD RES ERRORS:\n%s\n", temp); - PKIX_PL_Free(temp, NULL); -#endif /* DEBUG */ PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); } -#ifdef DEBUG_volkov - if (trustedRoot) { - CERT_DestroyCertificate(trustedRoot); - } - if (validChain) { - CERT_DestroyCertList(validChain); - } -#endif /* DEBUG */ if (procParams) { PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext); } diff --git a/security/nss/lib/certhigh/certvfypkixprint.c b/security/nss/lib/certhigh/certvfypkixprint.c deleted file mode 100644 index d08d1be6..00000000 --- a/security/nss/lib/certhigh/certvfypkixprint.c +++ /dev/null @@ -1,206 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * nss_pkix_proxy.h - * - * PKIX - NSS proxy functions - * - */ -#include "cert.h" -#include "pkix_pl_common.h" - -#ifdef DEBUG - -char * -pkix_Error2ASCII(PKIX_Error *error, void *plContext) -{ - PKIX_UInt32 length; - char *asciiString = NULL; - PKIX_PL_String *pkixString = NULL; - PKIX_Error *errorResult = NULL; - - errorResult = PKIX_PL_Object_ToString - ((PKIX_PL_Object*)error, &pkixString, plContext); - if (errorResult) goto cleanup; - - errorResult = PKIX_PL_String_GetEncoded - (pkixString, - PKIX_ESCASCII, - (void **)&asciiString, - &length, - plContext); - -cleanup: - - if (pkixString){ - if (PKIX_PL_Object_DecRef - ((PKIX_PL_Object*)pkixString, plContext)){ - return (NULL); - } - } - - if (errorResult){ - PKIX_PL_Object_DecRef((PKIX_PL_Object*)errorResult, plContext); - return (NULL); - } - - return (asciiString); -} - -char * -pkix_Object2ASCII(PKIX_PL_Object *object) -{ - PKIX_UInt32 length; - char *asciiString = NULL; - PKIX_PL_String *pkixString = NULL; - PKIX_Error *errorResult = NULL; - - errorResult = PKIX_PL_Object_ToString - (object, &pkixString, NULL); - if (errorResult) goto cleanup; - - errorResult = PKIX_PL_String_GetEncoded - (pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL); - -cleanup: - - if (pkixString){ - if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixString, NULL)){ - return (NULL); - } - } - - if (errorResult){ - return (NULL); - } - - return (asciiString); -} - -char * -pkix_Cert2ASCII(PKIX_PL_Cert *cert) -{ - PKIX_PL_X500Name *issuer = NULL; - void *issuerAscii = NULL; - PKIX_PL_X500Name *subject = NULL; - void *subjectAscii = NULL; - void *asciiString = NULL; - PKIX_Error *errorResult = NULL; - PKIX_UInt32 numChars; - PKIX_UInt32 refCount = 0; - - /* Issuer */ - errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL); - if (errorResult) goto cleanup; - - issuerAscii = pkix_Object2ASCII((PKIX_PL_Object*)issuer); - - /* Subject */ - errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL); - if (errorResult) goto cleanup; - - if (subject){ - subjectAscii = pkix_Object2ASCII((PKIX_PL_Object*)subject); - } - -/* errorResult = PKIX_PL_Object_GetRefCount((PKIX_PL_Object*)cert, &refCount, NULL); */ - if (errorResult) goto cleanup; - - errorResult = PKIX_PL_Malloc(200, &asciiString, NULL); - if (errorResult) goto cleanup; - - numChars = - PR_snprintf - (asciiString, - 200, - "Ref: %d Subject=%s\nIssuer=%s\n", - refCount, - subjectAscii, - issuerAscii); - - if (!numChars) goto cleanup; - -cleanup: - - if (issuer){ - if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)issuer, NULL)){ - return (NULL); - } - } - - if (subject){ - if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)subject, NULL)){ - return (NULL); - } - } - - if (PKIX_PL_Free((PKIX_PL_Object*)issuerAscii, NULL)){ - return (NULL); - } - - if (PKIX_PL_Free((PKIX_PL_Object*)subjectAscii, NULL)){ - return (NULL); - } - - if (errorResult){ - return (NULL); - } - - return (asciiString); -} - -PKIX_Error * -cert_PrintCertChain( - PKIX_List *pkixCertChain, - void *plContext) -{ - PKIX_PL_Cert *cert = NULL; - PKIX_UInt32 numCerts = 0, i = 0; - char *asciiResult = NULL; - - PKIX_ENTER(CERTVFYPKIX, "cert_PrintCertChain"); - - PKIX_CHECK( - PKIX_List_GetLength(pkixCertChain, &numCerts, plContext), - PKIX_LISTGETLENGTHFAILED); - - fprintf(stderr, "\n"); - - for (i = 0; i < numCerts; i++){ - PKIX_CHECK - (PKIX_List_GetItem - (pkixCertChain, i, (PKIX_PL_Object**)&cert, plContext), - PKIX_LISTGETITEMFAILED); - - asciiResult = pkix_Cert2ASCII(cert); - - fprintf(stderr, "CERT[%d]:\n%s\n", i, asciiResult); - - PKIX_PL_Free(asciiResult, plContext); - asciiResult = NULL; - - PKIX_DECREF(cert); - } - -cleanup: - PKIX_DECREF(cert); - - PKIX_RETURN(CERTVFYPKIX); -} - -void -cert_PrintCert( - PKIX_PL_Cert *pkixCert, - void *plContext) -{ - char *asciiResult = NULL; - - asciiResult = pkix_Cert2ASCII(pkixCert); - - fprintf(stderr, "CERT[0]:\n%s\n", asciiResult); - - PKIX_PL_Free(asciiResult, plContext); -} - -#endif /* DEBUG */ diff --git a/security/nss/lib/certhigh/manifest.mn b/security/nss/lib/certhigh/manifest.mn index c025d7be..ed9b9108 100644 --- a/security/nss/lib/certhigh/manifest.mn +++ b/security/nss/lib/certhigh/manifest.mn @@ -25,7 +25,6 @@ CSRCS = \ certhigh.c \ certvfy.c \ certvfypkix.c \ - certvfypkixprint.c \ xcrldist.c \ $(NULL) diff --git a/security/nss/lib/ckfw/builtins/bfind.c b/security/nss/lib/ckfw/builtins/bfind.c index e31c4ef0..df35ed8b 100644 --- a/security/nss/lib/ckfw/builtins/bfind.c +++ b/security/nss/lib/ckfw/builtins/bfind.c @@ -183,7 +183,16 @@ nss_builtins_FindObjectsInit NSSArena *arena; NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL; struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL; - builtinsInternalObject **temp = (builtinsInternalObject **)NULL; + + /* + * 99% of the time we get 0 or 1 matches. So we start with a small + * stack-allocated array to hold the matches and switch to a heap-allocated + * array later if the number of matches exceeds STACK_BUF_LENGTH. + */ + #define STACK_BUF_LENGTH 1 + builtinsInternalObject *stackTemp[STACK_BUF_LENGTH]; + builtinsInternalObject **temp = stackTemp; + PRBool tempIsHeapAllocated = PR_FALSE; PRUint32 i; arena = NSSArena_Create(); @@ -211,17 +220,24 @@ nss_builtins_FindObjectsInit rv->Next = builtins_mdFindObjects_Next; rv->null = (void *)NULL; - temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, - nss_builtins_nObjects); - if( (builtinsInternalObject **)NULL == temp ) { - *pError = CKR_HOST_MEMORY; - goto loser; - } - for( i = 0; i < nss_builtins_nObjects; i++ ) { builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i]; if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) { + if( fo->n == STACK_BUF_LENGTH ) { + /* Switch from the small stack array to a heap-allocated array large + * enough to handle matches in all remaining cases. */ + temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *, + fo->n + nss_builtins_nObjects - i); + if( (builtinsInternalObject **)NULL == temp ) { + *pError = CKR_HOST_MEMORY; + goto loser; + } + tempIsHeapAllocated = PR_TRUE; + (void)nsslibc_memcpy(temp, stackTemp, + sizeof(builtinsInternalObject *) * fo->n); + } + temp[ fo->n ] = o; fo->n++; } @@ -234,13 +250,17 @@ nss_builtins_FindObjectsInit } (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n); - nss_ZFreeIf(temp); - temp = (builtinsInternalObject **)NULL; + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + temp = (builtinsInternalObject **)NULL; + } return rv; loser: - nss_ZFreeIf(temp); + if (tempIsHeapAllocated) { + nss_ZFreeIf(temp); + } nss_ZFreeIf(fo); nss_ZFreeIf(rv); if ((NSSArena *)NULL != arena) { diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index ba43e70f..a0ce7b20 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -44,9 +44,9 @@ * whether we may use its full range (0-255) or only 0-99 because * of the comment in the CK_VERSION type definition. */ -#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98 -#define NSS_BUILTINS_LIBRARY_VERSION "1.98" +#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 +#define NSS_BUILTINS_LIBRARY_VERSION "2.1" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/crmf/respcli.c b/security/nss/lib/crmf/respcli.c index 653bd8a6..5525aaf2 100644 --- a/security/nss/lib/crmf/respcli.c +++ b/security/nss/lib/crmf/respcli.c @@ -92,11 +92,13 @@ CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent, return NULL; } certResponse = PORT_ZNew(CMMFCertResponse); - rv = cmmf_CopyCertResponse(NULL, certResponse, - inCertRepContent->response[inIndex]); - if (rv != SECSuccess) { - CMMF_DestroyCertResponse(certResponse); - certResponse = NULL; + if (certResponse){ + rv = cmmf_CopyCertResponse(NULL, certResponse, + inCertRepContent->response[inIndex]); + if (rv != SECSuccess) { + CMMF_DestroyCertResponse(certResponse); + certResponse = NULL; + } } return certResponse; } diff --git a/security/nss/lib/crmf/servget.c b/security/nss/lib/crmf/servget.c index 757a7fe3..d19c8290 100644 --- a/security/nss/lib/crmf/servget.c +++ b/security/nss/lib/crmf/servget.c @@ -597,7 +597,7 @@ CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, return SECFailure; } *destKey = PORT_ZNew(CRMFPOPOPrivKey); - if (destKey == NULL) { + if (*destKey == NULL) { return SECFailure; } return crmf_copy_popoprivkey(NULL, diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index 2ea337b3..f2bd229f 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -445,11 +445,11 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag) sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break; case SEC_OID_MD5: sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break; - case SEC_OID_UNKNOWN: /* default for RSA if not specified */ case SEC_OID_SHA1: sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break; case SEC_OID_SHA224: sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break; + case SEC_OID_UNKNOWN: /* default for RSA if not specified */ case SEC_OID_SHA256: sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; case SEC_OID_SHA384: diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index c1ac39bc..c869167c 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -12,78 +12,111 @@ #include "secasn1.h" #include "secoid.h" #include "pk11func.h" +#include "pkcs1sig.h" #include "secdig.h" #include "secerr.h" #include "keyi.h" /* -** Decrypt signature block using public key -** Store the hash algorithm oid tag in *tagp -** Store the digest in the digest buffer -** Store the digest length in *digestlen +** Recover the DigestInfo from an RSA PKCS#1 signature. +** +** If givenDigestAlg != SEC_OID_UNKNOWN, copy givenDigestAlg to digestAlgOut. +** Otherwise, parse the DigestInfo structure and store the decoded digest +** algorithm into digestAlgOut. +** +** Store the encoded DigestInfo into digestInfo. +** Store the DigestInfo length into digestInfoLen. +** +** This function does *not* verify that the AlgorithmIdentifier in the +** DigestInfo identifies givenDigestAlg or that the DigestInfo is encoded +** correctly; verifyPKCS1DigestInfo does that. +** ** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION */ static SECStatus -DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, - unsigned int *digestlen, unsigned int maxdigestlen, - SECKEYPublicKey *key, const SECItem *sig, char *wincx) +recoverPKCS1DigestInfo(SECOidTag givenDigestAlg, + /*out*/ SECOidTag* digestAlgOut, + /*out*/ unsigned char** digestInfo, + /*out*/ unsigned int* digestInfoLen, + SECKEYPublicKey* key, + const SECItem* sig, void* wincx) { - SGNDigestInfo *di = NULL; - unsigned char *buf = NULL; - SECStatus rv; - SECOidTag tag; - SECItem it; + SGNDigestInfo* di = NULL; + SECItem it; + PRBool rv = SECSuccess; - if (key == NULL) goto loser; + PORT_Assert(digestAlgOut); + PORT_Assert(digestInfo); + PORT_Assert(digestInfoLen); + PORT_Assert(key); + PORT_Assert(key->keyType == rsaKey); + PORT_Assert(sig); + it.data = NULL; it.len = SECKEY_PublicKeyStrength(key); - if (!it.len) goto loser; - it.data = buf = (unsigned char *)PORT_Alloc(it.len); - if (!buf) goto loser; - - /* decrypt the block */ - rv = PK11_VerifyRecover(key, (SECItem *)sig, &it, wincx); - if (rv != SECSuccess) goto loser; - - di = SGN_DecodeDigestInfo(&it); - if (di == NULL) goto sigloser; - - /* - ** Finally we have the digest info; now we can extract the algorithm - ** ID and the signature block - */ - tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm); - /* Check that tag is an appropriate algorithm */ - if (tag == SEC_OID_UNKNOWN) { - goto sigloser; + if (it.len != 0) { + it.data = (unsigned char *)PORT_Alloc(it.len); } - /* make sure the "parameters" are not too bogus. */ - if (di->digestAlgorithm.parameters.len > 2) { - goto sigloser; + if (it.len == 0 || it.data == NULL ) { + rv = SECFailure; } - if (di->digest.len > maxdigestlen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - goto loser; + + if (rv == SECSuccess) { + /* decrypt the block */ + rv = PK11_VerifyRecover(key, sig, &it, wincx); } - PORT_Memcpy(digest, di->digest.data, di->digest.len); - *tagp = tag; - *digestlen = di->digest.len; - goto done; - - sigloser: - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - - loser: - rv = SECFailure; - - done: - if (di != NULL) SGN_DestroyDigestInfo(di); - if (buf != NULL) PORT_Free(buf); + if (rv == SECSuccess) { + if (givenDigestAlg != SEC_OID_UNKNOWN) { + /* We don't need to parse the DigestInfo if the caller gave us the + * digest algorithm to use. Later verifyPKCS1DigestInfo will verify + * that the DigestInfo identifies the given digest algorithm and + * that the DigestInfo is encoded absolutely correctly. + */ + *digestInfoLen = it.len; + *digestInfo = (unsigned char*)it.data; + *digestAlgOut = givenDigestAlg; + return SECSuccess; + } + } + + if (rv == SECSuccess) { + /* The caller didn't specify a digest algorithm to use, so choose the + * digest algorithm by parsing the AlgorithmIdentifier within the + * DigestInfo. + */ + di = SGN_DecodeDigestInfo(&it); + if (!di) { + rv = SECFailure; + } + } + + if (rv == SECSuccess) { + *digestAlgOut = SECOID_GetAlgorithmTag(&di->digestAlgorithm); + if (*digestAlgOut == SEC_OID_UNKNOWN) { + rv = SECFailure; + } + } + + if (di) { + SGN_DestroyDigestInfo(di); + } + + if (rv == SECSuccess) { + *digestInfoLen = it.len; + *digestInfo = (unsigned char*)it.data; + } else { + if (it.data) { + PORT_Free(it.data); + } + *digestInfo = NULL; + *digestInfoLen = 0; + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + } + return rv; } - struct VFYContextStr { SECOidTag hashAlg; /* the hash algorithm */ SECKEYPublicKey *key; @@ -99,14 +132,14 @@ struct VFYContextStr { union { unsigned char buffer[1]; - /* the digest in the decrypted RSA signature */ - unsigned char rsadigest[HASH_LENGTH_MAX]; /* the full DSA signature... 40 bytes */ unsigned char dsasig[DSA_MAX_SIGNATURE_LEN]; /* the full ECDSA signature */ unsigned char ecdsasig[2 * MAX_ECKEY_LEN]; } u; - unsigned int rsadigestlen; + unsigned int pkcs1RSADigestInfoLen; + /* the encoded DigestInfo from a RSA PKCS#1 signature */ + unsigned char *pkcs1RSADigestInfo; void * wincx; void *hashcx; const SECHashObject *hashobj; @@ -117,6 +150,17 @@ struct VFYContextStr { * VFY_EndWithSignature call. */ }; +static SECStatus +verifyPKCS1DigestInfo(const VFYContext* cx, const SECItem* digest) +{ + SECItem pkcs1DigestInfo; + pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; + pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; + return _SGN_VerifyPKCS1DigestInfo( + cx->hashAlg, digest, &pkcs1DigestInfo, + PR_TRUE /*XXX: unsafeAllowMissingParameters*/); +} + /* * decode the ECDSA or DSA signature from it's DER wrapping. * The unwrapped/raw signature is placed in the buffer pointed @@ -376,16 +420,16 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig, cx->encAlg = encAlg; cx->hashAlg = hashAlg; cx->key = SECKEY_CopyPublicKey(key); + cx->pkcs1RSADigestInfo = NULL; rv = SECSuccess; if (sig) { switch (type) { case rsaKey: - rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen, - HASH_LENGTH_MAX, cx->key, sig, (char*)wincx); - if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - rv = SECFailure; - } + rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, + &cx->pkcs1RSADigestInfo, + &cx->pkcs1RSADigestInfoLen, + cx->key, + sig, wincx); break; case dsaKey: case ecKey: @@ -469,6 +513,9 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit) if (cx->key) { SECKEY_DestroyPublicKey(cx->key); } + if (cx->pkcs1RSADigestInfo) { + PORT_Free(cx->pkcs1RSADigestInfo); + } if (freeit) { PORT_ZFree(cx, sizeof(VFYContext)); } @@ -548,21 +595,25 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig) } break; case rsaKey: + { + SECItem digest; + digest.data = final; + digest.len = part; if (sig) { - SECOidTag hashid = SEC_OID_UNKNOWN; - rv = DecryptSigBlock(&hashid, cx->u.buffer, &cx->rsadigestlen, - HASH_LENGTH_MAX, cx->key, sig, (char*)cx->wincx); - if ((rv != SECSuccess) || (hashid != cx->hashAlg)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + SECOidTag hashid; + PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN); + rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid, + &cx->pkcs1RSADigestInfo, + &cx->pkcs1RSADigestInfoLen, + cx->key, + sig, cx->wincx); + PORT_Assert(cx->hashAlg == hashid); + if (rv != SECSuccess) { return SECFailure; } } - if ((part != cx->rsadigestlen) || - PORT_Memcmp(final, cx->u.buffer, part)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - break; + return verifyPKCS1DigestInfo(cx, &digest); + } default: PORT_SetError(SEC_ERROR_BAD_SIGNATURE); return SECFailure; /* shouldn't happen */ @@ -595,12 +646,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, if (cx != NULL) { switch (key->keyType) { case rsaKey: - if ((digest->len != cx->rsadigestlen) || - PORT_Memcmp(digest->data, cx->u.buffer, digest->len)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - } else { - rv = SECSuccess; - } + rv = verifyPKCS1DigestInfo(cx, digest); break; case dsaKey: case ecKey: diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index ec6a7698..68fcddfe 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -141,6 +141,9 @@ else DEFINES += -DUSE_HW_AES -DINTEL_GCM ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm EXTRA_SRCS += intel-gcm-wrap.c + ifeq ($(CLANG_CL),1) + INTEL_GCM_CLANG_CL = 1 + endif endif endif else @@ -668,3 +671,10 @@ ifneq (,$(findstring clang,$(shell $(AS) --version))) $(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as endif endif + +ifdef INTEL_GCM_CLANG_CL +# +# clang-cl needs -mssse3 +# +$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3 +endif diff --git a/security/nss/lib/freebl/cts.c b/security/nss/lib/freebl/cts.c index 74cdc0be..5d4ed18b 100644 --- a/security/nss/lib/freebl/cts.c +++ b/security/nss/lib/freebl/cts.c @@ -239,7 +239,6 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, return SECSuccess; } outbuf += fullblocks; - maxout -= fullblocks; /* recover the stolen text */ PORT_Memset(lastBlock, 0, blocksize); diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index ca53c1ae..6af242dc 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -870,6 +870,11 @@ cleanup: /* ** Checks the signature on the given digest using the key provided. +** +** The key argument must represent a valid EC public key (a point on +** the relevant curve). If it is not a valid point, then the behavior +** of this function is undefined. In cases where a public key might +** not be valid, use EC_ValidatePublicKey to check. */ SECStatus ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, diff --git a/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm b/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm index ead73bbe..cb432583 100644 --- a/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm +++ b/security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm @@ -7863,13 +7863,13 @@ s_mp_sqr_comba_4 PROC mov rsi, rdx push rbp + push rbx sub rsp, 80 mov r11, rsi xor esi, esi mov r10, rsi mov rbp, rsi mov r8, rsi - push rbx mov rbx, rsi mov rcx, qword ptr [16+rdi] mov rdi, rsi diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index cc7d4fee..498cc96b 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -97,8 +97,8 @@ static struct RSABlindingParamsListStr blindingParamsList = { 0 }; static PRBool nssRSAUseBlinding = PR_TRUE; static SECStatus -rsa_build_from_primes(mp_int *p, mp_int *q, - mp_int *e, PRBool needPublicExponent, +rsa_build_from_primes(const mp_int *p, const mp_int *q, + mp_int *e, PRBool needPublicExponent, mp_int *d, PRBool needPrivateExponent, RSAPrivateKey *key, unsigned int keySizeInBits) { @@ -116,6 +116,12 @@ rsa_build_from_primes(mp_int *p, mp_int *q, CHECK_MPI_OK( mp_init(&psub1) ); CHECK_MPI_OK( mp_init(&qsub1) ); CHECK_MPI_OK( mp_init(&tmp) ); + /* p and q must be distinct. */ + if (mp_cmp(p, q) == 0) { + PORT_SetError(SEC_ERROR_NEED_RANDOM); + rv = SECFailure; + goto cleanup; + } /* 1. Compute n = p*q */ CHECK_MPI_OK( mp_mul(p, q, &n) ); /* verify that the modulus has the desired number of bits */ @@ -280,7 +286,11 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PORT_SetError(0); CHECK_SEC_OK( generate_prime(&p, primeLen) ); CHECK_SEC_OK( generate_prime(&q, primeLen) ); - /* Assure q < p */ + /* Assure p > q */ + /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any + * implementation optimization that requires p > q. We can remove + * this code in the future. + */ if (mp_cmp(&p, &q) < 0) mp_exch(&p, &q); /* Attempt to use these primes to generate a key */ @@ -762,7 +772,11 @@ RSA_PopulatePrivateKey(RSAPrivateKey *key) } } - /* force p to the the larger prime */ + /* Assure p > q */ + /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any + * implementation optimization that requires p > q. We can remove + * this code in the future. + */ if (mp_cmp(&p, &q) < 0) mp_exch(&p, &q); @@ -1093,7 +1107,7 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, { RSABlindingParams *rsabp = NULL; blindingParams *bpUnlinked = NULL; - blindingParams *bp, *prevbp = NULL; + blindingParams *bp; PRCList *el; SECStatus rv = SECSuccess; mp_err err = MP_OKAY; @@ -1183,7 +1197,6 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, } /* We did not find a usable set of blinding params. Can we make one? */ /* Find a free bp struct. */ - prevbp = NULL; if ((bp = rsabp->free) != NULL) { /* unlink this bp */ rsabp->free = bp->next; @@ -1400,8 +1413,8 @@ RSA_PrivateKeyCheck(const RSAPrivateKey *key) SECITEM_TO_MPINT(key->exponent1, &d_p); SECITEM_TO_MPINT(key->exponent2, &d_q); SECITEM_TO_MPINT(key->coefficient, &qInv); - /* p > q */ - if (mp_cmp(&p, &q) <= 0) { + /* p and q must be distinct. */ + if (mp_cmp(&p, &q) == 0) { rv = SECFailure; goto cleanup; } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c index 4bbf618e..4f29de28 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c @@ -122,7 +122,7 @@ pkix_pl_CrlDp_Create( if (!rdnArena) { PKIX_ERROR(PKIX_PORTARENAALLOCFAILED); } - issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName*); + issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName); if (!issuerNameCopy) { PKIX_ERROR(PKIX_ALLOCERROR); } diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 6f6b6708..48bb2f22 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1062,3 +1062,9 @@ PK11_PrivDecrypt; ;+ local: ;+ *; ;+}; +;+NSS_3.18 { # NSS 3.18 release +;+ global: +PK11_SetCertificateNickname; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 4d3d1f5e..6121563f 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,9 +33,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.16.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.17.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 16 +#define NSS_VMINOR 17 #define NSS_VPATCH 2 #define NSS_VBUILD 1 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c index a748e524..c1fe55c5 100644 --- a/security/nss/lib/pk11wrap/dev3hack.c +++ b/security/nss/lib/pk11wrap/dev3hack.c @@ -92,14 +92,14 @@ nssSession_Destroy nssSession *s ) { - CK_RV ckrv = CKR_OK; + PRStatus rv = PR_SUCCESS; if (s) { if (s->isRW) { PK11_RestoreROSession(s->slot->pk11slot, s->handle); } - nss_ZFreeIf(s); + rv = nss_ZFreeIf(s); } - return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE; + return rv; } static NSSSlot * diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 3f3edb11..c4250c64 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -982,12 +982,10 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, */ nssPKIObject_AddInstance(&c->object, certobj); /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and - * replace 'c' by a different value. So we add a reference to 'c' to + * replace 'c' with a different value. So we add a reference to 'c' to * prevent 'c' from being destroyed. */ nssCertificate_AddRef(c); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); - /* XXX should we pass the original value of 'c' to - * STAN_ForceCERTCertificateUpdate? */ (void)STAN_ForceCERTCertificateUpdate(c); nssCertificate_Destroy(c); SECITEM_FreeItem(keyID,PR_TRUE); @@ -2155,7 +2153,6 @@ PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, const SECItem *inDerCert, { NSSDER derCert; NSSToken *tok; - NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); nssCryptokiObject *co = NULL; SECStatus rv; @@ -2689,3 +2686,14 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg) nssCryptokiObjectArray_Destroy(instances); return slotList; } + +SECStatus +PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) +{ + /* Can't set nickname of temp cert. */ + if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { + return SEC_ERROR_INVALID_ARGS; + } + return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); +} + diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index f0bf2c88..709ce21e 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -458,6 +458,8 @@ SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname); SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname); +SECStatus PK11_SetCertificateNickname(CERTCertificate *cert, + const char *nickname); /* size to hold key in bytes */ unsigned int PK11_GetKeyLength(PK11SymKey *key); diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 58ff5da9..4a384ad5 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -1185,7 +1185,7 @@ end_wait: SECStatus SECMOD_CancelWait(SECMODModule *mod) { - unsigned long controlMask = mod->evControlMask; + unsigned long controlMask; SECStatus rv = SECSuccess; CK_RV crv; diff --git a/security/nss/lib/softoken/legacydb/lowcert.c b/security/nss/lib/softoken/legacydb/lowcert.c index 0b0540bc..a8191d87 100644 --- a/security/nss/lib/softoken/legacydb/lowcert.c +++ b/security/nss/lib/softoken/legacydb/lowcert.c @@ -447,7 +447,7 @@ nsslowcert_EmailName(SECItem *derDN, char *space, unsigned int len) name=nsslowcert_dataStart(ava, ava_length, &name_length, PR_FALSE, NULL); - if (oid == NULL) { return NULL; } + if (name == NULL) { return NULL; } ava_length -= (name-ava)+name_length; ava = name+name_length; diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 58fe27af..5f767006 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -4733,7 +4733,6 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue SECItem *sn = &issuerAndSN->serialNumber; SECItem *issuer = &issuerAndSN->derIssuer; NSSLOWCERTCertificate *cert; - int data_left = sn->len-1; int data_len = sn->len; int index = 0; @@ -4743,7 +4742,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue if ((sn->len >= 3) && (sn->data[0] == 0x2)) { /* remove the der encoding of the serial number before generating the * key.. */ - data_left = sn->len-2; + int data_left = sn->len-2; data_len = sn->data[1]; index = 2; @@ -4818,7 +4817,6 @@ nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, SECItem *issuer = &issuerAndSN->derIssuer; NSSLOWCERTTrust *trust; unsigned char keyBuf[512]; - int data_left = sn->len-1; int data_len = sn->len; int index = 0; int len; @@ -4829,7 +4827,7 @@ nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, if ((sn->len >= 3) && (sn->data[0] == 0x2)) { /* remove the der encoding of the serial number before generating the * key.. */ - data_left = sn->len-2; + int data_left = sn->len-2; data_len = sn->data[1]; index = 2; diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 6fa4e4ec..bd7c4bd5 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -969,6 +969,17 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object, } object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey; + /* Check that an imported EC key is valid */ + if (key_type == CKK_EC) { + NSSLOWKEYPublicKey *pubKey = (NSSLOWKEYPublicKey*) object->objectInfo; + SECStatus rv = EC_ValidatePublicKey(&pubKey->u.ec.ecParams, + &pubKey->u.ec.publicValue); + + if (rv != SECSuccess) { + return CKR_TEMPLATE_INCONSISTENT; + } + } + if (sftk_isTrue(object,CKA_TOKEN)) { SFTKSlot *slot = session->slot; SFTKDBHandle *certHandle = sftk_getCertDB(slot); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 8f50882a..fc050f35 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -23,6 +23,7 @@ #include "blapi.h" #include "pkcs11.h" #include "pkcs11i.h" +#include "pkcs1sig.h" #include "lowkeyi.h" #include "secder.h" #include "secdig.h" @@ -2856,65 +2857,42 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, const unsigned char *sig, } SECStatus -RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, +RSA_HashCheckSign(SECOidTag digestOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, - const unsigned char *hash, unsigned int hashLen) + const unsigned char *digestData, unsigned int digestLen) { - SECItem it; - SGNDigestInfo *di = NULL; - SECStatus rv = SECSuccess; + unsigned char *pkcs1DigestInfoData; + SECItem pkcs1DigestInfo; + SECItem digest; + unsigned int bufferSize; + SECStatus rv; - it.data = NULL; - it.len = nsslowkey_PublicModulusLen(key); - if (!it.len) { - goto loser; - } - - it.data = (unsigned char *)PORT_Alloc(it.len); - if (it.data == NULL) { - goto loser; + /* pkcs1DigestInfo.data must be less than key->u.rsa.modulus.len */ + bufferSize = key->u.rsa.modulus.len; + pkcs1DigestInfoData = PORT_ZAlloc(bufferSize); + if (!pkcs1DigestInfoData) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; } + pkcs1DigestInfo.data = pkcs1DigestInfoData; + pkcs1DigestInfo.len = bufferSize; + /* decrypt the block */ - rv = RSA_CheckSignRecover(&key->u.rsa, it.data, &it.len, it.len, sig, - sigLen); + rv = RSA_CheckSignRecover(&key->u.rsa, pkcs1DigestInfo.data, + &pkcs1DigestInfo.len, pkcs1DigestInfo.len, + sig, sigLen); if (rv != SECSuccess) { - goto loser; - } - - di = SGN_DecodeDigestInfo(&it); - if (di == NULL) { - goto loser; - } - if (di->digest.len != hashLen) { - goto loser; - } - - /* make sure the tag is OK */ - if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { - goto loser; - } - /* make sure the "parameters" are not too bogus. */ - if (di->digestAlgorithm.parameters.len > 2) { - goto loser; - } - /* Now check the signature */ - if (PORT_Memcmp(hash, di->digest.data, di->digest.len) == 0) { - goto done; - } - - loser: - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - rv = SECFailure; - - done: - if (it.data != NULL) { - PORT_Free(it.data); - } - if (di != NULL) { - SGN_DestroyDigestInfo(di); + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + } else { + digest.data = (PRUint8*) digestData; + digest.len = digestLen; + rv = _SGN_VerifyPKCS1DigestInfo( + digestOid, &digest, &pkcs1DigestInfo, + PR_TRUE /*XXX: unsafeAllowMissingParameters*/); } + PORT_Free(pkcs1DigestInfoData); return rv; } diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 8fed46d2..fd8ad58d 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,9 +25,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.16.2.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.17.2.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 16 +#define SOFTOKEN_VMINOR 17 #define SOFTOKEN_VPATCH 2 #define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index bbe2bd9b..174037b1 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -418,3 +418,7 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129), ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), "The server supports no protocols that the client advertises in the ALPN extension.") + +ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131), +"The server rejected the handshake because the client downgraded to a lower " +"TLS version than the server supports.") diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk index da8b9ef7..40b1c301 100644 --- a/security/nss/lib/ssl/config.mk +++ b/security/nss/lib/ssl/config.mk @@ -7,6 +7,11 @@ ifdef NISCC_TEST DEFINES += -DNISCC_TEST endif +# Allow build-time configuration of TLS 1.3 (Experimental) +ifdef NSS_ENABLE_TLS_1_3 +DEFINES += -DNSS_ENABLE_TLS_1_3 +endif + ifdef NSS_NO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS else diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 4e384619..89315eee 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -52,6 +52,7 @@ static const ssl3CipherSuite nonDTLSSuites[] = { * TLS DTLS * 1.1 (0302) 1.0 (feff) * 1.2 (0303) 1.2 (fefd) + * 1.3 (0304) 1.3 (fefc) */ SSL3ProtocolVersion dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv) @@ -62,6 +63,9 @@ dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv) if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) { return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE; } + if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) { + return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE; + } /* Anything other than TLS 1.1 or 1.2 is an error, so return * the invalid version 0xffff. */ @@ -85,6 +89,9 @@ dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv) if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) { return SSL_LIBRARY_VERSION_TLS_1_2; } + if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) { + return SSL_LIBRARY_VERSION_TLS_1_3; + } /* Return a fictional higher version than we know of */ return SSL_LIBRARY_VERSION_TLS_1_2 + 1; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 35418e38..91a47a69 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -182,6 +182,15 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_ENABLE_ALPN 26 +/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is + * reused for multiple handshakes or generated each time. + * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default. + */ +#define SSL_REUSE_SERVER_ECDHE_KEY 27 + +#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in + * handshakes. */ + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 01164e5e..c6d1e0e5 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -215,7 +215,10 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression) return PR_TRUE; /* Always enabled */ #ifdef NSS_ENABLE_ZLIB case ssl_compression_deflate: - return ss->opt.enableDeflate; + if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { + return ss->opt.enableDeflate; + } + return PR_FALSE; #endif default: return PR_FALSE; @@ -637,14 +640,16 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_AES_256_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_NULL_SHA256: + return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; + + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and @@ -669,10 +674,11 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0; + return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 && + vrange->min < SSL_LIBRARY_VERSION_TLS_1_3; default: - return PR_TRUE; + return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3; } } @@ -3352,6 +3358,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf) case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT; break; case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break; + case inappropriate_fallback: + error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT; + break; /* All alerts below are TLS only. */ case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break; @@ -4873,6 +4882,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) int num_suites; int actual_count = 0; PRBool isTLS = PR_FALSE; + PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE; PRInt32 total_exten_len = 0; unsigned paddingExtensionLen; unsigned numCompressionMethods; @@ -5015,6 +5025,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } if (sid) { + requestingResume = PR_TRUE; SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits ); PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID, @@ -5105,7 +5116,6 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } return SECFailure; } - maxBytes -= extLen; total_exten_len += extLen; if (total_exten_len > 0) @@ -5129,8 +5139,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } return SECFailure; /* count_cipher_suites has set error code. */ } + + fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume || + ss->version < sid->version); + /* make room for SCSV */ if (ss->ssl3.hs.sendingSCSV) { - ++num_suites; /* make room for SCSV */ + ++num_suites; + } + if (fallbackSCSV) { + ++num_suites; } /* count compression methods */ @@ -5236,6 +5253,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } actual_count++; } + if (fallbackSCSV) { + rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, + sizeof(ssl3CipherSuite)); + if (rv != SECSuccess) { + if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } + return rv; /* err set by ssl3_AppendHandshake* */ + } + actual_count++; + } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { @@ -7711,12 +7737,31 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto loser; /* malformed */ } + /* If the ClientHello version is less than our maximum version, check for a + * TLS_FALLBACK_SCSV and reject the connection if found. */ + if (ss->vrange.max > ss->clientHelloVersion) { + for (i = 0; i + 1 < suites.len; i += 2) { + PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1]; + if (suite_i != TLS_FALLBACK_SCSV) + continue; + desc = inappropriate_fallback; + errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT; + goto alert_loser; + } + } + /* grab the list of compression methods. */ rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed */ } + /* TLS 1.3 requires that compression be empty */ + if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) { + if (comps.len != 1 || comps.data[0] != ssl_compression_null) { + goto loser; + } + } desc = handshake_failure; /* Handle TLS hello extensions for SSL3 & TLS. We do not know if @@ -9379,6 +9424,10 @@ skip: } rv = ssl3_HandleECDHClientKeyExchange(ss, b, length, serverPubKey, serverKey); + if (ss->ephemeralECDHKeyPair) { + ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); + ss->ephemeralECDHKeyPair = NULL; + } if (rv != SECSuccess) { return SECFailure; /* error code set */ } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index e8ee5901..555c89dc 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -505,28 +505,21 @@ ssl3_ECRegister(void) return (PRStatus)rv; } -/* CallOnce function, called once for each named curve. */ -static PRStatus -ssl3_CreateECDHEphemeralKeyPair(void * arg) +/* Create an ECDHE key pair for a given curve */ +static SECStatus +ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair) { SECKEYPrivateKey * privKey = NULL; SECKEYPublicKey * pubKey = NULL; - ssl3KeyPair * keyPair = NULL; - ECName ec_curve = (ECName)arg; SECKEYECParams ecParams = { siBuffer, NULL, 0 }; - PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL); - - /* ok, no one has generated a global key for this curve yet, do so */ if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) { - gECDHEKeyPairs[ec_curve].error = PORT_GetError(); - return PR_FAILURE; + return SECFailure; } - privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL); SECITEM_FreeItem(&ecParams, PR_FALSE); - if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) { + if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) { if (privKey) { SECKEY_DestroyPrivateKey(privKey); } @@ -534,6 +527,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg) SECKEY_DestroyPublicKey(pubKey); } ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + return SECFailure; + } + + return SECSuccess; +} + +/* CallOnce function, called once for each named curve. */ +static PRStatus +ssl3_CreateECDHEphemeralKeyPairOnce(void * arg) +{ + ECName ec_curve = (ECName)arg; + ssl3KeyPair * keyPair = NULL; + + PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL); + + /* ok, no one has generated a global key for this curve yet, do so */ + if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) { gECDHEKeyPairs[ec_curve].error = PORT_GetError(); return PR_FAILURE; } @@ -566,7 +576,7 @@ ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve) return SECFailure; } status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once, - ssl3_CreateECDHEphemeralKeyPair, + ssl3_CreateECDHEphemeralKeyPairOnce, (void *)ec_curve); if (status != PR_SUCCESS) { PORT_SetError(gECDHEKeyPairs[ec_curve].error); @@ -759,10 +769,16 @@ ssl3_SendECDHServerKeyExchange( if (curve == ec_noName) { goto loser; } - rv = ssl3_CreateECDHEphemeralKeys(ss, curve); - if (rv != SECSuccess) { - goto loser; /* err set by AppendHandshake. */ + + if (ss->opt.reuseServerECDHEKey) { + rv = ssl3_CreateECDHEphemeralKeys(ss, curve); + } else { + rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair); } + if (rv != SECSuccess) { + goto loser; + } + ecdhePub = ss->ephemeralECDHKeyPair->pubKey; PORT_Assert(ecdhePub != NULL); if (!ecdhePub) { diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 1d1f39cc..247f1f8f 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -82,6 +82,11 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type, + SECItem *data); + /* * Write bytes. Using this function means the SECItem structure * cannot be freed. The caller is expected to call this function @@ -245,6 +250,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, + { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, { -1, NULL } }; @@ -286,7 +292,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, - { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, + { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, /* any extra entries will appear as { 0, NULL } */ }; @@ -2421,3 +2428,93 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, return extensionLen; } + +/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft + * version extension. + * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ +static PRInt32 +ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +{ + PRInt32 extension_length; + + if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) { + return 0; + } + + extension_length = 6; /* Type + length + number */ + if (append && maxBytes >= extension_length) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_tls13_draft_version_xtn; + } else if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; + } + + return extension_length; + +loser: + return -1; +} + +/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft + * version extension. + * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ +static SECStatus +ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data) +{ + PRInt32 draft_version; + + /* Ignore this extension if we aren't doing TLS 1.3 */ + if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) { + return SECSuccess; + } + + if (data->len != 2) + goto loser; + + /* Get the draft version out of the handshake */ + draft_version = ssl3_ConsumeHandshakeNumber(ss, 2, + &data->data, &data->len); + if (draft_version < 0) { + goto loser; + } + + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + + /* Compare the version */ + if (draft_version != TLS_1_3_DRAFT_VERSION) { + SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), " + "expected %d", + SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION)); + goto loser; + } + + return SECSuccess; + +loser: + /* + * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. + * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back + * here. Need to double-check. + * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions. + * because SECFailure does not cause handshake failures. See bug + * 753136. + */ + SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd)); + ss->version = SSL_LIBRARY_VERSION_TLS_1_2; + + return SECSuccess; +} + diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index 4d4aa10b..485d7dd3 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -14,6 +14,11 @@ typedef PRUint8 SSL3Opaque; typedef PRUint16 SSL3ProtocolVersion; /* version numbers are defined in sslproto.h */ +/* The TLS 1.3 draft version. Used to avoid negotiating + * between incompatible pre-standard TLS 1.3 drafts. + * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ +#define TLS_1_3_DRAFT_VERSION 3 + typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ @@ -98,6 +103,7 @@ typedef enum { protocol_version = 70, insufficient_security = 71, internal_error = 80, + inappropriate_fallback = 86, /* could also be sent for SSLv3 */ user_canceled = 90, no_renegotiation = 100, diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 891b4099..8c5a5ad3 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -428,7 +428,6 @@ ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey, int cipherChoice) { switch (cipherChoice) { - case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: case SSL_CK_RC2_128_CBC_WITH_MD5: case SSL_CK_RC4_128_EXPORT40_WITH_MD5: @@ -436,8 +435,10 @@ ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey, case SSL_CK_DES_64_CBC_WITH_MD5: case SSL_CK_DES_192_EDE3_CBC_WITH_MD5: sec->hash = HASH_GetHashObject(HASH_AlgMD5); - SECITEM_CopyItem(0, &sec->sendSecret, writeKey); - SECITEM_CopyItem(0, &sec->rcvSecret, readKey); + if (SECITEM_CopyItem(0, &sec->sendSecret, writeKey) || + SECITEM_CopyItem(0, &sec->rcvSecret, readKey)) { + return SECFailure; + } break; default: diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 38520859..12dbb1d8 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -196,6 +196,8 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128), SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129), SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), +SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index af3c1918..858ae0cc 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -326,6 +326,8 @@ typedef struct sslOptionsStr { unsigned int enableOCSPStapling : 1; /* 25 */ unsigned int enableNPN : 1; /* 26 */ unsigned int enableALPN : 1; /* 27 */ + unsigned int reuseServerECDHEKey : 1; /* 28 */ + unsigned int enableFallbackSCSV : 1; /* 29 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -1534,7 +1536,11 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, * runtime to determine which versions are supported by the version of libssl * in use. */ +#ifdef NSS_ENABLE_TLS_1_3 +#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3 +#else #define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2 +#endif /* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */ #define SSL3_ALL_VERSIONS_DISABLED(vrange) \ diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 7a283c73..e02442c0 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -16,9 +16,12 @@ #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301 #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302 #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303 +#define SSL_LIBRARY_VERSION_TLS_1_3 0x0304 + /* Note: this is the internal format, not the wire format */ #define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302 #define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303 +#define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304 /* deprecated old name */ #define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0 @@ -26,6 +29,7 @@ /* The DTLS versions used in the spec */ #define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff) #define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff) +#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff) /* Header lengths of some of the messages */ #define SSL_HL_ERROR_HBYTES 3 @@ -208,6 +212,11 @@ */ #define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF +/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a + * handshake is the result of TLS version fallback. + */ +#define TLS_FALLBACK_SCSV 0x5600 + /* Cipher Suite Values starting with 0xC000 are defined in informational * RFCs. */ diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index a32e3d54..ea2d4080 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -968,11 +968,9 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os) ss->sec.hashcx = NULL; } - SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret); - if (os->sec.sendSecret.data && !ss->sec.sendSecret.data) + if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret)) goto loser; - SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret); - if (os->sec.rcvSecret.data && !ss->sec.rcvSecret.data) + if (SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret)) goto loser; /* XXX following code is wrong if either cx != 0 */ diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index ee357b63..dfa7a2c7 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -80,7 +80,9 @@ static sslOptions ssl_defaults = { PR_TRUE, /* cbcRandomIV */ PR_FALSE, /* enableOCSPStapling */ PR_TRUE, /* enableNPN */ - PR_FALSE /* enableALPN */ + PR_FALSE, /* enableALPN */ + PR_TRUE, /* reuseServerECDHEKey */ + PR_FALSE /* enableFallbackSCSV */ }; /* @@ -784,6 +786,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableALPN = on; break; + case SSL_REUSE_SERVER_ECDHE_KEY: + ss->opt.reuseServerECDHEKey = on; + break; + + case SSL_ENABLE_FALLBACK_SCSV: + ss->opt.enableFallbackSCSV = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -856,6 +866,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break; case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break; + case SSL_REUSE_SERVER_ECDHE_KEY: + on = ss->opt.reuseServerECDHEKey; break; + case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -919,6 +932,12 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) break; case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break; case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break; + case SSL_REUSE_SERVER_ECDHE_KEY: + on = ssl_defaults.reuseServerECDHEKey; + break; + case SSL_ENABLE_FALLBACK_SCSV: + on = ssl_defaults.enableFallbackSCSV; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1094,6 +1113,14 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableALPN = on; break; + case SSL_REUSE_SERVER_ECDHE_KEY: + ssl_defaults.reuseServerECDHEKey = on; + break; + + case SSL_ENABLE_FALLBACK_SCSV: + ssl_defaults.enableFallbackSCSV = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index c22c820c..1d28feb1 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -191,9 +191,10 @@ typedef enum { ssl_padding_xtn = 21, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, - ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ + ssl_renegotiation_info_xtn = 0xff01, + ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */ +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ #endif /* __sslt_h_ */ diff --git a/security/nss/lib/util/manifest.mn b/security/nss/lib/util/manifest.mn index ed54a162..9ff3758f 100644 --- a/security/nss/lib/util/manifest.mn +++ b/security/nss/lib/util/manifest.mn @@ -22,6 +22,7 @@ EXPORTS = \ pkcs11t.h \ pkcs11n.h \ pkcs11u.h \ + pkcs1sig.h \ portreg.h \ secasn1.h \ secasn1t.h \ @@ -58,6 +59,7 @@ CSRCS = \ nssrwlk.c \ nssilock.c \ oidstring.c \ + pkcs1sig.c \ portreg.c \ secalgid.c \ secasn1d.c \ diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def index 86a0ad7e..9d98df22 100644 --- a/security/nss/lib/util/nssutil.def +++ b/security/nss/lib/util/nssutil.def @@ -271,3 +271,9 @@ SECITEM_ZfreeArray; ;+ local: ;+ *; ;+}; +;+NSSUTIL_3.17.1 { # NSS Utilities 3.17.1 release +;+ global: +_SGN_VerifyPKCS1DigestInfo; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index ac771b6c..34efdea0 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,9 +19,9 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.16.2.1" +#define NSSUTIL_VERSION "3.17.2.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 16 +#define NSSUTIL_VMINOR 17 #define NSSUTIL_VPATCH 2 #define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/pkcs1sig.c b/security/nss/lib/util/pkcs1sig.c new file mode 100644 index 00000000..03b16f50 --- /dev/null +++ b/security/nss/lib/util/pkcs1sig.c @@ -0,0 +1,169 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "pkcs1sig.h" +#include "hasht.h" +#include "secerr.h" +#include "secasn1t.h" +#include "secoid.h" + +typedef struct pkcs1PrefixStr pkcs1Prefix; +struct pkcs1PrefixStr { + unsigned int len; + PRUint8 *data; +}; + +typedef struct pkcs1PrefixesStr pkcs1Prefixes; +struct pkcs1PrefixesStr { + unsigned int digestLen; + pkcs1Prefix prefixWithParams; + pkcs1Prefix prefixWithoutParams; +}; + +/* The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on + * the possible prefix encodings as explained below. + */ +#define MAX_PREFIX_LEN_EXCLUDING_OID 10 + +static SECStatus +encodePrefix(const SECOidData *hashOid, unsigned int digestLen, + pkcs1Prefix *prefix, PRBool withParams) +{ + /* with params coding is: + * Sequence (2 bytes) { + * Sequence (2 bytes) { + * Oid (2 bytes) { + * Oid value (derOid->oid.len) + * } + * NULL (2 bytes) + * } + * OCTECT (2 bytes); + * + * without params coding is: + * Sequence (2 bytes) { + * Sequence (2 bytes) { + * Oid (2 bytes) { + * Oid value (derOid->oid.len) + * } + * } + * OCTECT (2 bytes); + */ + + unsigned int innerSeqLen = 2 + hashOid->oid.len; + unsigned int outerSeqLen = 2 + innerSeqLen + 2 + digestLen; + unsigned int extra = 0; + + if (withParams) { + innerSeqLen += 2; + outerSeqLen += 2; + extra = 2; + } + + if (innerSeqLen >= 128 || + outerSeqLen >= 128 || + (outerSeqLen + 2 - digestLen) > + (MAX_PREFIX_LEN_EXCLUDING_OID + hashOid->oid.len)) { + /* this is actually a library failure, It shouldn't happen */ + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + prefix->len = 6 + hashOid->oid.len + extra + 2; + prefix->data = PORT_Alloc(prefix->len); + if (!prefix->data) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + + prefix->data[0] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED; + prefix->data[1] = outerSeqLen; + prefix->data[2] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED; + prefix->data[3] = innerSeqLen; + prefix->data[4] = SEC_ASN1_OBJECT_ID; + prefix->data[5] = hashOid->oid.len; + PORT_Memcpy(&prefix->data[6], hashOid->oid.data, hashOid->oid.len); + if (withParams) { + prefix->data[6 + hashOid->oid.len] = SEC_ASN1_NULL; + prefix->data[6 + hashOid->oid.len + 1] = 0; + } + prefix->data[6 + hashOid->oid.len + extra] = SEC_ASN1_OCTET_STRING; + prefix->data[6 + hashOid->oid.len + extra + 1] = digestLen; + + return SECSuccess; +} + +SECStatus +_SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg, + const SECItem* digest, + const SECItem* dataRecoveredFromSignature, + PRBool unsafeAllowMissingParameters) +{ + SECOidData *hashOid; + pkcs1Prefixes pp; + const pkcs1Prefix* expectedPrefix; + SECStatus rv, rv2, rv3; + + if (!digest || !digest->data || + !dataRecoveredFromSignature || !dataRecoveredFromSignature->data) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + hashOid = SECOID_FindOIDByTag(digestAlg); + if (hashOid == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + pp.digestLen = digest->len; + pp.prefixWithParams.data = NULL; + pp.prefixWithoutParams.data = NULL; + + rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE); + rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE); + + rv = SECSuccess; + if (rv2 != SECSuccess || rv3 != SECSuccess) { + rv = SECFailure; + } + + if (rv == SECSuccess) { + /* We don't attempt to avoid timing attacks on these comparisons because + * signature verification is a public key operation, not a private key + * operation. + */ + + if (dataRecoveredFromSignature->len == + pp.prefixWithParams.len + pp.digestLen) { + expectedPrefix = &pp.prefixWithParams; + } else if (unsafeAllowMissingParameters && + dataRecoveredFromSignature->len == + pp.prefixWithoutParams.len + pp.digestLen) { + expectedPrefix = &pp.prefixWithoutParams; + } else { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + rv = SECFailure; + } + } + + if (rv == SECSuccess) { + if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data, + expectedPrefix->len) || + memcmp(dataRecoveredFromSignature->data + expectedPrefix->len, + digest->data, digest->len)) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + rv = SECFailure; + } + } + + if (pp.prefixWithParams.data) { + PORT_Free(pp.prefixWithParams.data); + } + if (pp.prefixWithoutParams.data) { + PORT_Free(pp.prefixWithoutParams.data); + } + + return rv; +} diff --git a/security/nss/lib/util/pkcs1sig.h b/security/nss/lib/util/pkcs1sig.h new file mode 100644 index 00000000..7c52b157 --- /dev/null +++ b/security/nss/lib/util/pkcs1sig.h @@ -0,0 +1,30 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#ifndef _PKCS1SIG_H_ +#define _PKCS1SIG_H_ + +#include "hasht.h" +#include "seccomon.h" +#include "secoidt.h" + +/* SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct + * for the given algorithm, then verifies that the recovered data from the + * PKCS#1 signature is a properly-formatted DigestInfo that identifies the + * given digest algorithm, then verifies that the digest in the DigestInfo + * matches the given digest. + * + * dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover + * or equivalent. + * + * If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo + * without the mandatory ASN.1 NULL parameter will also be accepted. + */ +SECStatus _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg, + const SECItem* digest, + const SECItem* dataRecoveredFromSignature, + PRBool unsafeAllowMissingParameters); + +#endif /* _PKCS1SIG_H_ */ diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index 6f518ddf..f9776bb9 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -16,55 +16,110 @@ */ static unsigned char* definite_length_decoder(const unsigned char *buf, - const unsigned int length, - unsigned int *data_length, + const unsigned int buf_length, + unsigned int *out_data_length, PRBool includeTag) { unsigned char tag; - unsigned int used_length= 0; - unsigned int data_len; + unsigned int used_length = 0; + unsigned int data_length = 0; + unsigned char length_field_len = 0; + unsigned char byte; + unsigned int i; - if (used_length >= length) + if (used_length >= buf_length) { + /* Tag field was not found! */ return NULL; } tag = buf[used_length++]; - /* blow out when we come to the end */ if (tag == 0) { + /* End-of-contents octects should not be present in DER because + DER doesn't use the indefinite length form. */ return NULL; } - if (used_length >= length) + if ((tag & 0x1F) == 0x1F) { + /* High tag number (a tag number > 30) is not supported */ return NULL; } - data_len = buf[used_length++]; - if (data_len&0x80) + if (used_length >= buf_length) { - int len_count = data_len & 0x7f; + /* Length field was not found! */ + return NULL; + } + byte = buf[used_length++]; - data_len = 0; - - while (len_count-- > 0) + if (!(byte & 0x80)) + { + /* Short form: The high bit is not set. */ + data_length = byte; /* clarity; we're returning a 32-bit int. */ + } + else + { + /* Long form. Extract the field length */ + length_field_len = byte & 0x7F; + if (length_field_len == 0) { - if (used_length >= length) + /* DER doesn't use the indefinite length form. */ + return NULL; + } + + if (length_field_len > sizeof(data_length)) + { + /* We don't support an extended length field longer than + 4 bytes (2^32) */ + return NULL; + } + + if (length_field_len > (buf_length - used_length)) + { + /* Extended length field was not found */ + return NULL; + } + + /* Iterate across the extended length field */ + for (i = 0; i < length_field_len; i++) + { + byte = buf[used_length++]; + data_length = (data_length << 8) | byte; + + if (i == 0) { - return NULL; + PRBool too_long = PR_FALSE; + if (length_field_len == 1) + { + too_long = ((byte & 0x80) == 0); /* Short form suffices */ + } + else + { + too_long = (byte == 0); /* This zero byte can be omitted */ + } + if (too_long) + { + /* The length is longer than needed. */ + return NULL; + } } - data_len = (data_len << 8) | buf[used_length++]; } } - if (data_len > (length-used_length) ) + if (data_length > (buf_length - used_length)) { + /* The decoded length exceeds the available buffer */ return NULL; } - if (includeTag) data_len += used_length; - *data_length = data_len; + if (includeTag) + { + data_length += used_length; + } + + *out_data_length = data_length; return ((unsigned char*)buf + (includeTag ? 0 : used_length)); } diff --git a/security/nss/tests/chains/scenarios/nameconstraints.cfg b/security/nss/tests/chains/scenarios/nameconstraints.cfg index d49e20e3..6eda441c 100644 --- a/security/nss/tests/chains/scenarios/nameconstraints.cfg +++ b/security/nss/tests/chains/scenarios/nameconstraints.cfg @@ -7,8 +7,8 @@ scenario TrustAnchors db trustanchors import NameConstraints.ca:x:CT,C,C -import NameConstraints.ncca:x:CT,C,C # Name Constrained CA: Name constrained to permited DNSName ".example" +import NameConstraints.ncca:x:CT,C,C import NameConstraints.dcisscopy:x:CT,C,C # Intermediate 1: Name constrained to permited DNSName ".example" diff --git a/security/nss/tests/libpkix/certs/make-nc b/security/nss/tests/libpkix/certs/make-nc index b32dd65e..aaab1edf 100644 --- a/security/nss/tests/libpkix/certs/make-nc +++ b/security/nss/tests/libpkix/certs/make-nc @@ -456,7 +456,7 @@ y n CERTSCRIPT -#the following cert MUST not pass +#the following cert MUST pass certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 < @@ -174,7 +174,7 @@ PRIntn main(PRIntn ac, char **av, char **ev) { "\nSSL Test Suite Version %d.%d.%d\n\ All Rights Reserved\n\ Usage: sslt [-c client_nickname] [-n server_nickname] [-p passwd] [-d] testid\n", -VERION_MAJOR, VERION_MINOR, VERSION_POINT); +VERSION_MAJOR, VERSION_MINOR, VERSION_POINT); exit(0); } From a572ea8ca34bf746a68d8fc520e20a662834d238 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Wed, 11 Jul 2018 22:42:30 +0800 Subject: [PATCH 09/20] cherry-picked mozilla NSS upstream changes (to rev 82de44ead36f, which is on par with 3.18): bug1095307, bug1073330(backout), bug1084986, bug1050069, bug942172, bug1054547, bug532081, bug1096348, bug1058870, bug1093940, bug1102985, bug1112461, bug1094492, bug112029, bug1119983, bug1120685, bug1120691, bug1113632, bug863076, bug1082973, bug1124539, bug1117617, bug1117621, bug1121273, bug753136, bug921684, bug1132818, bug1125375, bug647690, bug1055441, bug1134455, bug975010, bug950369, bug1128367, bug1129573, bug1136095, bug1117897, bug1113453, bug1061725, bug1073330, bug1111901, bug1083900, bug1136095, bug1138820, bug1096741, bug1134548, bug345725, bug950348, bug950344, bug1151037, bug991783, bug1153994 --- security/nss/cmd/certutil/certutil.c | 36 +- security/nss/cmd/certutil/keystuff.c | 3 - security/nss/cmd/crlutil/crlgen.c | 2 +- security/nss/cmd/lib/secutil.c | 40 ++ security/nss/cmd/lib/secutil.h | 3 + security/nss/cmd/pk12util/pk12util.c | 5 +- security/nss/cmd/platlibs.mk | 8 +- security/nss/cmd/pp/pp.c | 3 +- security/nss/cmd/tstclnt/manifest.mn | 1 + security/nss/cmd/tstclnt/tstclnt.c | 164 +++++- security/nss/coreconf/Darwin.mk | 19 + security/nss/coreconf/command.mk | 3 +- security/nss/coreconf/location.mk | 4 + security/nss/coreconf/rules.mk | 4 +- security/nss/doc/Makefile | 13 - security/nss/doc/certutil.xml | 19 +- security/nss/doc/html/certutil.html | 6 +- security/nss/doc/nroff/certutil.1 | 99 +++- security/nss/lib/certdb/cert.h | 23 +- security/nss/lib/certdb/certdb.c | 14 +- security/nss/lib/certdb/certdb.h | 15 + security/nss/lib/certdb/certi.h | 24 +- security/nss/lib/certdb/certt.h | 6 +- security/nss/lib/certdb/certv3.c | 136 ----- security/nss/lib/certdb/crl.c | 28 +- security/nss/lib/certdb/genname.c | 149 +++--- security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/ckfw/dbm/db.c | 3 +- security/nss/lib/ckfw/nssmkey/mobject.c | 2 +- security/nss/lib/freebl/ecl/README | 39 +- security/nss/lib/freebl/mpi/README | 39 +- security/nss/lib/freebl/mpi/doc/LICENSE-MPL | 38 +- security/nss/lib/freebl/mpi/mpmontg.c | 31 +- security/nss/lib/freebl/mpi/tests/LICENSE-MPL | 38 +- security/nss/lib/freebl/mpi/utils/LICENSE-MPL | 38 +- security/nss/lib/freebl/mpi/utils/README | 39 +- .../lib/libpkix/include/pkix_errorstrings.h | 1 - .../nss/lib/libpkix/include/pkix_revchecker.h | 4 +- .../pkix/checker/pkix_revocationchecker.c | 10 +- .../pkix/checker/pkix_revocationmethod.h | 5 +- .../nss/lib/libpkix/pkix/top/pkix_build.c | 19 +- .../module/pkix_pl_httpdefaultclient.c | 4 - .../libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h | 5 + .../pkix_pl_nss/pki/pkix_pl_publickey.c | 3 - .../pkix_pl_nss/pki/pkix_pl_x500name.c | 55 -- security/nss/lib/nss/nss.def | 10 +- security/nss/lib/nss/nss.h | 6 +- security/nss/lib/pk11wrap/pk11cert.c | 21 +- security/nss/lib/pk11wrap/pk11mech.c | 7 +- security/nss/lib/pk11wrap/pk11pub.h | 15 +- security/nss/lib/pkcs12/p12.h | 61 ++- security/nss/lib/pkcs12/p12d.c | 58 +++ security/nss/lib/pkcs12/p12local.c | 3 +- security/nss/lib/pki/pki3hack.c | 28 +- security/nss/lib/pki/pki3hack.h | 2 +- security/nss/lib/pki/pkistore.c | 30 +- security/nss/lib/pki/tdcache.c | 36 +- security/nss/lib/pki/trustdomain.c | 12 +- security/nss/lib/smime/smime.def | 6 + security/nss/lib/smime/smimeutil.c | 2 + security/nss/lib/softoken/config.mk | 6 +- security/nss/lib/softoken/fipstokn.c | 11 +- security/nss/lib/softoken/lowpbe.c | 8 +- security/nss/lib/softoken/sdb.c | 2 - security/nss/lib/softoken/softkver.h | 6 +- security/nss/lib/ssl/ssl3con.c | 70 ++- security/nss/lib/ssl/ssl3ecc.c | 41 +- security/nss/lib/ssl/ssl3ext.c | 487 ++++++++++-------- security/nss/lib/ssl/sslimpl.h | 1 + security/nss/lib/ssl/sslsock.c | 4 +- security/nss/lib/util/nssutil.h | 6 +- .../nss/pkg/solaris/common_files/copyright | 38 +- security/nss/tests/all.sh | 2 +- .../nss/tests/chains/scenarios/realcerts.cfg | 2 +- security/nss/tests/chains/scenarios/scenarios | 47 +- security/nss/tests/cipher/cipher.sh | 2 +- security/nss/tests/common/init.sh | 2 +- security/nss/tests/dbtests/dbtests.sh | 20 +- security/nss/tests/iopr/server_scr/config | 37 +- .../nss/tests/libpkix/certs/PayPalEE.cert | Bin 1531 -> 1382 bytes .../nss/tests/libpkix/certs/PayPalICA.cert | Bin 1512 -> 1205 bytes .../nss/tests/libpkix/certs/PayPalRootCA.cert | Bin 1249 -> 969 bytes security/nss/tests/libpkix/sample_apps/README | 39 +- security/nss/tests/libpkix/vfychain_test.lst | 2 +- security/nss/tests/memleak/memleak.sh | 3 +- security/nss/tests/ssl/sslcov.txt | 6 +- 86 files changed, 1201 insertions(+), 1142 deletions(-) diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 55b6a0c3..9bf78b7f 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -40,7 +40,7 @@ #define MIN_KEY_BITS 512 /* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */ #define MAX_KEY_BITS 8192 -#define DEFAULT_KEY_BITS 1024 +#define DEFAULT_KEY_BITS 2048 #define GEN_BREAK(e) rv=e; break; @@ -971,19 +971,19 @@ PrintSyntax(char *progName) FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName); FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name]\n" "\t\t [-f pwfile] [-0 SSO-password]\n", progName); - FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", + FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -B -i batch-file\n", progName); FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" + "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n" "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n" "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n" "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", + FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", progName); @@ -1010,14 +1010,15 @@ PrintSyntax(char *progName) progName); FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n"); FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); - FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", + FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n", progName); - FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); + FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" - "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile] [-g key-size]\n", + "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n" + "\t\t [-g key-size] [-Z hashAlg]\n", progName); FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-a]\n" "\t\t[-X] [-d certdir] [-P dbprefix]\n", @@ -1027,7 +1028,7 @@ PrintSyntax(char *progName) FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" + "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" @@ -1137,6 +1138,11 @@ static void luC(enum usage_level ul, const char *command) " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s \n" "%-20s Create key usage extension. Possible keywords:\n" "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n" @@ -1336,6 +1342,8 @@ static void luL(enum usage_level ul, const char *command) "-L"); if (ul == usage_selected && !is_my_command) return; + FPS "%-20s Name of token to search (\"all\" for all tokens)\n", + " -h token-name "); FPS "%-20s Pretty print named cert (list all if unspecified)\n", " -n cert-name"); FPS "%-20s \n" @@ -1388,6 +1396,8 @@ static void luN(enum usage_level ul, const char *command) " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); + FPS "%-20s Specify the password file\n", + " -f password-file"); FPS "%-20s use empty password when creating a new database\n", " --empty-password"); FPS "\n"); @@ -1473,6 +1483,11 @@ static void luR(enum usage_level ul, const char *command) " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", " -a"); FPS "%-20s \n", @@ -1634,6 +1649,11 @@ static void luS(enum usage_level ul, const char *command) " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s Create key usage extension\n", " -1 "); FPS "%-20s Create basic constraint extension\n", diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 2665dd44..0cdd0343 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -494,7 +494,6 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, CK_FLAGS opFlagsOff, secuPWData *pwdata) { CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; PK11RSAGenParams rsaparams; SECKEYPQGParams * dsaparams = NULL; void * params; @@ -529,12 +528,10 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, rsaparams.keySizeInBits = size; rsaparams.pe = publicExponent; mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; params = &rsaparams; break; case dsaKey: mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; if (pqgFile) { dsaparams = getpqgfromfile(size, pqgFile); if (dsaparams == NULL) diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c index 12fcda79..4eb16f71 100644 --- a/security/nss/cmd/crlutil/crlgen.c +++ b/security/nss/cmd/crlutil/crlgen.c @@ -1169,7 +1169,7 @@ crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, switch (crlGenData->contextId) { case CRLGEN_CHANGE_RANGE_CONTEXT: - if (dtype != CRLGEN_TYPE_DIGIT || dtype != CRLGEN_TYPE_DIGIT_RANGE) { + if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) { crlgen_PrintError(crlGenData->parsedLineNum, "range value should have " "numeric or numeric range values.\n"); diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 9f69f7fb..97331c9c 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -2411,6 +2411,46 @@ loser: return rv; } +int +SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int level) +{ + PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + CERTCertificate *c; + int rv = SEC_ERROR_NO_MEMORY; + int iv; + + if (!arena) + return rv; + + /* Decode certificate */ + c = PORT_ArenaZNew(arena, CERTCertificate); + if (!c) + goto loser; + c->arena = arena; + rv = SEC_ASN1DecodeItem(arena, c, + SEC_ASN1_GET(CERT_CertificateTemplate), der); + if (rv) { + SECU_Indent(out, level); + SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); + SECU_PrintAny(out, der, "Raw", level); + goto loser; + } + /* Pretty print it out */ + SECU_Indent(out, level); fprintf(out, "%s:\n", m); + SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1); + SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1); + SECU_PrintName(out, &c->issuer, "Issuer", level+1); + if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/ + SECU_Newline(out); + secu_PrintValidity(out, &c->validity, "Validity", level+1); + SECU_PrintName(out, &c->subject, "Subject", level+1); + if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/ + SECU_Newline(out); +loser: + PORT_FreeArena(arena, PR_FALSE); + return rv; +} + int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level) { diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 2a299918..9f2744a3 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -221,6 +221,9 @@ extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, extern int SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level); +extern int SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, + int level); + extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, int level); diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 8950b1b0..7b0467f2 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -45,7 +45,7 @@ Usage(char *progName) FPS "\t\t [-c key_cipher] [-C cert_cipher]\n" "\t\t [-m | --key_len keyLen] [--cert_key_len certKeyLen] [-v]\n"); FPS "\t\t [-k slotpwfile | -K slotpw]\n" - "\t\t [-w p12filepwfile | -W p12filefilepw]\n"); + "\t\t [-w p12filepwfile | -W p12filepw]\n"); exit(PK12UERR_USAGE); } @@ -101,9 +101,6 @@ static p12uContext * p12u_InitContext(PRBool fileImport, char *filename) { p12uContext *p12cxt; - PRBool fileExist; - - fileExist = fileImport; p12cxt = PORT_ZNew(p12uContext); if(!p12cxt) { diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index 833952a5..812a27fd 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -87,8 +87,8 @@ EXTRA_LIBS += \ $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ $(PKIXLIB) \ $(DBMLIB) \ - $(DIST)/lib/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \ + $(SQLITE_LIB_DIR)/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \ + $(NSSUTIL_LIB_DIR)/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \ @@ -135,7 +135,7 @@ endif # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -l$(SQLITE_LIB_NAME) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ @@ -153,7 +153,7 @@ ifeq ($(OS_ARCH), WINNT) # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) EXTRA_LIBS += \ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ + $(NSSUTIL_LIB_DIR)/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \ diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index a739a915..31e76611 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -31,8 +31,7 @@ static void Usage(char *progName) SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); - fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID, - SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); + fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", ""); fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n", "-a"); fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n", diff --git a/security/nss/cmd/tstclnt/manifest.mn b/security/nss/cmd/tstclnt/manifest.mn index 5a4fec8c..5c1e4f61 100644 --- a/security/nss/cmd/tstclnt/manifest.mn +++ b/security/nss/cmd/tstclnt/manifest.mn @@ -17,6 +17,7 @@ REQUIRES = seccmd dbm # DIRS = CSRCS = tstclnt.c +DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" PROGRAM = tstclnt diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 664c54f7..72f53bad 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -32,6 +32,7 @@ #include "ssl.h" #include "sslproto.h" #include "pk11func.h" +#include "secmod.h" #include "plgetopt.h" #include "plstr.h" @@ -97,6 +98,7 @@ int ssl3CipherSuites[] = { unsigned long __cmp_umuls; PRBool verbose; +int dumpServerChain = 0; int renegotiationsToDo = 0; int renegotiationsDone = 0; @@ -179,7 +181,8 @@ static void PrintUsageHeader(const char *progName) { fprintf(stderr, "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n" - "[-d certdir] [-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n" + "[-D | -d certdir] [-C] [-b | -R root-module] \n" + "[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n" "[-V [min-version]:[max-version]] [-K] [-T]\n" "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n", progName); @@ -196,6 +199,12 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Directory with cert database (default is ~/.netscape)\n", "-d certdir"); + fprintf(stderr, "%-20s Run without a cert database\n", "-D"); + fprintf(stderr, "%-20s Load the default \"builtins\" root CA module\n", "-b"); + fprintf(stderr, "%-20s Load the given root CA module\n", "-R"); + fprintf(stderr, "%-20s Print certificate chain information\n", "-C"); + fprintf(stderr, "%-20s (use -C twice to print more certificate details)\n", ""); + fprintf(stderr, "%-20s (use -C three times to include PEM format certificate dumps)\n", ""); fprintf(stderr, "%-20s Nickname of key and cert for client auth\n", "-n nickname"); fprintf(stderr, @@ -500,12 +509,114 @@ verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca) EXIT_CODE_SIDECHANNELTEST_REVOKED; } + +static void +dumpCertificatePEM(CERTCertificate *cert) +{ + SECItem data; + data.data = cert->derCert.data; + data.len = cert->derCert.len; + fprintf(stderr, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); +} + +static void +dumpServerCertificateChain(PRFileDesc *fd) +{ + CERTCertList *peerCertChain = NULL; + CERTCertListNode *node = NULL; + CERTCertificate *peerCert = NULL; + CERTCertificateList *foundChain = NULL; + SECU_PPFunc dumpFunction = NULL; + PRBool dumpCertPEM = PR_FALSE; + + if (!dumpServerChain) { + return; + } + else if (dumpServerChain == 1) { + dumpFunction = SECU_PrintCertificateBasicInfo; + } else { + dumpFunction = SECU_PrintCertificate; + if (dumpServerChain > 2) { + dumpCertPEM = PR_TRUE; + } + } + + SECU_EnableWrap(PR_FALSE); + + fprintf(stderr, "==== certificate(s) sent by server: ====\n"); + peerCertChain = SSL_PeerCertificateChain(fd); + if (peerCertChain) { + node = CERT_LIST_HEAD(peerCertChain); + while ( ! CERT_LIST_END(node, peerCertChain) ) { + CERTCertificate *cert = node->cert; + SECU_PrintSignedContent(stderr, &cert->derCert, "Certificate", 0, + dumpFunction); + if (dumpCertPEM) { + dumpCertificatePEM(cert); + } + node = CERT_LIST_NEXT(node); + } + } + + if (peerCertChain) { + peerCert = SSL_RevealCert(fd); + if (peerCert) { + foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer, + PR_TRUE); + } + if (foundChain) { + int count = 0; + fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); + for(count = 0; count < (unsigned int)foundChain->len; count++) { + CERTCertificate *c; + PRBool wasSentByServer = PR_FALSE; + c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]); + + node = CERT_LIST_HEAD(peerCertChain); + while ( ! CERT_LIST_END(node, peerCertChain) ) { + CERTCertificate *cert = node->cert; + if (CERT_CompareCerts(cert, c)) { + wasSentByServer = PR_TRUE; + break; + } + node = CERT_LIST_NEXT(node); + } + + if (!wasSentByServer) { + SECU_PrintSignedContent(stderr, &c->derCert, "Certificate", 0, + dumpFunction); + if (dumpCertPEM) { + dumpCertificatePEM(c); + } + } + CERT_DestroyCertificate(c); + } + CERT_DestroyCertificateList(foundChain); + } + if (peerCert) { + CERT_DestroyCertificate(peerCert); + } + + CERT_DestroyCertList(peerCertChain); + peerCertChain = NULL; + } + + fprintf(stderr, "==== end of certificate chain information ====\n"); + fflush(stderr); +} + static SECStatus ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) { ServerCertAuth * serverCertAuth = (ServerCertAuth *) arg; + if (dumpServerChain) { + dumpServerCertificateChain(fd); + } + + if (!serverCertAuth->shouldPause) { CERTCertificate *cert; int i; @@ -828,6 +939,9 @@ int main(int argc, char **argv) PLOptState *optstate; PLOptStatus optstatus; PRStatus prStatus; + PRBool openDB = PR_TRUE; + PRBool loadDefaultRootCAs = PR_FALSE; + char *rootModule = NULL; serverCertAuth.shouldPause = PR_TRUE; serverCertAuth.isPaused = PR_FALSE; @@ -854,7 +968,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BFKM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BCDFKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -865,6 +979,10 @@ int main(int argc, char **argv) case 'B': bypassPKCS11 = 1; break; + case 'C': ++dumpServerChain; break; + + case 'D': openDB = PR_FALSE; break; + case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) { /* parameter given twice or more */ serverCertAuth.requireDataForIntermediates = PR_TRUE; @@ -895,6 +1013,8 @@ int main(int argc, char **argv) }; break; + case 'R': rootModule = PORT_Strdup(optstate->value); break; + case 'S': skipProtoHeader = PR_TRUE; break; case 'T': enableCertStatus = 1; break; @@ -917,6 +1037,8 @@ int main(int argc, char **argv) } break; + case 'b': loadDefaultRootCAs = PR_TRUE; break; + case 'c': cipherString = PORT_Strdup(optstate->value); break; case 'g': enableFalseStart = 1; break; @@ -972,8 +1094,10 @@ int main(int argc, char **argv) if (optstatus == PL_OPT_BAD) Usage(progName); - if (!host || !portno) + if (!host || !portno) { + fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName); Usage(progName); + } if (serverCertAuth.testFreshStatusFromSideChannel && serverCertAuth.shouldPause) { @@ -981,6 +1105,16 @@ int main(int argc, char **argv) exit(1); } + if (certDir && !openDB) { + fprintf(stderr, "%s: Cannot combine parameters -D and -d\n", progName); + exit(1); + } + + if (rootModule && loadDefaultRootCAs) { + fprintf(stderr, "%s: Cannot combine parameters -b and -R\n", progName); + exit(1); + } + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -1073,10 +1207,26 @@ int main(int argc, char **argv) certDir = SECU_ConfigDirectory(certDirTmp); PORT_Free(certDirTmp); } - rv = NSS_Init(certDir); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to open cert database"); - return 1; + + if (openDB) { + rv = NSS_Init(certDir); + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to open cert database"); + return 1; + } + } else { + rv = NSS_NoDB_Init(NULL); + if (rv != SECSuccess) { + SECU_PrintError(progName, "failed to initialize NSS"); + return 1; + } + } + + if (loadDefaultRootCAs) { + SECMOD_AddNewModule("Builtins", + DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); + } else if (rootModule) { + SECMOD_AddNewModule("Builtins", rootModule, 0, 0); } /* set the policy bits true for all the cipher suites. */ diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index f0002c6f..18a13481 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -116,3 +116,22 @@ PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \ USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz + +# The system sqlite library in the latest version of Mac OS X often becomes +# newer than the sqlite library in NSS. This may result in certain Mac OS X +# system libraries having unresolved sqlite symbols during the shlibsign step +# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and +# the NSS libsqlite3.dylib is used instead of the system one. So just use the +# system sqlite library on Mac, if it's sufficiently new. + +SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}') +SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }') +SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }') + +ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR)) + ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR))) + # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control + else + NSS_USE_SYSTEM_SQLITE = 1 + endif +endif diff --git a/security/nss/coreconf/command.mk b/security/nss/coreconf/command.mk index 35ebe868..ec1fd4d3 100644 --- a/security/nss/coreconf/command.mk +++ b/security/nss/coreconf/command.mk @@ -11,8 +11,7 @@ AS = $(CC) ASFLAGS += $(CFLAGS) CCF = $(CC) $(CFLAGS) -LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) -LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS) +LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ $(XCFLAGS) PERL = perl diff --git a/security/nss/coreconf/location.mk b/security/nss/coreconf/location.mk index 0eb9d914..b11558a4 100644 --- a/security/nss/coreconf/location.mk +++ b/security/nss/coreconf/location.mk @@ -67,6 +67,10 @@ ifndef SOFTOKEN_LIB_DIR SOFTOKEN_LIB_DIR = $(DIST)/lib endif +ifndef SQLITE_LIB_DIR + SQLITE_LIB_DIR = $(DIST)/lib +endif + ifndef SQLITE_LIB_NAME SQLITE_LIB_NAME = sqlite3 endif diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 937eed4e..5495b0c3 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -241,7 +241,7 @@ alltags: $(PROGRAM): $(OBJS) $(EXTRA_LIBS) @$(MAKE_OBJDIR) ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) - $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) + $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(XLDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) ifdef MT if test -f $@.manifest; then \ $(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \ @@ -332,7 +332,7 @@ $(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX) @$(MAKE_OBJDIR) ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) $(MKPROG) $< -Fe$@ -link \ - $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) + $(LDFLAGS) $(XLDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) ifdef MT if test -f $@.manifest; then \ $(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \ diff --git a/security/nss/doc/Makefile b/security/nss/doc/Makefile index 00c94aaf..444a81a3 100644 --- a/security/nss/doc/Makefile +++ b/security/nss/doc/Makefile @@ -39,19 +39,6 @@ version.xml: .PHONY : $(HTMLPAGES) .PHONY : $(TXTPAGES) -#------------------------------------------ -# Package a tar ball for building in fedora -# Include the makefile and .xml files only -# man pages will be created at build time -#------------------------------------------ - -tarball: - rm -rf $(name); \ - mkdir -p $(name)/nroff; \ - cp Makefile $(name); \ - cp *.xml $(name); \ - tar cvjf $(name)-$(date).tar.bz2 $(name) - #-------------------------------------------------------- # manpages #-------------------------------------------------------- diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index b89fa492..4fdb5d0d 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -247,7 +247,7 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their -g keysize - Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed. + Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed. @@ -459,6 +459,23 @@ of the attribute codes: Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes. + + -Z hashAlg + + Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords: + + MD2 + MD4 + MD5 + SHA1 + SHA224 + SHA256 + SHA384 + SHA512 + + + + -0 SSO_password Set a site security officer password on a token. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 907f90be..6f29575d 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

@@ -14,7 +14,7 @@ If this option is not used, the validity check defaults to the current system ti Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.

  • OID (example): 1.2.3.4

  • critical-flag: critical or not-critical

  • filename: full path to a file containing an encoded extension

-f password-file

Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent - unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

+ unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

The valid key type options are rsa, dsa, ec, or all. The default value is rsa. Specifying the type of key can avoid mistakes caused by duplicate nicknames. Giving a key type generates a new key pair; @@ -61,7 +61,7 @@ of the attribute codes: the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is not used, the validity period begins at the current system time. The length - of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • + of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-Z hashAlg

Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:

  • MD2

  • MD4

  • MD5

  • SHA1

  • SHA224

  • SHA256

  • SHA384

  • SHA512

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • digitalSignature

  • nonRepudiation diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 7ae5db01..6ce08f2e 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 29 July 2014 +.\" Date: 23 February 2015 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "29 July 2014" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "23 February 2015" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -310,7 +310,7 @@ Specify a file that will automatically supply the password to include in a certi .PP \-g keysize .RS 4 -Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. +Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 2048 bits\&. Any size between the minimum and maximum is allowed\&. .RE .PP \-h tokenname @@ -619,6 +619,99 @@ Set an alternate exponent value to use in generating a new RSA public key for th Read a seed value from the specified file to generate a new private and public key pair\&. This argument makes it possible to use hardware\-generated seed values or manually create a value from the keyboard\&. The minimum file size is 20 bytes\&. .RE .PP +\-Z hashAlg +.RS 4 +Specify the hash algorithm to use with the \-C, \-S or \-R command options\&. Possible keywords: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD2 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD4 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD5 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA1 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA224 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA256 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA384 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA512 +.RE +.RE +.PP \-0 SSO_password .RS 4 Set a site security officer password on a token\&. diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 0e9e3919..4564dc2d 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -929,15 +929,9 @@ extern SECStatus CERT_FindNSCertTypeExtension extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag); -extern SECStatus CERT_FindIssuerCertExtension - (CERTCertificate *cert, int tag, SECItem *value); - extern SECStatus CERT_FindCertExtensionByOID (CERTCertificate *cert, SECItem *oid, SECItem *value); -extern char *CERT_FindCertURLExtension (CERTCertificate *cert, int tag, - int catag); - /* Returns the decoded value of the authKeyID extension. ** Note that this uses passed in the arena to allocate storage for the result */ @@ -1178,6 +1172,20 @@ CERT_GetNextGeneralName(CERTGeneralName *current); extern CERTGeneralName * CERT_GetPrevGeneralName(CERTGeneralName *current); +/* + * Look up name constraints for some certs that do not include name constraints + * (Most importantly, root certificates) + * + * If a matching subject is found, |extensions| will be populated with a copy of the + * DER-encoded name constraints extension. The data in |extensions| will point to + * memory that the caller owns. + * + * There is no mechanism to configure imposed name constraints right now. All + * imposed name constraints are built into NSS. + */ +SECStatus +CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions); + CERTNameConstraint * CERT_GetNextNameConstraint(CERTNameConstraint *current); @@ -1549,6 +1557,9 @@ CERT_CheckNameSpace(PLArenaPool *arena, /* * Extract and allocate the name constraints extension from the CA cert. + * If the certificate contains no name constraints extension, but + * CERT_GetImposedNameConstraints returns a name constraints extension + * for the subject of the certificate, then that extension will be returned. */ extern SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 43304371..2581be22 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1051,6 +1051,11 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; + if (!crl) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return(secCertTimeUndetermined); + } + rv = SEC_GetCrlTimes(crl, ¬Before, ¬After); if (rv) { @@ -1063,6 +1068,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { + PORT_SetError(SEC_ERROR_CRL_EXPIRED); return(secCertTimeNotValidYet); } @@ -1074,6 +1080,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { } if ( LL_CMP( t, >, notAfter) ) { + PORT_SetError(SEC_ERROR_CRL_EXPIRED); return(secCertTimeExpired); } @@ -1425,7 +1432,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) CERTGeneralName * current; char * cn; int cnBufLen; - unsigned int hnLen; int DNSextCount = 0; int IPextCount = 0; PRBool isIPaddr = PR_FALSE; @@ -1435,7 +1441,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) char cnbuf[128]; subAltName.data = NULL; - hnLen = strlen(hn); cn = cnbuf; cnBufLen = sizeof cnbuf; @@ -2311,7 +2316,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) { unsigned int i; unsigned int *pflags; - + if (!trust) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -2325,7 +2330,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) } pflags = &trust->sslFlags; - + for (i=0; i < PORT_Strlen(trusts); i++) { switch (trusts[i]) { case 'p': @@ -2371,6 +2376,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) } break; default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } } diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index d0d53c30..d358dfd8 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -75,6 +75,21 @@ SECStatus SEC_DeletePermCertificate(CERTCertificate *cert); PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old); +/* +** Extract the validity times from a CRL +** "crl" is the CRL +** "notBefore" is the start of the validity period (last update) +** "notAfter" is the end of the validity period (next update) +*/ +SECStatus +SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter); + +/* +** Check the validity times of a crl vs. time 't', allowing +** some slop for broken clocks and stuff. +** "crl" is the certificate to be checked +** "t" is the time to check against +*/ SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t); diff --git a/security/nss/lib/certdb/certi.h b/security/nss/lib/certdb/certi.h index f47af1cf..ff7a7b84 100644 --- a/security/nss/lib/certdb/certi.h +++ b/security/nss/lib/certdb/certi.h @@ -116,11 +116,16 @@ struct CRLDPCacheStr { #else PRLock* lock; #endif - CERTCertificate* issuer; /* issuer cert - XXX there may be multiple issuer certs, - with different validity dates. Also - need to deal with SKID/AKID . See - bugzilla 217387, 233118 */ + SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference + to the actual cert so the trust can be + updated on the cert automatically. + XXX there may be multiple issuer certs, + with different validity dates. Also + need to deal with SKID/AKID . See + bugzilla 217387, 233118 */ + + CERTCertDBHandle *dbHandle; + SECItem* subject; /* DER of issuer subject */ SECItem* distributionPoint; /* DER of distribution point. This may be NULL when distribution points aren't @@ -165,15 +170,6 @@ struct CRLDPCacheStr { struct CRLIssuerCacheStr { SECItem* subject; /* DER of issuer subject */ CRLDPCache* dpp; -#if 0 - /* XCRL for future use. - We don't need to lock at the moment because we only have one DP, - which gets created at the same time as this object */ - NSSRWLock* lock; - CRLDPCache** dps; - PLHashTable* distributionpoints; - CERTCertificate* issuer; -#endif }; /* CRL revocation cache object diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 9ab00fde..d8b559c7 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -186,7 +186,7 @@ struct CERTSubjectListStr { struct CERTCertificateStr { /* the arena is used to allocate any data structures that have the same * lifetime as the cert. This is all stuff that hangs off of the cert - * structure, and is all freed at the same time. I is used when the + * structure, and is all freed at the same time. It is used when the * cert is decoded, destroyed, and at some times when it changes * state */ @@ -1177,7 +1177,7 @@ typedef struct { /* * How many preferred methods are specified? * This is equivalent to the size of the array that - * preferred_revocation_methods points to. + * preferred_methods points to. * It's allowed to set this value to zero, * then NSS will decide which methods to prefer. */ @@ -1186,7 +1186,7 @@ typedef struct { /* Array that may specify an optional order of preferred methods. * Each array entry shall contain a method identifier as defined * by CERTRevocationMethodIndex. - * The entry at index [0] specifies the method with highest preferrence. + * The entry at index [0] specifies the method with highest preference. * These methods will be tested first for locally available information. * Methods allowed for downloading will be attempted in the same order. */ diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c index 2509d5d5..1735b5e4 100644 --- a/security/nss/lib/certdb/certv3.c +++ b/security/nss/lib/certdb/certv3.c @@ -43,142 +43,6 @@ CERT_StartCertExtensions(CERTCertificate *cert) return (cert_StartExtensions ((void *)cert, cert->arena, SetExts)); } -/* find the given extension in the certificate of the Issuer of 'cert' */ -SECStatus -CERT_FindIssuerCertExtension(CERTCertificate *cert, int tag, SECItem *value) -{ - CERTCertificate *issuercert; - SECStatus rv; - - issuercert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer); - if ( issuercert ) { - rv = cert_FindExtension(issuercert->extensions, tag, value); - CERT_DestroyCertificate(issuercert); - } else { - rv = SECFailure; - } - - return(rv); -} - -/* find a URL extension in the cert or its CA - * apply the base URL string if it exists - */ -char * -CERT_FindCertURLExtension(CERTCertificate *cert, int tag, int catag) -{ - SECStatus rv; - SECItem urlitem = {siBuffer,0}; - SECItem baseitem = {siBuffer,0}; - SECItem urlstringitem = {siBuffer,0}; - SECItem basestringitem = {siBuffer,0}; - PLArenaPool *arena = NULL; - PRBool hasbase; - char *urlstring; - char *str; - int len; - unsigned int i; - - urlstring = NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( ! arena ) { - goto loser; - } - - hasbase = PR_FALSE; - - rv = cert_FindExtension(cert->extensions, tag, &urlitem); - if ( rv == SECSuccess ) { - rv = cert_FindExtension(cert->extensions, SEC_OID_NS_CERT_EXT_BASE_URL, - &baseitem); - if ( rv == SECSuccess ) { - hasbase = PR_TRUE; - } - - } else if ( catag ) { - /* if the cert doesn't have the extensions, see if the issuer does */ - rv = CERT_FindIssuerCertExtension(cert, catag, &urlitem); - if ( rv != SECSuccess ) { - goto loser; - } - rv = CERT_FindIssuerCertExtension(cert, SEC_OID_NS_CERT_EXT_BASE_URL, - &baseitem); - if ( rv == SECSuccess ) { - hasbase = PR_TRUE; - } - } else { - goto loser; - } - - rv = SEC_QuickDERDecodeItem(arena, &urlstringitem, - SEC_ASN1_GET(SEC_IA5StringTemplate), &urlitem); - - if ( rv != SECSuccess ) { - goto loser; - } - if ( hasbase ) { - rv = SEC_QuickDERDecodeItem(arena, &basestringitem, - SEC_ASN1_GET(SEC_IA5StringTemplate), - &baseitem); - - if ( rv != SECSuccess ) { - goto loser; - } - } - - len = urlstringitem.len + ( hasbase ? basestringitem.len : 0 ) + 1; - - str = urlstring = (char *)PORT_Alloc(len); - if ( urlstring == NULL ) { - goto loser; - } - - /* copy the URL base first */ - if ( hasbase ) { - - /* if the urlstring has a : in it, then we assume it is an absolute - * URL, and will not get the base string pre-pended - */ - for ( i = 0; i < urlstringitem.len; i++ ) { - if ( urlstringitem.data[i] == ':' ) { - goto nobase; - } - } - - PORT_Memcpy(str, basestringitem.data, basestringitem.len); - str += basestringitem.len; - - } - -nobase: - /* copy the rest (or all) of the URL */ - PORT_Memcpy(str, urlstringitem.data, urlstringitem.len); - str += urlstringitem.len; - - *str = '\0'; - goto done; - -loser: - if ( urlstring ) { - PORT_Free(urlstring); - } - - urlstring = NULL; -done: - if ( arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - if ( baseitem.data ) { - PORT_Free(baseitem.data); - } - if ( urlitem.data ) { - PORT_Free(urlitem.data); - } - - return(urlstring); -} - /* * get the value of the Netscape Certificate Type Extension */ diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 1551cd1b..9f9aa0b2 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -1123,9 +1123,9 @@ static SECStatus DPCache_Destroy(CRLDPCache* cache) PORT_Free(cache->crls); } /* destroy the cert */ - if (cache->issuer) + if (cache->issuerDERCert) { - CERT_DestroyCertificate(cache->issuer); + SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE); } /* free the subject */ if (cache->subject) @@ -1571,14 +1571,20 @@ static SECStatus CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, else { SECStatus signstatus = SECFailure; - if (cache->issuer) + if (cache->issuerDERCert) { - signstatus = CERT_VerifyCRL(crlobject->crl, cache->issuer, vfdate, + CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle, + cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE); + + if (issuer) { + signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate, wincx); + CERT_DestroyCertificate(issuer); + } } if (SECSuccess != signstatus) { - if (!cache->issuer) + if (!cache->issuerDERCert) { /* we tried to verify without an issuer cert . This is because this CRL came through a call to SEC_FindCrlByName. @@ -1925,15 +1931,16 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* } /* add issuer certificate if it was previously unavailable */ - if (issuer && (NULL == cache->issuer) && + if (issuer && (NULL == cache->issuerDERCert) && (SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN))) { /* if we didn't have a valid issuer cert yet, but we do now. add it */ DPCache_LockWrite(); - if (!cache->issuer) + if (!cache->issuerDERCert) { dirty = PR_TRUE; - cache->issuer = CERT_DupCertificate(issuer); + cache->dbHandle = issuer->dbhandle; + cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert); } DPCache_UnlockWrite(); } @@ -1944,7 +1951,7 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* SEC_FindCrlByName, or through manual insertion, rather than through a certificate verification (CERT_CheckCRL) */ - if (cache->issuer && vfdate ) + if (cache->issuerDERCert && vfdate ) { mustunlock = PR_FALSE; /* re-process all unverified CRLs */ @@ -2201,7 +2208,8 @@ static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer, } if (issuer) { - cache->issuer = CERT_DupCertificate(issuer); + cache->dbHandle = issuer->dbhandle; + cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert); } cache->distributionPoint = SECITEM_DupItem(dp); cache->subject = SECITEM_DupItem(subject); diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 1b0cc970..e3bc11d5 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -1556,76 +1556,98 @@ done: return rv; } -/* Add name constraints to certain certs that do not include name constraints - * This is the core of the implementation for bug 952572. +/* + * Here we define a list of name constraints to be imposed on + * certain certificates, most importantly root certificates. + * + * Each entry in the name constraints list is constructed with this + * macro. An entry contains two SECItems, which have names in + * specific forms to make the macro work: + * + * * ${CA}_SUBJECT_DN - The subject DN for which the constraints + * should be applied + * * ${CA}_NAME_CONSTRAINTS - The name constraints extension + * + * Entities subject to name constraints are identified by subject name + * so that we can cover all certificates for that entity, including, e.g., + * cross-certificates. We use subject rather than public key because + * calling methods often have easy access to that field (vs., say, a key ID), + * and in practice, subject names and public keys are usually in one-to-one + * correspondence anyway. + * */ -static SECStatus -getNameExtensionsBuiltIn(CERTCertificate *cert, - SECItem *extensions) +#define STRING_TO_SECITEM(str) \ +{ siBuffer, (unsigned char*) str, sizeof(str) - 1 } + +#define NAME_CONSTRAINTS_ENTRY(CA) \ + { \ + STRING_TO_SECITEM(CA ## _SUBJECT_DN), \ + STRING_TO_SECITEM(CA ## _NAME_CONSTRAINTS) \ + } + +/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */ + +#define ANSSI_SUBJECT_DN \ + "\x30\x81\x85" \ + "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR" /* C */ \ + "\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" "France" /* ST */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" "Paris" /* L */ \ + "\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" "PM/SGDN" /* O */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" "DCSSI" /* OU */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" "IGC/A" /* CN */ \ + "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" \ + "\x16\x14" "igca@sgdn.pm.gouv.fr" /* emailAddress */ \ + +#define ANSSI_NAME_CONSTRAINTS \ + "\x30\x5D\xA0\x5B" \ + "\x30\x05\x82\x03" ".fr" \ + "\x30\x05\x82\x03" ".gp" \ + "\x30\x05\x82\x03" ".gf" \ + "\x30\x05\x82\x03" ".mq" \ + "\x30\x05\x82\x03" ".re" \ + "\x30\x05\x82\x03" ".yt" \ + "\x30\x05\x82\x03" ".pm" \ + "\x30\x05\x82\x03" ".bl" \ + "\x30\x05\x82\x03" ".mf" \ + "\x30\x05\x82\x03" ".wf" \ + "\x30\x05\x82\x03" ".pf" \ + "\x30\x05\x82\x03" ".nc" \ + "\x30\x05\x82\x03" ".tf" \ + +static const SECItem builtInNameConstraints[][2] = { + NAME_CONSTRAINTS_ENTRY(ANSSI) +}; + +SECStatus +CERT_GetImposedNameConstraints(const SECItem *derSubject, + SECItem *extensions) { - const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/ - "\xA0\x5B" /* element len =91 */ - "\x30\x05" /* sequence len 5 */ - "\x82\x03" /* entry len 3 */ - ".fr" - "\x30\x05\x82\x03" /* sequence len5, entry len 3 */ - ".gp" - "\x30\x05\x82\x03" - ".gf" - "\x30\x05\x82\x03" - ".mq" - "\x30\x05\x82\x03" - ".re" - "\x30\x05\x82\x03" - ".yt" - "\x30\x05\x82\x03" - ".pm" - "\x30\x05\x82\x03" - ".bl" - "\x30\x05\x82\x03" - ".mf" - "\x30\x05\x82\x03" - ".wf" - "\x30\x05\x82\x03" - ".pf" - "\x30\x05\x82\x03" - ".nc" - "\x30\x05\x82\x03" - ".tf"; + size_t i; - /* The stringified value for the subject is: - E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR - */ - const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04" - "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03" - "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65" - "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" - "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03" - "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44" - "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13" - "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06" - "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41" - "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7" - "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40" - "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" - "\x76\x2E\x66\x72"; + if (!extensions) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } - const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject, - sizeof(rawANSSISubject)-1}; - const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov, - sizeof(constraintFranceGov)-1}; + for (i = 0; i < PR_ARRAY_SIZE(builtInNameConstraints); ++i) { + if (SECITEM_ItemsAreEqual(derSubject, &builtInNameConstraints[i][0])) { + return SECITEM_CopyItem(NULL, + extensions, + &builtInNameConstraints[i][1]); + } + } - if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { - SECStatus rv; - rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC); - return rv; - } - PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); - return SECFailure; + PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); + return SECFailure; } -/* Extract the name constraints extension from the CA cert. */ +/* + * Extract the name constraints extension from the CA cert. + * If the certificate contains no name constraints extension, but + * CERT_GetImposedNameConstraints returns a name constraints extension + * for the subject of the certificate, then that extension will be returned. + */ SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert, @@ -1643,7 +1665,8 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) { return rv; } - rv = getNameExtensionsBuiltIn(cert, &constraintsExtension); + rv = CERT_GetImposedNameConstraints(&cert->derSubject, + &constraintsExtension); if (rv != SECSuccess) { if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { return SECSuccess; diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index a0ce7b20..baa75470 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION "2.1" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 4 +#define NSS_BUILTINS_LIBRARY_VERSION "2.4" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/dbm/db.c b/security/nss/lib/ckfw/dbm/db.c index 7880afbe..8d0a6cba 100644 --- a/security/nss/lib/ckfw/dbm/db.c +++ b/security/nss/lib/ckfw/dbm/db.c @@ -137,7 +137,8 @@ nss_dbm_db_set_label /* Locked region */ { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { + rv = NSSCKFWMutex_Lock(db->crustylock); + if( CKR_OK != rv ) { return rv; } diff --git a/security/nss/lib/ckfw/nssmkey/mobject.c b/security/nss/lib/ckfw/nssmkey/mobject.c index 36867db3..2013e7e9 100644 --- a/security/nss/lib/ckfw/nssmkey/mobject.c +++ b/security/nss/lib/ckfw/nssmkey/mobject.c @@ -1880,7 +1880,7 @@ nss_ckmk_CreateObject ) { CK_OBJECT_CLASS objClass; - ckmkInternalObject *io; + ckmkInternalObject *io = NULL; CK_BBOOL isToken; /* diff --git a/security/nss/lib/freebl/ecl/README b/security/nss/lib/freebl/ecl/README index b4c92400..f086cdef 100644 --- a/security/nss/lib/freebl/ecl/README +++ b/security/nss/lib/freebl/ecl/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the elliptic curve math library. - -The Initial Developer of the Original Code is Sun Microsystems, Inc. -Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -Sun Microsystems, Inc. All Rights Reserved. - -Contributor(s): - Stephen Fung and - Douglas Stebila , Sun Microsystems Laboratories - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. The ECL exposes routines for constructing and converting curve parameters for internal use. diff --git a/security/nss/lib/freebl/mpi/README b/security/nss/lib/freebl/mpi/README index 156356bc..fc6c5e10 100644 --- a/security/nss/lib/freebl/mpi/README +++ b/security/nss/lib/freebl/mpi/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger -Portions created by the Initial Developer are Copyright (C) 1997-2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. About the MPI Library --------------------- diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c index 4b5c5498..d619360a 100644 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ b/security/nss/lib/freebl/mpi/mpmontg.c @@ -883,8 +883,8 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, int expOff; mp_int accum1, accum2, accum[WEAVE_WORD_SIZE]; mp_int tmp; - unsigned char *powersArray; - unsigned char *powers; + unsigned char *powersArray = NULL; + unsigned char *powers = NULL; MP_DIGITS(&accum1) = 0; MP_DIGITS(&accum2) = 0; @@ -894,15 +894,6 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_DIGITS(&accum[3]) = 0; MP_DIGITS(&tmp) = 0; - powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1)); - if (powersArray == NULL) { - res = MP_MEM; - goto CLEANUP; - } - - /* powers[i] = base ** (i); */ - powers = (unsigned char *)MP_ALIGN(powersArray,num_powers); - /* grab the first window value. This allows us to preload accumulator1 * and save a conversion, some squares and a multiple*/ MP_CHECKOK( mpl_get_bits(exponent, @@ -911,7 +902,6 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) ); MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) ); - MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) ); /* build the first WEAVE_WORD powers inline */ /* if WEAVE_WORD_SIZE is not 4, this code will have to change */ @@ -925,6 +915,13 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_CHECKOK( mp_copy(montBase, &accum[1]) ); SQR(montBase, &accum[2]); MUL_NOWEAVE(montBase, &accum[2], &accum[3]); + powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1)); + if (!powersArray) { + res = MP_MEM; + goto CLEANUP; + } + /* powers[i] = base ** (i); */ \ + powers = (unsigned char *)MP_ALIGN(powersArray,num_powers); \ MP_CHECKOK( mpi_to_weave(accum, powers, nLen, num_powers) ); if (first_window < 4) { MP_CHECKOK( mp_copy(&accum[first_window], &accum1) ); @@ -946,7 +943,10 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, * odd powers where k is the window size in the two other mp_modexpt * implementations in this file. We will get some of that * back by not needing the first 'k' squares and one multiply for the - * first window */ + * first window. + * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if + * num_powers > 2, in which case powers will have been allocated. + */ for (i = WEAVE_WORD_SIZE; i < num_powers; i++) { int acc_index = i & (WEAVE_WORD_SIZE-1); /* i % WEAVE_WORD_SIZE */ if ( i & 1 ) { @@ -993,6 +993,11 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, pa1 = &accum1; pa2 = &accum2; + /* tmp is not used if window_bits == 1. */ + if (window_bits != 1) { + MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) ); + } + for (expOff = bits_in_exponent - window_bits*2; expOff >= 0; expOff -= window_bits) { mp_size smallExp; MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) ); diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/utils/README b/security/nss/lib/freebl/mpi/utils/README index f2e926c2..61c8e2ef 100644 --- a/security/nss/lib/freebl/mpi/utils/README +++ b/security/nss/lib/freebl/mpi/utils/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger -Portions created by the Initial Developer are Copyright (C) 1998, 2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. Additional MPI utilities ------------------------ diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index c9910e7a..d3fea945 100644 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -1093,7 +1093,6 @@ PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0), PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0), PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0), PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0), -PKIX_ERRORENTRY(X500NAMETOSTRINGHELPERFAILED,pkix_pl_X500Name_ToString_Helper failed,0), PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0), PKIX_ERRORENTRY(INVALIDOCSPHTTPMETHOD,Unsupported HTTP Method for OCSP retrieval,0), PKIX_ERRORENTRY(OCSPGETREQUESTTOOBIG,OCSP request too big for HTTP GET method,0) diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h index 9f65a844..18a10cd2 100644 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ b/security/nss/lib/libpkix/include/pkix_revchecker.h @@ -117,7 +117,7 @@ PKIX_RevocationChecker_Create( * "methodFlags" * Set of flags for the method. * "methodPriority" - * Method priority. (0 corresponds to a highest priority) + * Method priority. (0 corresponds to the highest priority) * "verificationFn" * User call back function that will perform validation of fetched * revocation information(new crl or ocsp response) @@ -143,7 +143,7 @@ PKIX_RevocationChecker_CreateAndAddMethod( PKIX_ProcessingParams *params, PKIX_RevocationMethodType methodType, PKIX_UInt32 methodFlags, - PKIX_UInt32 mathodPriority, + PKIX_UInt32 methodPriority, PKIX_PL_VerifyCallback verificationFn, PKIX_Boolean isLeafMethod, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c index d1499a7d..ebe37739 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -137,7 +137,7 @@ pkix_RevocationChecker_RegisterSelf(void *plContext) PKIX_RETURN(REVOCATIONCHECKER); } -/* Sort methods by theirs priorities */ +/* Sort methods by their priorities (lower priority = higher preference) */ static PKIX_Error * pkix_RevocationChecker_SortComparator( PKIX_PL_Object *obj1, @@ -152,7 +152,13 @@ pkix_RevocationChecker_SortComparator( method1 = (pkix_RevocationMethod *)obj1; method2 = (pkix_RevocationMethod *)obj2; - *pResult = (method1->priority > method2->priority); + if (method1->priority < method2->priority) { + *pResult = -1; + } else if (method1->priority > method2->priority) { + *pResult = 1; + } else { + *pResult = 0; + } PKIX_RETURN(BUILD); } diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 32e45255..19322373 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -48,8 +48,9 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with - * a set of flags on the method, a priority of the method, and - * method local/external checker functions. */ + * a set of flags on the method, a priority of the method (0 + * corresponds to the highest priority), and method local/external + * checker functions. */ struct pkix_RevocationMethodStruct { PKIX_RevocationMethodType methodType; PKIX_UInt32 flags; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 0fd4fadc..9ca307e4 100644 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -660,9 +660,11 @@ pkix_ForwardBuilderState_IsIOPending( * DESCRIPTION: * * This Function takes two Certificates cast in "obj1" and "obj2", - * compares their validity NotAfter dates and returns the result at - * "pResult". The comparison key(s) can be expanded by using other - * data in the Certificate in the future. + * compares them to determine which is a more preferable certificate + * for chain building. This Function is suitable for use as a + * comparator callback for pkix_List_BubbleSort, setting "*pResult" to + * > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1" + * is more desirable than "obj2". * * PARAMETERS: * "obj1" @@ -691,14 +693,14 @@ pkix_Build_SortCertComparator( { PKIX_PL_Date *date1 = NULL; PKIX_PL_Date *date2 = NULL; - PKIX_Boolean result = PKIX_FALSE; + PKIX_Int32 result = 0; PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator"); PKIX_NULLCHECK_THREE(obj1, obj2, pResult); /* * For sorting candidate certificates, we use NotAfter date as the - * sorted key for now (can be expanded if desired in the future). + * comparison key for now (can be expanded if desired in the future). * * In PKIX_BuildChain, the List of CertStores was reordered so that * trusted CertStores are ahead of untrusted CertStores. That sort, or @@ -727,7 +729,12 @@ pkix_Build_SortCertComparator( plContext), PKIX_OBJECTCOMPARATORFAILED); - *pResult = !result; + /* + * Invert the result, so that if date1 is greater than date2, + * obj1 is sorted before obj2. This is because pkix_List_BubbleSort + * sorts in ascending order. + */ + *pResult = -result; cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index 69715154..d459a4a7 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -1132,8 +1132,6 @@ pkix_pl_HttpDefaultClient_KeepAliveSession( PRPollDesc **pPollDesc, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_KeepAliveSession"); @@ -1145,8 +1143,6 @@ pkix_pl_HttpDefaultClient_KeepAliveSession( plContext), PKIX_SESSIONNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)session; - /* XXX Not implemented */ cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h index 62199920..49cd9d2c 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h @@ -45,4 +45,9 @@ pkix_pl_CrlDp_Create(const CRLDistributionPoint *dp, const CERTName *certIssuerName, pkix_pl_CrlDp **pPkixDP, void *plContext); + +#ifdef __cplusplus +} +#endif + #endif /* _PKIX_PL_CRLDP_H */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c index 48d810fe..2dfe9a9c 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c @@ -211,7 +211,6 @@ pkix_pl_PublicKey_Hashcode( PKIX_UInt32 algOIDHash; PKIX_UInt32 algParamsHash; PKIX_UInt32 pubKeyHash; - PKIX_UInt32 fullHash; PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Hashcode"); PKIX_NULLCHECK_TWO(object, pHashcode); @@ -239,8 +238,6 @@ pkix_pl_PublicKey_Hashcode( (nssPubKey.data, nssPubKey.len, &pubKeyHash, plContext), PKIX_HASHFAILED); - fullHash = algOIDHash + algParamsHash + pubKeyHash; - *pHashcode = pubKeyHash; cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c index e5ca4724..e37439cf 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c @@ -12,61 +12,6 @@ /* --Private-X500Name-Functions------------------------------------- */ -/* - * FUNCTION: pkix_pl_X500Name_ToString_Helper - * DESCRIPTION: - * - * Helper function that creates a string representation of the X500Name - * pointed to by "name" and stores it at "pString". - * - * PARAMETERS - * "name" - * Address of X500Name whose string representation is desired. - * Must be non-NULL. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a X500Name Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_pl_X500Name_ToString_Helper( - PKIX_PL_X500Name *name, - PKIX_PL_String **pString, - void *plContext) -{ - CERTName *nssDN = NULL; - char *utf8String = NULL; - PKIX_UInt32 utf8Length; - - PKIX_ENTER(X500NAME, "pkix_pl_X500Name_ToString_Helper"); - PKIX_NULLCHECK_TWO(name, pString); - nssDN = &name->nssDN; - - /* this should really be called CERT_NameToUTF8 */ - utf8String = CERT_NameToAsciiInvertible(nssDN, CERT_N2A_INVERTIBLE); - if (!utf8String){ - PKIX_ERROR(PKIX_CERTNAMETOASCIIFAILED); - } - - PKIX_X500NAME_DEBUG("\t\tCalling PL_strlen).\n"); - utf8Length = PL_strlen(utf8String); - - PKIX_CHECK(PKIX_PL_String_Create - (PKIX_UTF8, utf8String, utf8Length, pString, plContext), - PKIX_STRINGCREATEFAILED); - -cleanup: - - PR_Free(utf8String); - - PKIX_RETURN(X500NAME); -} - /* * FUNCTION: pkix_pl_X500Name_Destroy * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 48bb2f22..fdc8a8a1 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1064,7 +1064,15 @@ PK11_PrivDecrypt; ;+}; ;+NSS_3.18 { # NSS 3.18 release ;+ global: -PK11_SetCertificateNickname; +__PK11_SetCertificateNickname; +SEC_CheckCrlTimes; +SEC_GetCrlTimes; +;+ local: +;+ *; +;+}; +;+NSS_3.18.1 { # NSS 3.18.1 release +;+ global: +CERT_GetImposedNameConstraints; ;+ local: ;+ *; ;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 6121563f..6bac8320 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,10 +33,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.17.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.18.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 17 -#define NSS_VPATCH 2 +#define NSS_VMINOR 18 +#define NSS_VPATCH 0 #define NSS_VBUILD 1 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index c4250c64..1bf8a7f5 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -293,13 +293,11 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, char * nickname = NULL; CERTCertificate *cert = NULL; CERTCertTrust *trust; - PRBool isFortezzaRootCA = PR_FALSE; - PRBool swapNickname = PR_FALSE; cert = pk11_fastCert(slot,certID,privateLabel, &nickname); if (cert == NULL) goto loser; - + if (nickname) { if (cert->nickname != NULL) { cert->dbnickname = cert->nickname; @@ -307,7 +305,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, cert->nickname = PORT_ArenaStrdup(cert->arena,nickname); PORT_Free(nickname); nickname = NULL; - swapNickname = PR_TRUE; } /* remember where this cert came from.... If we have just looked @@ -343,7 +340,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, * full trust on explicitly */ if (PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) { trust->objectSigningFlags |= CERTDB_VALID_CA; - isFortezzaRootCA = PR_TRUE; } } if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) { @@ -2687,8 +2683,20 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg) return slotList; } +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ SECStatus -PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) +__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { @@ -2696,4 +2704,3 @@ PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } - diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index e15a286b..b7a7296b 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -1378,12 +1378,13 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) SECItem iv; SECStatus rv; - mech = (SECItem *) PORT_Alloc(sizeof(SECItem)); if (mech == NULL) return NULL; rv = SECSuccess; mech->type = siBuffer; + mech->data = NULL; + mech->len = 0; switch (type) { case CKM_RC4: case CKM_SEED_ECB: @@ -1396,8 +1397,6 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) case CKM_CAST_ECB: case CKM_CAST3_ECB: case CKM_CAST5_ECB: - mech->data = NULL; - mech->len = 0; break; case CKM_RC2_ECB: rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS)); @@ -1445,8 +1444,6 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) return PK11_ParamFromIV(type,&iv); default: if (pk11_lookup(type)->iv == 0) { - mech->data = NULL; - mech->len = 0; break; } case CKM_SEED_CBC: diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index 709ce21e..d4565eb4 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -458,7 +458,20 @@ SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname); SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname); -SECStatus PK11_SetCertificateNickname(CERTCertificate *cert, + +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ +SECStatus __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname); /* size to hold key in bytes */ diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h index e05b030a..508f0a0d 100644 --- a/security/nss/lib/pkcs12/p12.h +++ b/security/nss/lib/pkcs12/p12.h @@ -36,14 +36,49 @@ typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)( * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate, * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. * See r1.35 of p12d.c ("Patch 2" in bug 321584). + * + * This callback might be called by SEC_PKCS12DecoderValidateBags each time + * a nickname collission is detected. The callback must return a new + * nickname. The returned SECItem should be of type siAsciiString, + * it should be allocated using: + * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) + * and data must contain the new nickname as a zero terminated string. */ typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)( SECItem *old_nickname, PRBool *cancel, void *arg); - - - +/* + * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each + * certificate found in the p12 source data. + * + * cert: A decoded certificate. + * default_nickname: The nickname as found in the source data. + * Will be NULL if source data doesn't have nickname. + * new_nickname: Output parameter that may contain the renamed nickname. + * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames. + * + * If the callback accept that NSS will use a nickname based on the + * default_nickname (potentially resolving conflicts), then the callback + * must set *new_nickname to NULL. + * + * If the callback wishes to override the nickname, it must set *new_nickname + * to a new SECItem which should be allocated using + * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) + * new_nickname->type should be set to siAsciiString, and new_nickname->data + * must contain the new nickname as a zero terminated string. + * + * A return value of SECFailure indicates that the renaming operation failed, + * and callback should release new_nickname before returning if it's already + * being allocated. + * Otherwise, the callback function must return SECSuccess, including use + * default nickname as mentioned above. + */ +typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)( + const CERTCertificate *cert, + const SECItem *default_nickname, + SECItem **new_nickname, + void *arg); typedef SECStatus (PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData); typedef SECStatus (PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile); @@ -167,6 +202,26 @@ extern SECStatus SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, SEC_PKCS12NicknameCollisionCallback nicknameCb); +/* + * SEC_PKCS12DecoderRenameCertNicknames() can be used to change + * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling + * SEC_PKCS12DecoderImportBags. + * + * arg: User-defined data that will be passed to nicknameCb. + * + * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling + * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname + * will be changed. + * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling + * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags() + * will change the nickname of the corresponding private key, too. + */ +extern SECStatus +SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, + SEC_PKCS12NicknameRenameCallback nicknameCb, + void *arg); + + extern SECStatus SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx); diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 744c95aa..6a3a38c9 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -2795,6 +2795,64 @@ SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, return rv; } +SECStatus +SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, + SEC_PKCS12NicknameRenameCallback nicknameCb, + void *arg) +{ + int i; + sec_PKCS12SafeBag *safeBag; + CERTCertificate *cert; + SECStatus srv; + + if(!p12dcx || p12dcx->error || !p12dcx->safeBags || !nicknameCb) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + SECItem *newNickname = NULL; + SECItem *defaultNickname = NULL; + SECStatus rename_rv; + + if (SECOID_FindOIDTag(&(safeBag->safeBagType)) != + SEC_OID_PKCS12_V1_CERT_BAG_ID) { + continue; + } + + cert = CERT_DecodeDERCertificate( + &safeBag->safeBagContent.certBag->value.x509Cert, + PR_FALSE, NULL); + if (!cert) { + return SECFailure; + } + + defaultNickname = sec_pkcs12_get_nickname(safeBag); + rename_rv = (*nicknameCb)(cert, defaultNickname, &newNickname, arg); + + CERT_DestroyCertificate(cert); + + if (defaultNickname) { + SECITEM_ZfreeItem(defaultNickname, PR_TRUE); + defaultNickname = NULL; + } + + if (rename_rv != SECSuccess) { + return rename_rv; + } + + if (newNickname) { + srv = sec_pkcs12_set_nickname(safeBag, newNickname); + SECITEM_ZfreeItem(newNickname, PR_TRUE); + newNickname = NULL; + if (srv != SECSuccess) { + return SECFailure; + } + } + } + + return SECSuccess; +} static SECKEYPublicKey * sec_pkcs12_get_public_key_and_usage(sec_PKCS12SafeBag *certBag, diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c index 48ac3f58..b8aba646 100644 --- a/security/nss/lib/pkcs12/p12local.c +++ b/security/nss/lib/pkcs12/p12local.c @@ -928,7 +928,8 @@ sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest, return PR_FALSE; } - if((dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) { + if ((dest->len >= 2) && + (dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) { if(dest->len + 2 > 3 * src->len) { if(arena) { dest->data = (unsigned char*)PORT_ArenaGrow(arena, diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 6364eaf3..953d7380 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -247,27 +247,28 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) } NSS_IMPLEMENT PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial) { - SECStatus secrv; - SECItem derCert; + SECItem derCert = { 0 }; SECItem derIssuer = { 0 }; SECItem derSerial = { 0 }; - SECITEM_FROM_NSSITEM(&derCert, der); - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); + SECStatus secrv; + derCert.data = (unsigned char *)der->data; + derCert.len = der->size; + secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); if (secrv != SECSuccess) { return PR_FAILURE; } - (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); + secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); if (secrv != SECSuccess) { PORT_Free(derSerial.data); return PR_FAILURE; } - (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); - PORT_Free(derSerial.data); - PORT_Free(derIssuer.data); + issuer->data = derIssuer.data; + issuer->size = derIssuer.len; + serial->data = derSerial.data; + serial->size = derSerial.len; return PR_SUCCESS; } @@ -855,6 +856,8 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) CERTCertificate *cc = NULL; CERTCertTrust certTrust; + /* make sure object does not go away until we finish */ + nssPKIObject_AddRef(&c->object); nssPKIObject_Lock(&c->object); dc = c->decoding; @@ -904,6 +907,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) loser: nssPKIObject_Unlock(&c->object); + nssPKIObject_Destroy(&c->object); return cc; } @@ -1270,6 +1274,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) int failureCount = 0; /* actual deletion failures by devices */ int index; + nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); /* Keep going even if a module fails to delete. */ for (index = 0; index < tObject->numInstances; index++) { @@ -1303,6 +1308,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) } nssPKIObject_Unlock(tObject); + nssPKIObject_Destroy(tObject); return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; } @@ -1329,6 +1335,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) * loop so that once it's failed the other gets set. */ NSSRWLock_LockRead(td->tokensLock); + nssPKIObject_AddRef(cobject); nssPKIObject_Lock(cobject); for (i = 0; i < cobject->numInstances; i++) { nssCryptokiObject *cInstance = cobject->instances[i]; @@ -1343,6 +1350,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) } } nssPKIObject_Unlock(cobject); + nssPKIObject_Destroy(cobject); NSSRWLock_UnlockRead(td->tokensLock); return nssrv; } diff --git a/security/nss/lib/pki/pki3hack.h b/security/nss/lib/pki/pki3hack.h index 6c74200b..39fab75a 100644 --- a/security/nss/lib/pki/pki3hack.h +++ b/security/nss/lib/pki/pki3hack.h @@ -77,7 +77,7 @@ NSS_EXTERN PRStatus STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust); NSS_EXTERN PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial); NSS_EXTERN char * diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c index 3bdf290c..15bb6586 100644 --- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -23,6 +23,7 @@ #endif /* PKISTORE_H */ #include "cert.h" +#include "pki3hack.h" #include "prbit.h" @@ -554,33 +555,6 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber ( return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - PORT_Free(derIssuer.data); - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - NSS_IMPLEMENT NSSCertificate * nssCertificateStore_FindCertificateByEncodedCertificate ( nssCertificateStore *store, @@ -590,7 +564,7 @@ nssCertificateStore_FindCertificateByEncodedCertificate ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert = NULL; - nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 0842d8b2..7842189c 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -391,6 +391,7 @@ remove_token_certs(const void *k, void *v, void *a) nssPKIObject *object = &c->object; struct token_cert_dtor *dtor = a; PRUint32 i; + nssPKIObject_AddRef(object); nssPKIObject_Lock(object); for (i=0; inumInstances; i++) { if (object->instances[i]->token == dtor->token) { @@ -409,6 +410,7 @@ remove_token_certs(const void *k, void *v, void *a) } } nssPKIObject_Unlock(object); + nssPKIObject_Destroy(object); return; } @@ -435,17 +437,21 @@ nssTrustDomain_RemoveTokenCertsFromCache ( dtor.numCerts = 0; dtor.arrSize = arrSize; PZ_Lock(td->cache->lock); - nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor); + nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor); for (i=0; iobject.numInstances == 0) { nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); dtor.certs[i] = NULL; /* skip this cert in the second for loop */ + } else { + /* make sure it doesn't disappear on us before we finish */ + nssCertificate_AddRef(dtor.certs[i]); } } PZ_Unlock(td->cache->lock); for (i=0; idata; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - /* * Look for a specific cert in the cache */ @@ -1084,7 +1064,7 @@ nssTrustDomain_GetCertByDERFromCache ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert; - nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index ec2086f1..a3d26a88 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -831,20 +831,16 @@ nssTrustDomain_FindCertificateByEncodedCertificate ( NSSCertificate *rvCert = NULL; NSSDER issuer = { 0 }; NSSDER serial = { 0 }; - NSSArena *arena = nssArena_Create(); - if (!arena) { - return (NSSCertificate *)NULL; - } /* XXX this is not generic... will any cert crack into issuer/serial? */ - status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial); + status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial); if (status != PR_SUCCESS) { - goto finish; + return NULL; } rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, &issuer, &serial); -finish: - nssArena_Destroy(arena); + PORT_Free(issuer.data); + PORT_Free(serial.data); return rvCert; } diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index a5e1a37d..900d6df6 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -279,3 +279,9 @@ NSS_CMSSignerInfo_Verify; ;+ local: ;+ *; ;+}; +;+NSS_3.18 { # NSS 3.18 release +;+ global: +SEC_PKCS12DecoderRenameCertNicknames; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 0a7d446b..90fa0cf2 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -437,10 +437,12 @@ smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts) */ key = CERT_ExtractPublicKey(rcerts[rcount]); pklen_bits = 0; + key_type = nullKey; if (key != NULL) { pklen_bits = SECKEY_PublicKeyStrengthInBits (key); key_type = SECKEY_GetPublicKeyType(key); SECKEY_DestroyPublicKey (key); + key = NULL; } if (key_type == ecKey) { diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk index 5b860be0..24c41679 100644 --- a/security/nss/lib/softoken/config.mk +++ b/security/nss/lib/softoken/config.mk @@ -23,7 +23,7 @@ RESNAME = $(LIBRARY_NAME).rc # -l$(SQLITE_LIB_NAME) ifdef NS_USE_GCC EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ -L$(NSPR_LIB_DIR) \ @@ -36,7 +36,7 @@ else # ! NS_USE_GCC # $(DIST)/lib/$(SQLITE_LIB_NAME).lib EXTRA_SHARED_LIBS += \ - $(DIST)/lib/sqlite3.lib \ + $(SQLITE_LIB_DIR)/$(SQLITE_LIB_NAME).lib \ $(NSSUTIL_LIB_DIR)/nssutil3.lib \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ @@ -49,7 +49,7 @@ else # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -l$(SQLITE_LIB_NAME) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 9435e71c..3cb6b794 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -720,13 +720,22 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject) { CK_OBJECT_CLASS * classptr; + CK_RV rv = CKR_OK; - SFTK_FIPSCHECK(); CHECK_FORK(); classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS); if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; + if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) { + if (sftk_fatalError) + return CKR_DEVICE_ERROR; + } else { + rv = sftk_fipsCheck(); + if (rv != CKR_OK) + return rv; + } + /* FIPS can't create keys from raw key material */ if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) { rv = CKR_ATTRIBUTE_VALUE_INVALID; diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index d976d576..c0949fec 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -319,8 +319,8 @@ do_xor(unsigned char *dest, unsigned char *src, int len) } static SECStatus -nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, - int iterations, unsigned int i, unsigned char *T) +nsspkcs5_PBKDF2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, + int iterations, unsigned int i, unsigned char *T) { int j; HMACContext *cx = NULL; @@ -393,7 +393,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, } for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) { - rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T); + rv = nsspkcs5_PBKDF2_F(hashobj, pwitem, salt, iterations, i, T); if (rv != SECSuccess) { break; } @@ -410,7 +410,7 @@ loser: } else { result->len = dkLen; } - + return result; } #endif diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 5379c766..0bb7c8ea 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -1691,8 +1691,6 @@ void sdb_SetForkState(PRBool forked) */ static const char INIT_CMD[] = "CREATE TABLE %s (id PRIMARY KEY UNIQUE ON CONFLICT ABORT%s)"; -static const char ALTER_CMD[] = - "ALTER TABLE %s ADD COLUMN a%x"; CK_RV sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate, diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index fd8ad58d..9e7b2c14 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,10 +25,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.17.2.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.18.0.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 17 -#define SOFTOKEN_VPATCH 2 +#define SOFTOKEN_VMINOR 18 +#define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index c6d1e0e5..7d26568f 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -904,7 +904,7 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, if (peerVersion < ss->vrange.min || (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) { - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); return SECFailure; } @@ -2788,6 +2788,12 @@ ssl3_SendRecord( sslSocket * ss, PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); + if (ss->ssl3.fatalAlertSent) { + SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); if (capRecordVersion) { @@ -3233,6 +3239,9 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc) ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; } + if (level == alert_fatal) { + ss->ssl3.fatalAlertSent = PR_TRUE; + } ssl_ReleaseXmitBufLock(ss); ssl_ReleaseSSL3HandshakeLock(ss); return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ @@ -4978,23 +4987,17 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } - /* TLS 1.0 (RFC 2246) Appendix E says: - * Whenever a client already knows the highest protocol known to - * a server (for example, when resuming a session), it should - * initiate the connection in that native protocol. - * So we pass sid->version to ssl3_NegotiateVersion() here, except - * when renegotiating. - * - * Windows SChannel compares the client_version inside the RSA - * EncryptedPreMasterSecret of a renegotiation with the - * client_version of the initial ClientHello rather than the - * ClientHello in the renegotiation. To work around this bug, we - * continue to use the client_version used in the initial - * ClientHello when renegotiating. - */ if (sidOK) { + /* Set ss->version based on the session cache */ if (ss->firstHsDone) { /* + * Windows SChannel compares the client_version inside the RSA + * EncryptedPreMasterSecret of a renegotiation with the + * client_version of the initial ClientHello rather than the + * ClientHello in the renegotiation. To work around this bug, we + * continue to use the client_version used in the initial + * ClientHello when renegotiating. + * * The client_version of the initial ClientHello is still * available in ss->clientHelloVersion. Ensure that * sid->version is bounded within @@ -5008,10 +5011,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } } else { - if (ssl3_NegotiateVersion(ss, sid->version, - PR_FALSE) != SECSuccess) { + /* + * Check sid->version is OK first. + * Previously, we would cap the version based on sid->version, + * but that prevents negotiation of a higher version if the + * previous session was reduced (e.g., with version fallback) + */ + if (sid->version < ss->vrange.min || + sid->version > ss->vrange.max) { sidOK = PR_FALSE; - } + } else { + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); + if (rv != SECSuccess) { + return rv; /* error code was set */ + } + } } } @@ -6287,7 +6302,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); @@ -7699,7 +7714,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } @@ -8472,8 +8487,9 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); if (rv != SECSuccess) { /* send back which ever alert client will understand. */ - desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version + : handshake_failure; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } @@ -8743,11 +8759,11 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, unsigned int i, j; /* hashPreference expresses our preferences for hash algorithms, most * preferable first. */ - static const PRUint8 hashPreference[] = { - tls_hash_sha256, - tls_hash_sha384, - tls_hash_sha512, - tls_hash_sha1, + static const SECOidTag hashPreference[] = { + SEC_OID_SHA256, + SEC_OID_SHA384, + SEC_OID_SHA512, + SEC_OID_SHA1, }; switch (ss->ssl3.hs.kea_def->kea) { diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 555c89dc..aca2b74d 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -1184,8 +1185,7 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + return ssl3_DecodeError(ss); } for (i = data->len; --i > 0; ) { if (data->data[i] == 0) { @@ -1196,10 +1196,10 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, return rv; } } -loser: + /* evil client doesn't support uncompressed */ ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } @@ -1220,7 +1220,7 @@ ECName ssl3_GetSvrCertCurveName(sslSocket *ss) return ec_curve; } -/* Ensure that the curve in our server cert is one of the ones suppored +/* Ensure that the curve in our server cert is one of the ones supported * by the remote client, and disable all ECC cipher suites if not. */ SECStatus @@ -1231,26 +1231,34 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 mutualCurves = 0; PRUint16 svrCertCurveName; - if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + if (!data->data || data->len < 4) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + (void)ssl3_DecodeError(ss); + return SECFailure; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name < 0) { + return SECFailure; /* fatal alert already sent */ + } if (curve_name > ec_noName && curve_name < ec_pastLastName) { peerCurves |= (1U << curve_name); } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; - if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + if (!mutualCurves) { + /* no mutually supported EC Curves, disable ECC */ + ssl3_DisableECCSuites(ss, ecSuites); + return SECSuccess; } /* if our ECC cert doesn't use one of these supported curves, @@ -1266,12 +1274,7 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); - return SECFailure; - -loser: - /* no common curve supported */ - ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } #endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 247f1f8f..6965a6df 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -64,10 +65,14 @@ static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); -static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, @@ -247,7 +252,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, @@ -263,7 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } }; @@ -290,7 +295,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, @@ -398,13 +403,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRInt32 listLenBytes = 0; if (!ss->sec.isServer) { - /* Verify extension_data is empty. */ - if (data->data || data->len || - !ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { - /* malformed or was not initiated by the client.*/ - return SECFailure; - } - return SECSuccess; + return SECSuccess; /* ignore extension */ } /* Server side - consume client data and register server sender. */ @@ -414,33 +413,38 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes == 0 || listLenBytes != data->len) { + if (listLenBytes < 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); return SECFailure; } + if (listLenBytes == 0) { + return SECSuccess; /* ignore an empty extension */ + } ldata = *data; /* Calculate the size of the array.*/ while (listLenBytes > 0) { SECItem litem; SECStatus rv; - PRInt32 type; - /* Name Type (sni_host_name) */ + PRInt32 type; + /* Skip Name Type (sni_host_name); checks are on the second pass */ type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); - if (!ldata.len) { + if (type < 0) { /* i.e., SECFailure cast to PRint32 */ return SECFailure; } rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len); if (rv != SECSuccess) { - return SECFailure; + return rv; } - /* Adjust total length for cunsumed item, item len and type.*/ + /* Adjust total length for consumed item, item len and type.*/ listLenBytes -= litem.len + 3; if (listLenBytes > 0 && !ldata.len) { + (void)ssl3_DecodeError(ss); return SECFailure; } listCount += 1; } if (!listCount) { - return SECFailure; + return SECFailure; /* nothing we can act on */ } names = PORT_ZNewArray(SECItem, listCount); if (!names) { @@ -455,6 +459,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { + /* TODO bug 998524: .type is not assigned a value */ if (names[j].type == type) { nametypePresent = PR_TRUE; break; @@ -464,7 +469,10 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2, &data->data, &data->len); if (rv != SECSuccess) { - goto loser; + PORT_Assert(0); + PORT_Free(names); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return rv; } if (nametypePresent == PR_FALSE) { namesPos += 1; @@ -479,10 +487,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn; return SECSuccess; - -loser: - PORT_Free(names); - return SECFailure; } /* Called by both clients and servers. @@ -603,17 +607,11 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) * store protocol identifiers in null-terminated strings. */ if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } offset = newOffset; } - if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - return SECSuccess; } @@ -626,34 +624,41 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem result = { siBuffer, resultBuffer, 0 }; rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) + if (rv != SECSuccess) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return rv; + } PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); - if (rv != SECSuccess) - return rv; - /* If the callback wrote more than allowed to |result| it has corrupted our - * stack. */ - if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); + result.data, &result.len, sizeof(resultBuffer)); + if (rv != SECSuccess) { + /* Expect callback to call PORT_SetError() */ + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } + /* If the callback wrote more than allowed to |result| it has corrupted our + * stack. */ + if (result.len > sizeof(resultBuffer)) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + /* TODO: crash */ + return SECFailure; + } + + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + if (ex_type == ssl_app_layer_protocol_xtn && ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { - /* The callback might say OK, but then it's picked a default. - * That's OK for NPN, but not ALPN. */ - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + /* The callback might say OK, but then it picks a default value - one + * that was not listed. That's OK for NPN, but not ALPN. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } @@ -669,17 +674,16 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } - /* unlike NPN, ALPN has extra redundant length information so that - * the extension is the same in both ClientHello and ServerHello */ + /* Unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello. */ count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (count < 0) { - return SECFailure; /* fatal alert was sent */ - } if (count != data->len) { - return ssl3_DecodeError(ss); + (void)ssl3_DecodeError(ss); + return SECFailure; } if (!ss->nextProtoCallback) { @@ -694,8 +698,13 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* prepare to send back a response, if we negotiated */ if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { - return ssl3_RegisterServerHelloExtensionSender( + rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return rv; + } } return SECSuccess; } @@ -713,7 +722,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SSL_ERROR_BAD_SERVER); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } @@ -722,7 +732,9 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * that an application erroneously cleared the callback between the time * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { + PORT_Assert(0); PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } @@ -732,8 +744,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - const unsigned char* d = data->data; - PRUint16 name_list_len; + SECStatus rv; + PRInt32 list_len; SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { @@ -743,22 +755,30 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* The extension data from the server has the following format: * uint16 name_list_len; - * uint8 len; + * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); - if (name_list_len != data->len - 2 || d[2] != data->len - 3) { + list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + /* The list has to be the entire extension. */ + if (list_len != data->len) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - protocol_name.data = data->data + 3; - protocol_name.len = data->len - 3; + rv = ssl3_ConsumeHandshakeVariable(ss, &protocol_name, 1, + &data->data, &data->len); + /* The list must have exactly one value. */ + if (rv != SECSuccess || data->len != 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + return SECFailure; + } SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; @@ -914,8 +934,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { /* The echoed extension must be empty. */ - if (data->len != 0) - return SECFailure; + if (data->len != 0) { + return SECSuccess; /* Ignore the extension. */ + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1365,8 +1386,9 @@ SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - if (data->len != 0) - return SECFailure; + if (data->len != 0) { + return SECSuccess; /* Ignore the extension. */ + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1384,8 +1406,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SSL3Statistics *ssl3stats; /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTickets) + if (!ss->opt.enableSessionTickets) { return SECSuccess; + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1443,8 +1466,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, extension_data.len = data->len; if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + != SECSuccess) { + return SECSuccess; /* Pretend it isn't there */ + } /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS @@ -1872,18 +1896,22 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) /* get the data for this extension, so we can pass it or skip it. */ rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); if (rv != SECSuccess) - return rv; + return rv; /* alert already sent */ /* Check whether the server sent an extension which was not advertised * in the ClientHello. */ if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + !ssl3_ClientExtensionAdvertised(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension); + return SECFailure; + } /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) + if (ssl3_ExtensionNegotiated(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; + } /* find extension_type in table of Hello Extension Handlers */ for (handler = handlers; handler->ex_type >= 0; handler++) { @@ -1891,9 +1919,13 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) if (handler->ex_type == extension_type) { rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; + if (rv != SECSuccess) { + if (!ss->ssl3.fatalAlertSent) { + /* send a generic alert if the handler didn't already */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + } + return SECFailure; + } } } } @@ -2025,13 +2057,14 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes : ss->ssl3.hs.finishedBytes * 2; } - if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + if (data->len != 1 + len || data->data[0] != len ) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len)) { PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2040,13 +2073,13 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->sec.isServer) { /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + ssl3_SendRenegotiationInfoXtn); } return rv; } static PRInt32 -ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRUint32 ext_data_len; PRInt16 i; @@ -2055,65 +2088,139 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) if (!ss) return 0; - if (!ss->sec.isServer) { - /* Client side */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } - - return 4 + ext_data_len; - } - - /* Server side */ - if (append && maxBytes >= 9) { + if (append && maxBytes >= 4 + ext_data_len) { /* Extension type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); if (rv != SECSuccess) return -1; /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); if (rv != SECSuccess) return -1; /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } /* Empty MKI value */ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; } + return 4 + ext_data_len; +} + +static PRInt32 +ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +{ + SECStatus rv; + + /* Server side */ + if (!append || maxBytes < 9) { + return 9; + } + + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + return 9; } static SECStatus -ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +{ + SECStatus rv; + SECItem ciphers = {siBuffer, NULL, 0}; + PRUint16 i; + PRUint16 cipher = 0; + PRBool found = PR_FALSE; + SECItem litem; + + if (!data->data || !data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* fatal alert already sent */ + } + /* Now check that the server has picked just 1 (i.e., len = 2) */ + if (ciphers.len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } + + if (!found) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } + + /* Get the srtp_mki value */ + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* alert already sent */ + } + + /* We didn't offer an MKI, so this must be 0 length */ + if (litem.len != 0) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } + + /* extra trailing bytes */ + if (data->len != 0) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; +} + +static SECStatus +ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; SECItem ciphers = {siBuffer, NULL, 0}; @@ -2123,74 +2230,6 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRBool found = PR_FALSE; SECItem litem; - if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { - /* malformed */ - return SECFailure; - } - - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } - - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } - - if (!found) { - return SECFailure; - } - - /* Get the srtp_mki value */ - rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } - - if (data->len != 0) { - /* malformed */ - return SECFailure; - } - - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; - } - - /* Server side */ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP * preferences have been set. */ @@ -2198,7 +2237,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!data->data || data->len < 5) { - /* malformed */ + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2206,10 +2245,11 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; /* alert already sent */ } /* Check that the list is even length */ if (ciphers.len % 2) { + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2232,12 +2272,13 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (data->len != 0) { - return SECFailure; /* Malformed */ + (void)ssl3_DecodeError(ss); /* trailing bytes */ + return SECFailure; } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ + /* No matching ciphers, pretend we don't support use_srtp */ return SECSuccess; } @@ -2246,7 +2287,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_ServerSendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2258,16 +2299,13 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; SECItem algorithms; const unsigned char *b; - unsigned int numAlgorithms, i; + unsigned int numAlgorithms, i, j; /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return SECSuccess; } - /* Keep track of negotiated extensions. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, &data->len); if (rv != SECSuccess) { @@ -2276,6 +2314,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } @@ -2289,12 +2328,14 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; - for (i = 0; i < numAlgorithms; i++) { + for (i = j = 0; i < numAlgorithms; i++) { unsigned char tls_hash = *(b++); unsigned char tls_sig = *(b++); SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); @@ -2305,9 +2346,10 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* tls_sig support will be checked later in * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; - ss->ssl3.hs.numClientSigAndHash++; + ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig; + ++j; + ++ss->ssl3.hs.numClientSigAndHash; } if (!ss->ssl3.hs.numClientSigAndHash) { @@ -2317,6 +2359,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = NULL; } + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; return SECSuccess; } @@ -2480,41 +2524,32 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } - if (data->len != 2) - goto loser; + if (data->len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } /* Get the draft version out of the handshake */ draft_version = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (draft_version < 0) { - goto loser; + return SECFailure; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - /* Compare the version */ if (draft_version != TLS_1_3_DRAFT_VERSION) { + /* + * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. + * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back + * here. Need to double-check. + */ SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), " "expected %d", SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION)); - goto loser; + ss->version = SSL_LIBRARY_VERSION_TLS_1_2; } - return SECSuccess; - -loser: - /* - * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. - * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back - * here. Need to double-check. - * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions. - * because SECFailure does not cause handshake failures. See bug - * 753136. - */ - SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd)); - ss->version = SSL_LIBRARY_VERSION_TLS_1_2; - return SECSuccess; } - diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 858ae0cc..896d05a1 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -981,6 +981,7 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ + PRBool fatalAlertSent; }; #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index dfa7a2c7..90bc4572 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -90,12 +90,12 @@ static sslOptions ssl_defaults = { */ static SSLVersionRange versions_defaults_stream = { SSL_LIBRARY_VERSION_3_0, - SSL_LIBRARY_VERSION_TLS_1_0 + SSL_LIBRARY_VERSION_TLS_1_2 }; static SSLVersionRange versions_defaults_datagram = { SSL_LIBRARY_VERSION_TLS_1_1, - SSL_LIBRARY_VERSION_TLS_1_1 + SSL_LIBRARY_VERSION_TLS_1_2 }; #define VERSIONS_DEFAULTS(variant) \ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 34efdea0..effeaacc 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.17.2.1" +#define NSSUTIL_VERSION "3.18.0.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 17 -#define NSSUTIL_VPATCH 2 +#define NSSUTIL_VMINOR 18 +#define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/pkg/solaris/common_files/copyright b/security/nss/pkg/solaris/common_files/copyright index 988939bb..c5534908 100644 --- a/security/nss/pkg/solaris/common_files/copyright +++ b/security/nss/pkg/solaris/common_files/copyright @@ -1,38 +1,6 @@ Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this package are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this package except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape Portable Runtime (NSPR). - -The Initial Developer of the Original Code is -Netscape Communications Corporation. -Portions created by the Initial Developer are Copyright (C) 1998-2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index c0d2ba91..a92ac938 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -301,7 +301,7 @@ fi # following test for modutil should check for that instead. # Exception: when building softoken only, shlibsign is the # last file created. -if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then +if [ "${NSS_BUILD_SOFTOKEN_ONLY}" = "1" ]; then LAST_FILE_BUILT=shlibsign else LAST_FILE_BUILT=modutil diff --git a/security/nss/tests/chains/scenarios/realcerts.cfg b/security/nss/tests/chains/scenarios/realcerts.cfg index 38e2ae2b..d2a8c714 100644 --- a/security/nss/tests/chains/scenarios/realcerts.cfg +++ b/security/nss/tests/chains/scenarios/realcerts.cfg @@ -21,7 +21,7 @@ verify TestUser51:x result pass verify PayPalEE:x - policy OID.2.16.840.1.113733.1.7.23.6 + policy OID.2.16.840.1.114412.1.1 result pass verify BrAirWaysBadSig:x diff --git a/security/nss/tests/chains/scenarios/scenarios b/security/nss/tests/chains/scenarios/scenarios index 3a704754..d26c3f92 100644 --- a/security/nss/tests/chains/scenarios/scenarios +++ b/security/nss/tests/chains/scenarios/scenarios @@ -1,47 +1,6 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Network Security Services (NSS) -# -# The Initial Developer of the Original Code is Sun Microsystems, Inc. -# Portions created by the Initial Developer are Copyright (C) 2009 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# Slavomir Katuscak , Sun Microsystems -# Ryan Sleevi , Google -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -# -# Scenario ocspd.cfg will always be processed first, -# regardless of its presence in this list. -# -# Scenario method.cfg will always be processed, regardless of its presence -# in this list, and will be processed twice, once with httpserv -O get -# and once with -O post. Because method.cfg will be executed with both -# classic and libpkix engines, it must not contain any policy checks. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. # bridge.cfg megabridge_3_2.cfg diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh index 12e78e18..1d2561d9 100644 --- a/security/nss/tests/cipher/cipher.sh +++ b/security/nss/tests/cipher/cipher.sh @@ -124,7 +124,7 @@ cipher_cleanup() # built and the cipher suite run as part of an nss-softoken build. if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then echo "bltest not built, skipping this test." >> ${LOGFILE} - res = 0 + res=0 html_msg $res $EXP_RET "$TESTNAME" return 0 fi diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index b3d44b03..08ac583b 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -225,7 +225,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then } html_msg() { - if [ "$1" -ne "$2" ] ; then + if [ $1 -ne $2 ] ; then html_failed "$3" "$4" else html_passed "$3" "$4" diff --git a/security/nss/tests/dbtests/dbtests.sh b/security/nss/tests/dbtests/dbtests.sh index b09a2bad..7b1ee351 100644 --- a/security/nss/tests/dbtests/dbtests.sh +++ b/security/nss/tests/dbtests/dbtests.sh @@ -168,19 +168,29 @@ dbtest_main() cat $RONLY_DIR/* > /dev/null fi - ${BINDIR}/dbtest -d $RONLY_DIR + # skipping the next two tests when user is root, + # otherwise they would fail due to rooty powers + if [ $UID -ne 0 ]; then + ${BINDIR}/dbtest -d $RONLY_DIR ret=$? if [ $ret -ne 46 ]; then - html_failed "Dbtest r/w succeeded in an readonly directory $ret" + html_failed "Dbtest r/w succeeded in a readonly directory $ret" else html_passed "Dbtest r/w didn't work in an readonly dir $ret" fi - ${BINDIR}/certutil -D -n "TestUser" -d . + else + html_passed "Skipping Dbtest r/w in a readonly dir because user is root" + fi + if [ $UID -ne 0 ]; then + ${BINDIR}/certutil -D -n "TestUser" -d . ret=$? if [ $ret -ne 255 ]; then - html_failed "Certutil succeeded in deleting a cert in an readonly directory $ret" + html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret" else - html_passed "Certutil didn't work in an readonly dir $ret" + html_passed "Certutil didn't work in an readonly dir $ret" + fi + else + html_passed "Skipping Certutil delete cert in a readonly directory test because user is root" fi Echo "test opening the database ronly in a readonly directory" diff --git a/security/nss/tests/iopr/server_scr/config b/security/nss/tests/iopr/server_scr/config index 19821c79..9e65b926 100644 --- a/security/nss/tests/iopr/server_scr/config +++ b/security/nss/tests/iopr/server_scr/config @@ -1,37 +1,6 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Network Security Services (NSS) -# -# The Initial Developer of the Original Code is Sun Microsystems, Inc. -# Portions created by the Initial Developer are Copyright (C) 2006-2009 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. certDir=/iopr caCertName=TestCA diff --git a/security/nss/tests/libpkix/certs/PayPalEE.cert b/security/nss/tests/libpkix/certs/PayPalEE.cert index 17eaa64bcb10941a38b71bb13e210687b13a62d2..a826a1da252f02cf2d1612d88b5e85356cce7810 100644 GIT binary patch literal 1382 zcmXqLVofq=V)0tQ%*4pVB*2&II5FqN`AxH{g9;g0cO5a{W#iOp^Jx3d%gD&h%3x4n z$Zf#M#vIDRCd?EXY$$3V4B~JJ^SETDXF8`Al_+@TB^yc_h=YW=g$2sX%k@%#QprFm zz2y8{Lwy5XkQB498eB)Phog~#M`n74f@5)UX;ETca;idbYEfBgk%F_Mft)z6p^2f9 zp^*U?L;<;GKrRr2_)!M6s4fyV5CoaeABz0YcBdS_t?BfQU}IVO=;RbuwH%dYji~pIo?2 zy~6j$!v}3vjq|UBx~l*84c4FOtg-gj$>jVL4YTX74l@LFv@O2Syl&r23Dr$5tjAuM zdHwcXeLt5!z`o&+#V()VgSj3`8C7rdSf9*|c+bSl$iTR`iSZ>cM4lSR0|Qr9nMJ}t ztU)9&r1AGOv09O05|C z?-{6qqy<^z3}l*+BB6;7l+2JKg%6~RpONuD3kx$7>jH?Wsw`p#B5WMmY>cd|?97aC z7L!3KNVz;qoxMn(fI0}Yttm>9)mKyE1pItD!}={pAm8#Fe< zlrl21lpB;9sKEFJjBOH7Z{#Nz7oa%Ez!$EHsm&4Q*+ft#Ek;qO56h&WJPOL9@Ei)s zpw5m!|Cbo>fP5kh3U4L@2ITAjEHZ%Efsw(sGSegW+aB-u#?RB|CO)0xwzHTajq_s{ zTc^lk)mOU~#jYv0>d)#DoPF3dedheRhYqZn|5_#Dgx5ZHLxY}7_C5a(L|qg=#`?YV z)W5ScDx4kHh?IUmDe#5eBBD5}B|?6sVXcOH!Hj$M*BP3Y#puNvPV-`GTC{*^>fikL zXL*@87N7)p+PDE6c^t1-qv?GQYm~;E8Rx zW3O%1{SOB-@|`mt_R2}tg|G5-*3kOc^PP7|R*yt!_L4Kp^`9zUZ0xzR=L>_+H*@C2 oiN>2=iJEu>H+zKV7=POS`}3by_jxZo@?_kieA2e+i literal 1531 zcmZ`(c~BEq9M0Qp5+H=bT?1+(E3G0R;cXxUD2IrQ$arK3p+Kp!#syMB5;wspQk8(Q zwxWnbTU${C$0;7zj#E2O5v)ZK8EjP?r%}8`rk+rhL7jFNg%La5zxH>(-}k=nLA&5N zw4>K*`3OJ|FRazJM&n!1dNH!QEyL}nl~5vd4RRzqo=X4_2zaoxnG{1;AzzCMF+{5& zec(jSaKk*(X-2Qn=NV@a^Nl(==?7(8K#WO814J5AWU&&9XsgY{6p$ansMiUKG@2>2 z5T;zB$U+m8mB_bR&6eoUP@ByrU&(g0uwCUkQ(-7$rihukKo~)WLj_mN$AZVYCmJY= zg$N^(R#|D|a(X$DP8syeDXZROBs7`@L}CJ*>LVc)P^D19kuQri!&x&z5vGh%MrA=e zkdPSk7K(#~00nkc32-=W5eFKTa=OvBSREWL5>`Ob-G|~iR=owCdR0zNN?!L zWr}bY4P_)!Oct7yLY#BC;t~a0MJysn7G8~&oCq<_?}odpsnu%A@a9H*p_FrranEFv z#i}>v5t<^i*~C~!FOiRXaFCm+)n>}T0nP&A|26@DfXBB3Paf-cL+k+X_EpQ{%7=5b zr32dv2gB*;_CKC|zP~axa`qMcq;6<;Pv?()?uYAF^;~iWZXVuJvFrqzWJ_-!`X>AF z=@vQOXn(R#m0UA_hd6jzmAJouQ>MT3WWq14&Z(*ek0s~p;tmYP!u0&v4@+v!2e_DD zJm@$?t0nhDp2ecudj6+PnRI*Aw$ukLG0x_`>9dY4%gZ&bcHXZz43E%5iBIe0JF{Dx z9ea(tf1dxR7q#w|bIH00-kk$y8)W$%CDrm%`5D?TAM{@DEIn{^{cp0Xvhct0g#m|7 zl&R}(UM!rUtmzV;K_9L7;rfxU3h^y%CGP#dR#Did5F>R1&-dux|GkfQD8dIkP;Uo& zSVU^zBo4&mvfvQ?%ZJ2}P)w>`!Pp-H{kS3T zqb$qT<1fEZH}7hip0!51VR1E2x3xc`AQ6^~CIf()p%I3R+7LLVy}Oi2XEBf43dWA5 zBmc#K(o^HI$Iy9=0nNNkWA+_mX$*L&*K-56YT~|gzkhdfe1oy)dl*d=c?Q1eB0g8XT6tj`f6p2&SjwF zQ84^0>0slzXNT=E(XWaeWYEDiDLEfibZW{^RP+|w(&Fc(bS=41rwrI=2+sZ>;=<*- zf5m?tKkwD=p{Y%(mR?@y#i!G9%4?42KiTQu+jqaQH@8x>Q9HC*ib?#<^?vP(BL}?K zEj0vv(%Vq1?W>pV;$=u*-ktF?i?!CzdS{(qTN0T!G@v+!XOTpFpo=SdZu$~QHg?QUb3O2fjCH*TUemHyj(8@D3uJ9 z(o4?IHPklH1W7RqE5UVmWTs~*I2IR|7A58-rz*IHDFo%`mnb+p8pw(B8X6lK7#SHF z82~|)IIocf64#)BQrGAk=t5kh26s)chog}Knv;T4i^@`qKrU)xR6-6CMpg#qCPsb+ zpg0#(6C)$Twg>u$RM<}BvczA1&y~Wqsa8oXRcxJ;!|Zc+=FcxxYQ+Ag`%e+pmJ z6#3AwEr*!2)?b+Mj@#k-kqg#ECq(AGpRiGI<+@8Jb~szzwxWesTb{xMOw~L7_oU1J4`}F!Gjy0uA z=IlBvzDdr-G_^ih)$*bY*Q{h|$w?&{T;_)k1$msdj9RqqVeG-X3lw%JE}E>CFXE-> zc>Hbd>`xy0pP9cd%9s?aANQDvnUR5UaTB8_FhpDpgn)r7E6m9FpM}GK4M;IDG8piI z#P~sCEWjk!W*`gVtFnk0h_G>JvoW%=vNJQnSxg2dFg7D2i-v)kfeMUoz}O~{QBqQ1 zrLUi#TwH*X$_%_ghRU#*(C=); zJgL8}r#)AFQtzHw^v7=1RY&eySIrjgm&tSYtdG0tQNw)mZ@1@y8EQ@rudhuKT#~{S z9&+TX>@}vi>^1L>G|Unz`V}_$`v3g~t!xJSx$FJ@hqKOAdE0te`}eZa6>D_G-q%*D zZ+d-bE;swDRjrp97b|EuMmlR;YJ9xv+nZ|Z@@)=D4Xlo?jPJ$S?Cu>fo}GRcMufI$miByN&9u`3D}onV$JQ=JNMI zCT2zk#>GvHmw+L14xCtJ`B=nQME-OI?3%YzHL5za)qg5Oa{tSSY-a-@U{Q2ej}nG6P61{!P}+HAm_!p_7fCWA9>lM9L=+T|hI7Z@zi zYtsQK2c`tqu;A3>(xOz|ZfO>87Laa8?dvnYV$EONwJ9Z zKfNr~wx+i)`|$aOtScT8I@OYT2C8DpP^abOr{|+OsjL_*1~N$#9B?E;eat1Pn zQU(%00bm{#1ZPcSXGbFg6AN8KT@!Pl-=U!dbgQ9(zJV@`Z@}25h#n02$;AaImKw-| zY*J>CFc51HslS}M{LtMuyFVCkes;F}#kAho&=@)00}Cx+x@TmVw&+*=GuyXUw9jo9 zwLehA9N)c5Y=Y|dL(MmimzpGJ2nF*5cUGSa<6M5&%*BuILQ>M^wqGw6&NfN!4OSAj z`@7~{x}Ni+*m~oZPm2l;m~#EwXB&=&JGX4Qr~C23HxGG{!thON3?EKc zQ9dagTk_QHJ!j3lhcgYiI4Y(43+Iccov=9nu4no-ww=XpPcBb6_%vawYN_tcOv5*4 zryX8g_V-1J%Nn7bzWW1T?7ZUQr+#{!!o@nRnr+GM^U8KjzaaLUJ16(MbG|XRra}3y zxj(=9?I_!PR$|Lfh4;3%pPgDe`-0!4_LaQLT#5tk7DT^YTj#Y$>FNr#Cx==Ucy9s# Da6$|! diff --git a/security/nss/tests/libpkix/certs/PayPalRootCA.cert b/security/nss/tests/libpkix/certs/PayPalRootCA.cert index ea6402037fbb5eb28a1292e380d4af041e734103..dae0196507d9166bbf9de6ed93ed5bd91d2a6f7c 100644 GIT binary patch literal 969 zcmXqLVm@ln#I$w+GZP~dlK|727_}^JhuQtym7mtRsg@h?vTHrk&& ztLnL}Q0ws3DJJQQxMViOXD)Ntcx3yg{tGjftaOaDx_oEKHJjTd7E8R&_^LL2_gWe( zWby8^XKvxdy5w!Em&G4m((=PUDRAG9qi=3oOnS`rlw%^#5e>)C->0KGMe7P*nC|y2 z;KS3U1MC5c*hY*|CU8utq&? zd&l;QPp7z6SghtsIkZ15c52JPg{pGxu~Grt3PNWbcjs{jTI}#X&BV;ez_>WsAklyi z7{#*ujEw(TSb)i@&43@o7Y6ZJ4VZzHfh)yU1V#fRgNzj0^gGw*%(v-CW8(-{yshZ|Lo0pNehH&82Z8W| zU7xFN3a0j%{+jp4b?dyFK8D^qCcbdi>Dyd!?)Ky0%ED_;6{j%X3T>aIlJc!9?aaM7 z=4V%!Y|Nakd}3aOl6Haf<4||QM9KFNM_cv%48AQe6jMI&{86fy@#+0i(hF>VoQmr< z>`vh5)a7A|3EF<-C)bRNqVe;E_SKjrTkLgNQvXCvo9oE*Ox~A0j}8cg?>JE=G%@s( zN9K(^T1?UWE>{!`Z-3cUpcXqJVcs5ZaZdd$r{$b8PO_^XycF~OmEz6}p*c2l_Rss% i5HmaZ>>Kx0s_N+r%s(?U)rMSO`QxRY@Z$0p@?HQubYDLJ literal 1249 zcmXqLV!3P3#NxJqnTe5!Ng(3$yckApNq5DSeNWy!__5!BmyJ`a&7D}zD2 zA-4f18*?ZNn=n&ou%WntD2T%)%omnglo_0vo~NVWnU}0*Xl`H%lHeBBbIwUDE>1phm1XMI45TXd0*;(Q4r{Ru`{#!c)_>LcZ5oA zSI2sXU7ogIw0z-)FN;(^t(TdUF7fmW8_W9%JD)H-xofpm@;}qAFE;NUbiX$5e)Hw} znor+8*si}@I?-5CR>t9UiHfA+%A8T*YKCSCr@C#K@CT2zk#>GvHD}W)g#DE_df@d?xW#iCh1Ey?tMjn<#gZPE93!)7o4Z;mV#W;cKG(A;6Ju}Tf z(LmmSosCtSkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p=Vos*xQk7{{YF<1;_ zk}b%31r{>{69XeQ79f+s0O)#{8<-fyWI(1A1HDjQUXE%?azQaTMa%NBh_Q&&Urt?q z=;was?MHUcDXU7Yuc_HpZC|o uZd$QJyGd4ypW%v2i+0-hvE4nrsb<~7tMlbbo~nE}|77+X)mLZVd; Date: Wed, 11 Jul 2018 23:41:23 +0800 Subject: [PATCH 10/20] PSM: Show protocol version in cipherName --- .../pki/resources/content/PageInfoOverlay.xul | 19 ++++++++++++++++-- security/manager/ssl/public/nsISSLStatus.idl | 1 + security/manager/ssl/src/nsNSSCallbacks.cpp | 20 ++++++++++++++++++- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/security/manager/pki/resources/content/PageInfoOverlay.xul b/security/manager/pki/resources/content/PageInfoOverlay.xul index cf64df95..65850b79 100644 --- a/security/manager/pki/resources/content/PageInfoOverlay.xul +++ b/security/manager/pki/resources/content/PageInfoOverlay.xul @@ -100,11 +100,26 @@ issuerName = this.mapIssuerOrganization(cert.issuerOrganization); if (!issuerName) issuerName = cert.issuerName; - + + var protocolVersion = " (unknown)"; + switch(status.protocolVersion) { + case 0: + protocolVersion = " (SSL3)"; + break; + case 1: + protocolVersion = " (TLS1.0)"; + break; + case 2: + protocolVersion = " (TLS1.1)"; + break; + case 3: + protocolVersion = " (TLS1.2)"; + break; + } return { hostName : hName, cAName : issuerName, - encryptionAlgorithm : status.cipherName, + encryptionAlgorithm : status.cipherName+protocolVersion, encryptionStrength : status.secretKeyLength, isBroken : isBroken, cert : cert diff --git a/security/manager/ssl/public/nsISSLStatus.idl b/security/manager/ssl/public/nsISSLStatus.idl index da0a0242..b42c4ad7 100644 --- a/security/manager/ssl/public/nsISSLStatus.idl +++ b/security/manager/ssl/public/nsISSLStatus.idl @@ -47,4 +47,5 @@ interface nsISSLStatus : nsISupports { readonly attribute string cipherName; readonly attribute unsigned long keyLength; readonly attribute unsigned long secretKeyLength; + readonly attribute unsigned long protocolVersion; }; diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp index 6750a9b2..c1d0294a 100644 --- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -659,6 +659,7 @@ public: nsCOMPtr mServerCert; PRUint32 mKeyLength; PRUint32 mSecretKeyLength; + PRUint32 mProtocolVersion; nsXPIDLCString mCipherName; }; @@ -693,6 +694,16 @@ nsSSLStatus::GetSecretKeyLength(PRUint32* _result) return NS_OK; } +NS_IMETHODIMP +nsSSLStatus::GetProtocolVersion(PRUint32* _result) +{ + NS_ASSERTION(_result, "non-NULL destination required"); + + *_result = mProtocolVersion; + + return NS_OK; +} + NS_IMETHODIMP nsSSLStatus::GetCipherName(char** _result) { @@ -704,7 +715,7 @@ nsSSLStatus::GetCipherName(char** _result) } nsSSLStatus::nsSSLStatus() -: mKeyLength(0), mSecretKeyLength(0) +: mKeyLength(0), mSecretKeyLength(0), mProtocolVersion(0) { } @@ -867,6 +878,13 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) { status->mSecretKeyLength = encryptBits; status->mCipherName.Adopt(cipherName); + SSLChannelInfo channelInfo; + if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) { + // Get the protocol version + // 0=ssl3, 1=tls1, 2=tls1.1, 3=tls1.2 + status->mProtocolVersion = channelInfo.protocolVersion & 0xFF; + } + infoObject->SetSSLStatus(status); } From 44b7f056d9ee73c47b56a5b55254e89e09be3a14 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Thu, 12 Jul 2018 21:44:51 +0800 Subject: [PATCH 11/20] cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 --- security/nss/cmd/bltest/blapitest.c | 35 +- security/nss/cmd/certcgi/certcgi.c | 152 +- security/nss/cmd/certutil/certext.c | 13 +- security/nss/cmd/certutil/certutil.c | 88 +- security/nss/cmd/certutil/keystuff.c | 138 +- security/nss/cmd/checkcert/checkcert.c | 40 +- security/nss/cmd/crlutil/crlgen.c | 15 +- security/nss/cmd/crlutil/crlutil.c | 8 +- security/nss/cmd/crmftest/testcrmf.c | 30 +- security/nss/cmd/fipstest/fipstest.c | 81 +- security/nss/cmd/httpserv/httpserv.c | 5 +- security/nss/cmd/lib/basicutil.c | 4 +- security/nss/cmd/lib/derprint.c | 2 +- security/nss/cmd/lib/pk11table.c | 10 +- security/nss/cmd/lib/pk11table.h | 4 +- security/nss/cmd/lib/secutil.c | 32 +- security/nss/cmd/modutil/error.h | 22 +- security/nss/cmd/modutil/install.c | 7 +- security/nss/cmd/modutil/installparse.c | 4 +- security/nss/cmd/modutil/lex.Pk11Install_yy.c | 2 + security/nss/cmd/modutil/manifest.mn | 2 +- security/nss/cmd/modutil/modutil.c | 21 + security/nss/cmd/multinit/multinit.c | 23 +- security/nss/cmd/ocspclnt/ocspclnt.c | 4 +- security/nss/cmd/ocspresp/ocspresp.c | 50 +- security/nss/cmd/oidcalc/oidcalc.c | 4 +- security/nss/cmd/p7env/p7env.c | 2 - security/nss/cmd/pk11gcmtest/pk11gcmtest.c | 12 +- security/nss/cmd/pk11mode/pk11mode.c | 8 +- security/nss/cmd/pk12util/pk12util.c | 2 +- security/nss/cmd/pk1sign/pk1sign.c | 2 +- security/nss/cmd/pp/pp.c | 9 +- security/nss/cmd/sdrtest/sdrtest.c | 4 +- security/nss/cmd/selfserv/selfserv.c | 118 +- security/nss/cmd/shlibsign/shlibsign.c | 12 +- security/nss/cmd/signtool/certgen.c | 3 +- security/nss/cmd/signtool/util.c | 6 +- security/nss/cmd/ssltap/ssltap.c | 22 +- security/nss/cmd/strsclnt/strsclnt.c | 15 +- security/nss/cmd/symkeyutil/symkeyutil.c | 3 +- security/nss/cmd/tstclnt/tstclnt.c | 13 +- security/nss/cmd/vfychain/vfychain.c | 2 +- security/nss/cmd/vfyserv/vfyserv.c | 2 +- security/nss/cmd/vfyserv/vfyutil.c | 2 +- security/nss/coreconf/Linux.mk | 46 +- security/nss/coreconf/WIN32.mk | 26 +- security/nss/coreconf/rules.mk | 20 +- security/nss/doc/certutil.xml | 10 + security/nss/doc/html/certutil.html | 6 +- security/nss/doc/nroff/certutil.1 | 14 +- security/nss/lib/base/list.c | 3 +- security/nss/lib/base/tracker.c | 2 +- security/nss/lib/certdb/certdb.c | 40 +- security/nss/lib/certdb/crl.c | 21 +- security/nss/lib/certdb/genname.c | 26 +- security/nss/lib/certdb/secname.c | 8 - security/nss/lib/certhigh/certhigh.c | 7 +- security/nss/lib/certhigh/certvfypkix.c | 6 +- security/nss/lib/certhigh/ocsp.c | 13 +- security/nss/lib/certhigh/xcrldist.c | 3 - security/nss/lib/ckfw/builtins/binst.c | 7 +- security/nss/lib/ckfw/builtins/certdata.perl | 1 - security/nss/lib/ckfw/builtins/ckbiver.c | 13 +- security/nss/lib/ckfw/builtins/config.mk | 3 - security/nss/lib/ckfw/builtins/nssckbi.h | 4 +- security/nss/lib/ckfw/capi/ckcapiver.c | 13 +- security/nss/lib/ckfw/capi/config.mk | 3 - security/nss/lib/ckfw/hash.c | 4 +- security/nss/lib/ckfw/nssmkey/ckmkver.c | 13 +- security/nss/lib/ckfw/token.c | 3 +- security/nss/lib/crmf/cmmfchal.c | 3 +- security/nss/lib/crmf/crmfcont.c | 16 +- security/nss/lib/crmf/crmfi.h | 2 +- security/nss/lib/crmf/crmfpop.c | 9 +- security/nss/lib/crmf/crmftmpl.c | 29 - security/nss/lib/cryptohi/keyhi.h | 5 + security/nss/lib/cryptohi/seckey.c | 103 +- security/nss/lib/dbm/config/config.mk | 4 - security/nss/lib/dbm/include/cdefs.h | 126 -- security/nss/lib/dbm/include/manifest.mn | 4 +- security/nss/lib/dbm/include/mcom_db.h | 6 - security/nss/lib/dbm/include/mpool.h | 97 -- security/nss/lib/dbm/src/h_bigkey.c | 4 +- security/nss/lib/dbm/src/h_func.c | 10 +- security/nss/lib/dbm/src/h_page.c | 30 +- security/nss/lib/dbm/src/hash.c | 32 +- security/nss/lib/dbm/src/hash_buf.c | 2 +- security/nss/lib/dbm/src/memmove.c | 5 - security/nss/lib/dbm/src/snprintf.c | 22 - security/nss/lib/dev/devslot.c | 3 - security/nss/lib/dev/devtoken.c | 3 +- security/nss/lib/freebl/cts.c | 2 +- security/nss/lib/freebl/dh.c | 20 +- security/nss/lib/freebl/drbg.c | 50 +- security/nss/lib/freebl/dsa.c | 2 +- security/nss/lib/freebl/ec.c | 9 + security/nss/lib/freebl/ecl/ecl-priv.h | 27 +- security/nss/lib/freebl/ecl/ecl_gf.c | 156 +- security/nss/lib/freebl/ecl/ecl_mult.c | 4 +- security/nss/lib/freebl/ecl/ecp_192.c | 112 +- security/nss/lib/freebl/ecl/ecp_224.c | 160 +- security/nss/lib/freebl/ecl/ecp_256.c | 297 ++-- security/nss/lib/freebl/ecl/ecp_521.c | 2 +- security/nss/lib/freebl/ecl/ecp_jac.c | 21 +- security/nss/lib/freebl/ecl/ecp_jm.c | 4 +- security/nss/lib/freebl/freeblver.c | 10 +- security/nss/lib/freebl/ldvector.c | 8 +- security/nss/lib/freebl/loader.c | 15 +- security/nss/lib/freebl/md5.c | 2 +- security/nss/lib/freebl/mpi/mpcpucache.c | 29 +- security/nss/lib/freebl/mpi/mpi-priv.h | 4 +- security/nss/lib/freebl/mpi/mpi.c | 34 +- security/nss/lib/freebl/mpi/mpi.h | 2 +- security/nss/lib/freebl/mpi/mplogic.c | 4 +- security/nss/lib/freebl/mpi/mplogic.h | 2 +- security/nss/lib/freebl/mpi/mpmontg.c | 2 +- security/nss/lib/freebl/mpi/mpprime.c | 2 +- security/nss/lib/freebl/nsslowhash.c | 7 +- security/nss/lib/freebl/pqg.c | 20 +- security/nss/lib/freebl/rsa.c | 2 +- security/nss/lib/freebl/sha_fast.c | 2 - security/nss/lib/freebl/sha_fast.h | 1 + security/nss/lib/freebl/stubs.c | 4 +- security/nss/lib/jar/jarfile.c | 29 +- security/nss/lib/jar/jarsign.c | 2 - .../nss/lib/libpkix/include/pkix_certstore.h | 3 +- .../libpkix/pkix/checker/pkix_crlchecker.c | 4 +- .../libpkix/pkix/checker/pkix_crlchecker.h | 4 +- .../libpkix/pkix/checker/pkix_ocspchecker.c | 4 +- .../libpkix/pkix/checker/pkix_ocspchecker.h | 4 +- .../pkix/checker/pkix_revocationchecker.c | 8 +- .../pkix/checker/pkix_revocationchecker.h | 1 + .../pkix/checker/pkix_revocationmethod.h | 4 +- .../libpkix/pkix/crlsel/pkix_crlselector.c | 2 +- .../libpkix/pkix/results/pkix_policynode.c | 2 +- .../nss/lib/libpkix/pkix/store/pkix_store.c | 10 +- .../nss/lib/libpkix/pkix/top/pkix_build.c | 2 +- .../nss/lib/libpkix/pkix/util/pkix_error.c | 2 +- .../nss/lib/libpkix/pkix/util/pkix_logger.c | 2 +- .../nss/lib/libpkix/pkix/util/pkix_tools.h | 4 +- .../module/pkix_pl_httpdefaultclient.c | 12 +- .../pkix_pl_nss/module/pkix_pl_ldaprequest.c | 4 - .../module/pkix_pl_pk11certstore.c | 14 +- .../pkix_pl_nss/module/pkix_pl_socket.c | 11 +- .../libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 2 - .../lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c | 2 +- .../pkix_pl_nss/system/pkix_pl_lifecycle.c | 8 +- .../pkix_pl_nss/system/pkix_pl_object.c | 2 +- security/nss/lib/nss/nss.def | 8 +- security/nss/lib/nss/nss.h | 4 +- security/nss/lib/nss/nssinit.c | 15 +- security/nss/lib/nss/nssver.c | 10 +- security/nss/lib/pk11wrap/pk11cert.c | 11 +- security/nss/lib/pk11wrap/pk11load.c | 4 + security/nss/lib/pk11wrap/pk11merge.c | 3 +- security/nss/lib/pk11wrap/pk11obj.c | 2 - security/nss/lib/pk11wrap/pk11pk12.c | 4 - security/nss/lib/pk11wrap/pk11skey.c | 2 + security/nss/lib/pk11wrap/pk11slot.c | 18 +- security/nss/lib/pkcs12/p12d.c | 2 +- security/nss/lib/pkcs12/p12e.c | 7 +- security/nss/lib/pkcs7/p7decode.c | 3 - security/nss/lib/pkcs7/p7encode.c | 5 +- security/nss/lib/pkcs7/p7local.c | 2 +- security/nss/lib/pki/certificate.c | 3 +- security/nss/lib/pki/pki3hack.c | 4 +- security/nss/lib/pki/pkibase.c | 15 +- security/nss/lib/pki/tdcache.c | 8 +- security/nss/lib/pki/trustdomain.c | 5 +- security/nss/lib/smime/cmsasn1.c | 4 - security/nss/lib/smime/cmscipher.c | 2 +- security/nss/lib/smime/cmsencode.c | 5 - security/nss/lib/smime/cmsmessage.c | 32 +- security/nss/lib/smime/cmsrecinfo.c | 4 - security/nss/lib/smime/cmsudf.c | 6 +- security/nss/lib/smime/smimeutil.c | 9 +- security/nss/lib/smime/smimever.c | 10 +- security/nss/lib/softoken/legacydb/keydb.c | 40 +- security/nss/lib/softoken/legacydb/lgattr.c | 7 - security/nss/lib/softoken/legacydb/lginit.c | 20 +- security/nss/lib/softoken/legacydb/pcertdb.c | 90 +- security/nss/lib/softoken/lowpbe.c | 2 +- security/nss/lib/softoken/pkcs11.c | 19 +- security/nss/lib/softoken/pkcs11c.c | 135 +- security/nss/lib/softoken/pkcs11i.h | 9 +- security/nss/lib/softoken/pkcs11u.c | 7 +- security/nss/lib/softoken/sdb.c | 10 +- security/nss/lib/softoken/sftkdb.c | 34 +- security/nss/lib/softoken/sftkhmac.c | 14 +- security/nss/lib/softoken/sftkpwd.c | 15 +- security/nss/lib/softoken/softkver.c | 10 +- security/nss/lib/softoken/softkver.h | 4 +- security/nss/lib/softoken/tlsprf.c | 15 +- security/nss/lib/sqlite/Makefile | 5 + security/nss/lib/sqlite/sqlite3.c | 10 +- security/nss/lib/ssl/SSLerrs.h | 12 + security/nss/lib/ssl/dhe-param.c | 413 ++++++ security/nss/lib/ssl/dtlscon.c | 10 +- security/nss/lib/ssl/ssl.def | 19 + security/nss/lib/ssl/ssl.h | 106 +- security/nss/lib/ssl/ssl3con.c | 1314 +++++++++++------ security/nss/lib/ssl/ssl3ecc.c | 23 +- security/nss/lib/ssl/ssl3ext.c | 192 +-- security/nss/lib/ssl/ssl3gthr.c | 4 +- security/nss/lib/ssl/ssl3prot.h | 30 +- security/nss/lib/ssl/sslauth.c | 3 +- security/nss/lib/ssl/sslcon.c | 40 +- security/nss/lib/ssl/sslenum.c | 3 + security/nss/lib/ssl/sslerr.h | 7 + security/nss/lib/ssl/sslimpl.h | 79 +- security/nss/lib/ssl/sslinfo.c | 47 +- security/nss/lib/ssl/sslmutex.c | 2 +- security/nss/lib/ssl/sslmutex.h | 9 +- security/nss/lib/ssl/sslproto.h | 2 + security/nss/lib/ssl/sslsecur.c | 22 +- security/nss/lib/ssl/sslsnce.c | 7 + security/nss/lib/ssl/sslsock.c | 248 +++- security/nss/lib/ssl/sslt.h | 52 +- security/nss/lib/ssl/sslver.c | 10 +- security/nss/lib/util/derdec.c | 2 +- security/nss/lib/util/derenc.c | 3 +- security/nss/lib/util/manifest.mn | 1 + security/nss/lib/util/nssb64e.c | 2 +- security/nss/lib/util/nssrwlk.c | 2 +- security/nss/lib/util/nssutil.h | 4 +- security/nss/lib/util/pkcs11t.h | 47 + security/nss/lib/util/quickder.c | 14 +- security/nss/lib/util/secoid.c | 19 +- security/nss/lib/util/secport.c | 6 +- security/nss/lib/util/secport.h | 7 + security/nss/lib/util/utilmod.c | 2 +- security/nss/lib/util/verref.h | 40 + security/nss/tests/cert/cert.sh | 305 +++- security/nss/tests/ssl/ssl.sh | 11 +- security/nss/tests/ssl/sslcov.txt | 11 + security/nss/tests/ssl/sslstress.txt | 31 + 236 files changed, 4268 insertions(+), 2567 deletions(-) delete mode 100644 security/nss/lib/dbm/include/cdefs.h delete mode 100644 security/nss/lib/dbm/include/mpool.h create mode 100644 security/nss/lib/ssl/dhe-param.c create mode 100644 security/nss/lib/util/verref.h diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 77619180..81c3061b 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -56,8 +56,7 @@ char *testdir = NULL; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ + PRInt64 tmp; \ if (time2 == 0) { \ time2 = 1; \ } \ @@ -313,7 +312,6 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; - SECStatus status; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i=0; ilen >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); + NSSBase64Encoder_Update(cx, len, 4); + NSSBase64Encoder_Update(cx, it->data, it->len); } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); + NSSBase64Encoder_Destroy(cx, PR_FALSE); + PR_Write(file, "\r\n", 2); } void @@ -1436,7 +1434,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) int minorMode; int i; int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; + unsigned int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; @@ -1635,6 +1633,8 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; + default: + break; } return SECSuccess; } @@ -2569,8 +2569,6 @@ printPR_smpString(const char *sformat, char *reportStr, fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { - int prnRes; - LL_L2I(prnRes, rNum); fprintf(stdout, nformat, rNum); } } @@ -2791,8 +2789,8 @@ mode_str_to_hash_alg(const SECItem *modeStr) case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; + default: return HASH_AlgNULL; } - return HASH_AlgNULL; } void @@ -3004,7 +3002,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; - int i, j, nummodes, numtests; + unsigned int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; @@ -3457,13 +3455,12 @@ static secuCommandFlag bltest_options[] = int main(int argc, char **argv) { - char *infileName, *outfileName, *keyfileName, *ivfileName; SECStatus rv = SECFailure; - double totalTime; + double totalTime = 0.0; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; + bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; #ifndef NSS_DISABLE_ECC @@ -3511,8 +3508,6 @@ int main(int argc, char **argv) cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; /* Check the number of commands entered on the command line. */ commandsEntered = 0; @@ -3712,8 +3707,10 @@ int main(int argc, char **argv) fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); - print_usage: - PORT_Free(cipherInfo); +print_usage: + if (cipherInfo) { + PORT_Free(cipherInfo); + } Usage(); } diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 9bfa4e86..889de254 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -356,81 +356,6 @@ find_field_bool(Pair *data, } } -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) @@ -527,10 +452,6 @@ MakeV1Cert(CERTCertDBHandle *handle, PRExplodedTime printableTime; PRTime now, after; - SECStatus rv; - - - if ( !selfsign ) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { @@ -539,7 +460,7 @@ MakeV1Cert(CERTCertDBHandle *handle, } } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); + (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } @@ -550,7 +471,7 @@ MakeV1Cert(CERTCertDBHandle *handle, PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); + (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime (after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; @@ -591,7 +512,7 @@ get_serial_number(Pair *data) if (ferror(serialFile) != 0) { error_out("Error: Unable to read serial number file"); } - if (serial == 4294967295) { + if (serial == -1) { serial = 21; } fclose(serialFile); @@ -1417,52 +1338,49 @@ string_to_ipaddress(char *string) return ipaddress; } +static int +chr_to_hex(char c) { + if (isdigit(c)) { + return c - '0'; + } + if (isxdigit(c)) { + return toupper(c) - 'A' + 10; + } + return -1; +} + static SECItem * -string_to_binary(char *string) +string_to_binary(char *string) { SECItem *rv; - int high_digit; - int low_digit; rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { + rv->len = 0; + while (*string && !isxdigit(*string)) { string++; } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A' + 10; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string - 'A' + 10; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } + while (*string) { + int high, low; + high = chr_to_hex(*string++); + low = chr_to_hex(*string++); + if (high < 0 || low < 0) { + error_out("ERROR: Improperly formated binary encoding"); + } + rv->data[(rv->len)++] = high << 4 | low; + if (*string != ':') { + break; + } + ++string; + } + while (*string == ' ') { + ++string; + } + if (*string) { + error_out("ERROR: Junk after binary encoding"); } return rv; diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index a87b4b1f..c36bc2d2 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -987,10 +987,13 @@ AddNameConstraints(void *extHandle) GEN_BREAK(SECFailure); } - PrintChoicesAndGetAnswer("Type of Name Constraint?\n" + if (PrintChoicesAndGetAnswer("Type of Name Constraint?\n" "\t1 - permitted\n\t2 - excluded\n\tAny" "other number to finish\n\tChoice", - buffer, sizeof(buffer)); + buffer, sizeof(buffer)) != SECSuccess) { + GEN_BREAK(SECFailure); + } + intValue = PORT_Atoi(buffer); switch (intValue) { case 1: @@ -1826,11 +1829,13 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) intValue = timeStamping; } } else { - PrintChoicesAndGetAnswer("Enter access method type " + if (PrintChoicesAndGetAnswer("Enter access method type " "for Authority Information Access extension:\n" "\t1 - CA Issuers\n\t2 - OCSP\n\tAny" "other number to finish\n\tChoice", - buffer, sizeof(buffer)); + buffer, sizeof(buffer)) != SECSuccess) { + GEN_BREAK (SECFailure); + } intValue = PORT_Atoi(buffer); } if (addSIAExt) { diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 9bf78b7f..ab22fbca 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -180,7 +180,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, - SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, + SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii, const char *emailAddrs, const char *dnsNames, certutilExtnList extnList, const char *extGeneric, /*out*/ SECItem *result) @@ -270,7 +270,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, } if (!phone) - phone = strdup("(not specified)"); + phone = "(not specified)"; email = CERT_GetCertEmailAddress(subject); if (!email) @@ -323,6 +323,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, } PR_smprintf_free(header); } + PORT_Free(obuf); } else { (void) SECITEM_CopyItem(NULL, result, &signedReq); } @@ -608,6 +609,27 @@ DeleteCert(CERTCertDBHandle *handle, char *name) return rv; } +static SECStatus +RenameCert(CERTCertDBHandle *handle, char *name, char *newName) +{ + SECStatus rv; + CERTCertificate *cert; + + cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); + if (!cert) { + SECU_PrintError(progName, "could not find certificate named \"%s\"", + name); + return SECFailure; + } + + rv = __PK11_SetCertificateNickname(cert, newName); + CERT_DestroyCertificate(cert); + if (rv) { + SECU_PrintError(progName, "unable to rename certificate"); + } + return rv; +} + static SECStatus ValidateCert(CERTCertDBHandle *handle, char *name, char *date, char *certUsage, PRBool checkSig, PRBool logit, @@ -983,6 +1005,8 @@ PrintSyntax(char *progName) "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); + FPS "\t%s --rename -n cert-name --new-n new-cert-name\n" + "\t\t [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", @@ -1549,6 +1573,25 @@ static void luW(enum usage_level ul, const char *command) FPS "\n"); } +static void luRename(enum usage_level ul, const char *command) +{ + int is_my_command = (command && 0 == strcmp(command, "rename")); + if (ul == usage_all || !command || is_my_command) + FPS "%-15s Change the database nickname of a certificate\n", + "--rename"); + if (ul == usage_selected && !is_my_command) + return; + FPS "%-20s The old nickname of the cert to rename\n", + " -n cert-name"); + FPS "%-20s The new nickname of the cert to rename\n", + " --new-n new-name"); + FPS "%-20s Cert database directory (default is ~/.netscape)\n", + " -d certdir"); + FPS "%-20s Cert & Key database prefix\n", + " -P dbprefix"); + FPS "\n"); +} + static void luUpgradeMerge(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "upgrade-merge")); @@ -1711,6 +1754,7 @@ static void LongUsage(char *progName, enum usage_level ul, const char *command) luC(ul, command); luG(ul, command); luD(ul, command); + luRename(ul, command); luF(ul, command); luU(ul, command); luK(ul, command); @@ -2210,6 +2254,7 @@ enum { cmd_Batch, cmd_Merge, cmd_UpgradeMerge, /* test only */ + cmd_Rename, max_cmd }; @@ -2278,6 +2323,7 @@ enum certutilOpts { opt_AddSubjectAltNameExt, opt_DumpExtensionValue, opt_GenericExtensions, + opt_NewNickname, opt_Help }; @@ -2308,7 +2354,9 @@ secuCommandFlag commands_init[] = { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE }, { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" }, { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE, - "upgrade-merge" } + "upgrade-merge" }, + { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE, + "rename" } }; #define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0])) @@ -2394,6 +2442,8 @@ secuCommandFlag options_init[] = "dump-ext-val"}, { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, "extGeneric"}, + { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE, + "new-n"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2419,14 +2469,15 @@ certutil_main(int argc, char **argv, PRBool initialize) PRFileDesc *outFile = PR_STDOUT; SECItem certReqDER = { siBuffer, NULL, 0 }; SECItem certDER = { siBuffer, NULL, 0 }; - char * slotname = "internal"; - char * certPrefix = ""; + const char *slotname = "internal"; + const char *certPrefix = ""; char * sourceDir = ""; - char * srcCertPrefix = ""; + const char *srcCertPrefix = ""; char * upgradeID = ""; char * upgradeTokenName = ""; KeyType keytype = rsaKey; char * name = NULL; + char * newName = NULL; char * email = NULL; char * keysource = NULL; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; @@ -2533,7 +2584,7 @@ certutil_main(int argc, char **argv, PRBool initialize) if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) slotname = NULL; else - slotname = PL_strdup(certutil.options[opt_TokenName].arg); + slotname = certutil.options[opt_TokenName].arg; } /* -Z hash type */ @@ -2593,7 +2644,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* -P certdb name prefix */ if (certutil.options[opt_DBPrefix].activated) { if (certutil.options[opt_DBPrefix].arg) { - certPrefix = strdup(certutil.options[opt_DBPrefix].arg); + certPrefix = certutil.options[opt_DBPrefix].arg; } else { Usage(progName); } @@ -2602,7 +2653,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* --source-prefix certdb name prefix */ if (certutil.options[opt_SourcePrefix].activated) { if (certutil.options[opt_SourcePrefix].arg) { - srcCertPrefix = strdup(certutil.options[opt_SourcePrefix].arg); + srcCertPrefix = certutil.options[opt_SourcePrefix].arg; } else { Usage(progName); } @@ -2785,6 +2836,19 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } + /* Rename needs an old and a new nickname */ + if (certutil.commands[cmd_Rename].activated && + !(certutil.options[opt_Nickname].activated && + certutil.options[opt_NewNickname].activated)) { + + PR_fprintf(PR_STDERR, + "%s --rename: specify an old nickname (-n) and\n" + " a new nickname (--new-n).\n", + progName); + return 255; + } + + /* Upgrade/Merge needs a source database and a upgrade id. */ if (certutil.commands[cmd_UpgradeMerge].activated && !(certutil.options[opt_SourceDir].activated && @@ -2866,6 +2930,7 @@ certutil_main(int argc, char **argv, PRBool initialize) } name = SECU_GetOptionArg(&certutil, opt_Nickname); + newName = SECU_GetOptionArg(&certutil, opt_NewNickname); email = SECU_GetOptionArg(&certutil, opt_Emailaddress); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -3104,6 +3169,11 @@ merge_fail: rv = DeleteCert(certHandle, name); goto shutdown; } + /* Rename cert (--rename) */ + if (certutil.commands[cmd_Rename].activated) { + rv = RenameCert(certHandle, name, newName); + goto shutdown; + } /* Delete key (-F) */ if (certutil.commands[cmd_DeleteKey].activated) { rv = DeleteKey(name, &pwdata); diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 0cdd0343..c62e5637 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -133,64 +133,92 @@ UpdateRNG(void) } static const unsigned char P[] = { 0, - 0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44, - 0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c, - 0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb, - 0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04, - 0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f, - 0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f, - 0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69, - 0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a, - 0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8, - 0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad, - 0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3, - 0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65, - 0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52, - 0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe, - 0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb, - 0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d }; + 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65, + 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd, + 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66, + 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08, + 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b, + 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b, + 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6, + 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83, + 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13, + 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9, + 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5, + 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8, + 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe, + 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63, + 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c, + 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef, + 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e, + 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3, + 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47, + 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f, + 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb, + 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97, + 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d, + 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81, + 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20, + 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c, + 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93, + 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9, + 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60, + 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32, + 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42, + 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 }; static const unsigned char Q[] = { 0, - 0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33, - 0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1, - 0x76, 0x27, 0x03, 0x81 }; + 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3, + 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03, + 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d, + 0x3a, 0x95, 0xf4, 0xf1 }; static const unsigned char G[] = { - 0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5, - 0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04, - 0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47, - 0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c, - 0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35, - 0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50, - 0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30, - 0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e, - 0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd, - 0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b, - 0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95, - 0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87, - 0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20, - 0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb, - 0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37, - 0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 }; + 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62, + 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79, + 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7, + 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc, + 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1, + 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e, + 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54, + 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6, + 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a, + 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8, + 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f, + 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93, + 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83, + 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae, + 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3, + 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb, + 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e, + 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4, + 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58, + 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac, + 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e, + 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1, + 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d, + 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c, + 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a, + 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03, + 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5, + 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac, + 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d, + 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa, + 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd, + 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 }; -/* h: - * 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72: - * c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f: - * bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92: - * 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77: - * aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0: - * b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42: - * db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa: - * 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e - * SEED: - * b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2: - * 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16: - * 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89: - * f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd: - * 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7: - * 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b: - * ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52: - * af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1 - * g: 1024 - * counter: 1003 + +/* P, Q, G have been generated using the NSS makepqg utility: + * makepqg -l 2048 -g 224 -r + * (see also: bug 1170322) + * + * h: 1 (0x1) + * SEED: + * d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f: + * 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63: + * 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38: + * e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36: + * b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c: + * 7c:9e:aa:3e + * g: 672 + * counter: 0 */ static const SECKEYPQGParams default_pqg_params = { diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c index 63beea58..235451c3 100644 --- a/security/nss/cmd/checkcert/checkcert.c +++ b/security/nss/cmd/checkcert/checkcert.c @@ -122,7 +122,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; - SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; @@ -134,8 +133,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; - sigAlgTag = sigAlgOid->offset; - if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); @@ -220,14 +217,12 @@ CERTCertificate *createEmptyCertificate(void) } return c; -} - - +} int main(int argc, char **argv) { - int rv, verbose=0, force=0; + int verbose=0, force=0; int ascii=0, issuerAscii=0; char *progName=0; PRFileDesc *inFile=0, *issuerCertFile=0; @@ -244,6 +239,7 @@ int main(int argc, char **argv) char *inFileName = NULL, *issuerCertFileName = NULL; PLOptState *optstate; PLOptStatus status; + SECStatus rv; PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); @@ -389,7 +385,7 @@ int main(int argc, char **argv) SECU_RegisterDynamicOids(); rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", @@ -405,17 +401,37 @@ int main(int argc, char **argv) printf("\n"); /* Check algorithms */ - SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &rsaEncryption, + rv = SECOID_SetAlgorithmID(arena, &rsaEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_RSA_ENCRYPTION.\n", + progName); + exit(1); + } { int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c index 4eb16f71..1fad3249 100644 --- a/security/nss/cmd/crlutil/crlgen.c +++ b/security/nss/cmd/crlutil/crlgen.c @@ -545,7 +545,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; void *dummy; - void *mark; + void *mark = NULL; int code = 0; PORT_Assert(arena && dataArr); @@ -583,7 +583,9 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease (arena, mark); + if (mark) { + PORT_ArenaRelease (arena, mark); + } return NULL; } @@ -595,7 +597,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; int length = 0; - void *mark; + void *mark = NULL; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { @@ -624,7 +626,9 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease(arena, mark); + if (mark) { + PORT_ArenaRelease(arena, mark); + } return NULL; } @@ -1079,7 +1083,6 @@ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; - PLArenaPool *arena; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { @@ -1087,8 +1090,6 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) return SECFailure; } - arena = crlGenData->signCrl->arena; - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index dd9f4932..d5013714 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -128,7 +128,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; - if (crlNode->crl && &crlNode->crl->crl.derName) { + if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { @@ -698,6 +698,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { + rv = SECFailure; goto loser; } } @@ -705,6 +706,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { + rv = SECFailure; goto loser; } } @@ -721,8 +723,10 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) + if (!signCrl) { + rv = SECFailure; goto loser; + } } rv = UpdateCrl(signCrl, inCrlInitFile); diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c index ce3d7cfb..a1343436 100644 --- a/security/nss/cmd/crmftest/testcrmf.c +++ b/security/nss/cmd/crmftest/testcrmf.c @@ -127,13 +127,17 @@ debug_test(SECItem *src, char *filePath) SECStatus get_serial_number(long *dest) { - SECStatus rv; + SECStatus rv; - if (dest == NULL) { + if (dest == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; - } + } rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); + if (rv != SECSuccess) { + /* PK11_GenerateRandom calls PORT_SetError */ + return SECFailure; + } /* make serial number positive */ if (*dest < 0L) *dest = - *dest; @@ -937,18 +941,6 @@ DoCMMFStuff(void) return rv; } -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - #define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ int @@ -1533,10 +1525,6 @@ main(int argc, char **argv) PRUint32 flags = 0; SECStatus rv; PRBool nssInit = PR_FALSE; - PRBool pArg = PR_FALSE; - PRBool eArg = PR_FALSE; - PRBool sArg = PR_FALSE; - PRBool PArg = PR_FALSE; memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); @@ -1559,7 +1547,6 @@ main(int argc, char **argv) printf ("-p failed\n"); return 603; } - pArg = PR_TRUE; break; case 'e': recoveryEncrypter = PORT_Strdup(optstate->value); @@ -1567,7 +1554,6 @@ main(int argc, char **argv) printf ("-e failed\n"); return 602; } - eArg = PR_TRUE; break; case 's': caCertName = PORT_Strdup(optstate->value); @@ -1575,7 +1561,6 @@ main(int argc, char **argv) printf ("-s failed\n"); return 604; } - sArg = PR_TRUE; break; case 'P': password = PORT_Strdup(optstate->value); @@ -1585,7 +1570,6 @@ main(int argc, char **argv) } pwdata.source = PW_PLAINTEXT; pwdata.data = password; - PArg = PR_TRUE; break; case 'f': pwfile = PORT_Strdup(optstate->value); diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index cdd6b1aa..1561e737 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -288,7 +288,7 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; @@ -997,10 +997,10 @@ aes_kat_mmt(char *reqfn) FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ + int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; /* for all modes except ECB */ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen; @@ -1197,7 +1197,7 @@ aes_ecb_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ unsigned char ciphertext[16]; /* CT[j] */ @@ -1480,7 +1480,7 @@ aes_cbc_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ @@ -2103,7 +2103,7 @@ ecdsa_pkv_test(char *reqfn) ECParams *ecparams = NULL; SECItem pubkey; unsigned int i; - unsigned int len; + unsigned int len = 0; PRBool keyvalid = PR_TRUE; ecdsareq = fopen(reqfn, "r"); @@ -2360,10 +2360,10 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen; /* length in bytes of the field size */ - unsigned int olen; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; + unsigned int msglen = 0; unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2532,43 +2532,6 @@ loser: } #endif /* NSS_DISABLE_ECC */ - -/* - * Read a value from the test and allocate the result. - */ -static unsigned char * -alloc_value(char *buf, int *len) -{ - unsigned char * value; - int i, count; - - if (strncmp(buf, "", 6) == 0) { - *len = 0; - return NULL; - } - - /* find the length of the number */ - for (count = 0; isxdigit(buf[count]); count++); - *len = count/2; - - if (*len == 0) { - return NULL; - } - - value = PORT_Alloc(*len); - if (!value) { - *len = 0; - return NULL; - } - - for (i=0; i<*len; buf+=2 , i++) { - hex_to_byteval(buf, &value[i]); - } - - - return value; -} - PRBool isblankline(char *b) { @@ -2599,7 +2562,9 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; +#if 0 PRBool predictionResistance = PR_FALSE; +#endif unsigned char *nonce = NULL; int nonceLen = 0; unsigned char *personalizationString = NULL; @@ -2722,11 +2687,12 @@ drbg(char *reqfn) continue; } +#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { @@ -2736,6 +2702,7 @@ drbg(char *reqfn) fputs(buf, rngresp); continue; } +#endif if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2990,7 +2957,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -3113,7 +3080,7 @@ rng_mct(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[2*SHA1_LENGTH]; @@ -3416,8 +3383,8 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) void sha_test(char *reqfn) { unsigned int i, j; - unsigned int MDlen; /* the length of the Message Digest in Bytes */ - unsigned int msgLen; /* the length of the input Message in Bytes */ + unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */ + unsigned int msgLen = 0; /* the length of the input Message in Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ size_t bufSize = 25608; /*MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ @@ -3594,18 +3561,18 @@ void hmac_test(char *reqfn) unsigned int i, j; size_t bufSize = 400; /* MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ - unsigned int keyLen; /* Key Length */ + unsigned int keyLen = 0; /* Key Length */ unsigned char key[200]; /* key MAX size = 184 */ unsigned int msgLen = 128; /* the length of the input */ /* Message is always 128 Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ - unsigned int HMACLen; /* the length of the HMAC Bytes */ - unsigned int TLen; /* the length of the requested */ + unsigned int HMACLen = 0; /* the length of the HMAC Bytes */ + unsigned int TLen = 0; /* the length of the requested */ /* truncated HMAC Bytes */ unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */ unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */ /* supplied known answer */ - HASH_HashType hash_alg; /* HMAC type */ + HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */ FILE *req = NULL; /* input stream from the REQUEST file */ @@ -3901,7 +3868,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4234,7 +4201,7 @@ dsa_pqggen_test(char *reqfn) unsigned int j; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; - unsigned int keySizeIndex; + unsigned int keySizeIndex = 0; dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index 875b62bb..b01da4b8 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -339,7 +339,6 @@ static enum { static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; -static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Generic Web Server\r\n" @@ -712,8 +711,8 @@ handle_connection( /* else good status response */ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) { unknown = PR_TRUE; - nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ - revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ + nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ + revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ } } } diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c index d6f09429..77b70b1e 100644 --- a/security/nss/cmd/lib/basicutil.c +++ b/security/nss/cmd/lib/basicutil.c @@ -241,7 +241,7 @@ void SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level) { unsigned i; - int column; + int column = 0; PRBool isString = PR_TRUE; PRBool isWhiteSpace = PR_TRUE; PRBool printedHex = PR_FALSE; @@ -684,7 +684,7 @@ static unsigned char nibble(char c) { SECStatus SECU_SECItemHexStringToBinary(SECItem* srcdest) { - int i; + unsigned int i; if (!srcdest) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index b4eb0ffb..75811df3 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -446,7 +446,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end } lenLen = nb + 1; if (raw) { - int i; + unsigned int i; rv = prettyPrintByte(out, lbyte, lv); if (rv < 0) diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c index d979835a..f76dafe8 100644 --- a/security/nss/cmd/lib/pk11table.c +++ b/security/nss/cmd/lib/pk11table.c @@ -577,7 +577,7 @@ const Constant _consts[] = { }; const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); +const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]); const Commands _commands[] = { {"C_Initialize", F_C_Initialize, @@ -1389,7 +1389,7 @@ const int topicCount = sizeof(_topics) / sizeof(_topics[0]); const char * getName(CK_ULONG value, ConstType type) { - int i; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type && consts[i].value == value) { @@ -1409,9 +1409,9 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type) return getName(type, ConstAttribute); } -int totalKnownType(ConstType type) { - int count = 0; - int i; +unsigned int totalKnownType(ConstType type) { + unsigned int count = 0; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type) count++; diff --git a/security/nss/cmd/lib/pk11table.h b/security/nss/cmd/lib/pk11table.h index cdc4325f..0c4052ec 100644 --- a/security/nss/cmd/lib/pk11table.h +++ b/security/nss/cmd/lib/pk11table.h @@ -162,7 +162,7 @@ extern const int valueCount; extern const char **constTypeString; extern const int constTypeCount; extern const Constant *consts; -extern const int constCount; +extern const unsigned int constCount; extern const Commands *commands; extern const int commandCount; extern const Topics *topics; @@ -174,7 +174,7 @@ getName(CK_ULONG value, ConstType type); extern const char * getNameFromAttribute(CK_ATTRIBUTE_TYPE type); -extern int totalKnownType(ConstType type); +extern unsigned int totalKnownType(ConstType type); #endif /* _PK11_TABLE_H_ */ diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 97331c9c..92f64f75 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -375,7 +375,8 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, PR_fprintf(PR_STDERR, "Invalid password.\n"); PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - return SECFailure; + rv = SECFailure; + goto done; } } else break; @@ -385,20 +386,22 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { + rv = PK11_ChangePW(slot, oldpw, newpw); + if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; + } else { + PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); } PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; + if (newpw) { + PORT_Memset(newpw, 0, PL_strlen(newpw)); + PORT_Free(newpw); + } + return rv; } struct matchobj { @@ -1550,7 +1553,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); { - int i; + unsigned int i; for (i=0; i < c->serialNumber.len; ++i) { unsigned char *chardata = (unsigned char*)(c->serialNumber.data); unsigned char c = *(chardata + i); @@ -2417,7 +2420,6 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); CERTCertificate *c; int rv = SEC_ERROR_NO_MEMORY; - int iv; if (!arena) return rv; @@ -2743,7 +2745,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -2862,7 +2864,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -3192,7 +3194,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, data.len = cert->derCert.len; rv = SECU_PrintSignedData(stdout, &data, label, 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { return(SECFailure); } @@ -3283,7 +3285,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, errstr = NULL; switch (node->error) { case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case KU_DIGITAL_SIGNATURE: errstr = "Cert cannot sign."; @@ -3299,7 +3301,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, break; } case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case NS_CERT_TYPE_SSL_CLIENT: case NS_CERT_TYPE_SSL_SERVER: diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index 36ed5a4e..ba42264b 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -133,25 +133,7 @@ typedef enum { LAST_MSG /* must be last */ } Message; -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q ' to abort, or to continue: ", - "\nAborting...\n" -}; +/* defined in modutil.c */ +extern char *msgStrings[]; #endif /* MODUTIL_ERROR_H */ diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 839cf402..283fc790 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -120,9 +120,10 @@ typedef struct StringNode_str { StringNode* StringNode_new() { StringNode* new_this; - new_this = (StringNode*)malloc(sizeof(StringNode)); - new_this->str=NULL; - new_this->next=NULL; + new_this = (StringNode*)PR_Malloc(sizeof(StringNode)); + PORT_Assert(new_this != NULL); + new_this->str = NULL; + new_this->next = NULL; return new_this; } diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c index e23bbcc9..3691c638 100644 --- a/security/nss/cmd/modutil/installparse.c +++ b/security/nss/cmd/modutil/installparse.c @@ -203,7 +203,7 @@ yyparse() register char *yys; extern char *getenv(); - if (yys = getenv("YYDEBUG")) + if ((yys = getenv("YYDEBUG")) != NULL) { yyn = *yys; if (yyn >= '0' && yyn <= '9') @@ -220,7 +220,7 @@ yyparse() *yyssp = yystate = 0; yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; + if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c index 59d9bb59..4533e0c7 100644 --- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c +++ b/security/nss/cmd/modutil/lex.Pk11Install_yy.c @@ -1100,6 +1100,7 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ +#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1171,6 +1172,7 @@ static int input() return c; } +#endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn index 9929a805..a92ca68c 100644 --- a/security/nss/cmd/modutil/manifest.mn +++ b/security/nss/cmd/modutil/manifest.mn @@ -24,7 +24,7 @@ PROGRAM = modutil REQUIRES = seccmd nss dbm -DEFINES = -DNSPR20 +DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT # sigh #INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index ba07bba4..64212024 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -122,6 +122,27 @@ static char *optionStrings[] = { "-chkfips", }; +char *msgStrings[] = { + "FIPS mode enabled.\n", + "FIPS mode disabled.\n", + "Using database directory %s...\n", + "Creating \"%s\"...", + "Module \"%s\" added to database.\n", + "Module \"%s\" deleted from database.\n", + "Token \"%s\" password changed successfully.\n", + "Incorrect password, try again...\n", + "Passwords do not match, try again...\n", + "done.\n", + "Slot \"%s\" %s.\n", + "Successfully changed defaults.\n", + "Successfully changed defaults.\n", +"\nWARNING: Performing this operation while the browser is running could cause" +"\ncorruption of your security databases. If the browser is currently running," +"\nyou should exit browser before continuing this operation. Type " +"\n'q ' to abort, or to continue: ", + "\nAborting...\n" +}; + /* Increment i if doing so would have i still be less than j. If you are able to do this, return 0. Otherwise return 1. */ #define TRY_INC(i,j) ( ((i+1)len; i++) { - unsigned char byte=item->data[i]; - appendHex(byte >> 4); - appendHex(byte & 0xf); - appendLabel(':'); - } -} - /* * append a 32 bit integer (even on a 64 bit platform). * for simplicity append it as a hex value, full extension with 0x prefix. @@ -493,7 +472,7 @@ do_list_certs(const char *progName, int log) CERTCertList *sorted; CERTCertListNode *node; CERTCertTrust trust; - int i; + unsigned int i; list = PK11_ListCerts(PK11CertListUnique, NULL); if (list == NULL) { diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c index e302bb5b..edf146a2 100644 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ b/security/nss/cmd/ocspclnt/ocspclnt.c @@ -562,7 +562,7 @@ print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) while ((raw_cert = raw_certs[i++]) != NULL) { sprintf (cert_label, "Certificate (%d)", i); (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } } @@ -964,7 +964,7 @@ main (int argc, char **argv) PLOptState *optstate; SECStatus rv; CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage; + SECCertUsage cert_usage = certUsageSSLClient; PRTime verify_time; CERTCertificate *cert = NULL; PRBool ascii = PR_FALSE; diff --git a/security/nss/cmd/ocspresp/ocspresp.c b/security/nss/cmd/ocspresp/ocspresp.c index 3e977471..cbc82692 100644 --- a/security/nss/cmd/ocspresp/ocspresp.c +++ b/security/nss/cmd/ocspresp/ocspresp.c @@ -129,15 +129,12 @@ main(int argc, char **argv) SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; - SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; - SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; - SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; @@ -181,40 +178,47 @@ main(int argc, char **argv) encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); - statusDecoded = CERT_GetOCSPResponseStatus(decoded); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); - statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecoded == SECSuccess); - statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, + &obtainedSignerCert, caCert)); + PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, + obtainedSignerCert, now)); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); - statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); - PORT_Assert(statusDecodedRev == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); - statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecodedRev == SECSuccess); - statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, + &obtainedSignerCert, caCert)); +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); - PORT_Assert(statusDecodedRev == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + } +#else + (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + obtainedSignerCert, now); +#endif CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); - statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); - PORT_Assert(statusDecodedFail == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); - +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); + } +#else + (void)CERT_GetOCSPResponseStatus(decodedFail); +#endif retval = 0; loser: if (retval != 0) diff --git a/security/nss/cmd/oidcalc/oidcalc.c b/security/nss/cmd/oidcalc/oidcalc.c index 39d300e3..c767099a 100644 --- a/security/nss/cmd/oidcalc/oidcalc.c +++ b/security/nss/cmd/oidcalc/oidcalc.c @@ -44,13 +44,13 @@ main(int argc, char **argv) secondval = atoi(curstr); - if ( ( firstval < 0 ) || ( firstval > 2 ) ) { + if ( firstval > 2 ) { fprintf(stderr, "first component out of range\n"); exit(-1); } - if ( ( secondval < 0 ) || ( secondval > 39 ) ) { + if ( secondval > 39 ) { fprintf(stderr, "second component out of range\n"); exit(-1); } diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c index 01b35df9..338f9cf3 100644 --- a/security/nss/cmd/p7env/p7env.c +++ b/security/nss/cmd/p7env/p7env.c @@ -130,7 +130,6 @@ main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; - char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; @@ -142,7 +141,6 @@ main(int argc, char **argv) inFile = NULL; outFile = NULL; - certName = NULL; recipients = NULL; rcpt = NULL; diff --git a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c index 35e08ef6..63f4b330 100644 --- a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c +++ b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c @@ -166,22 +166,22 @@ aes_gcm_kat(const char *respfn) FILE *aesresp; /* input stream from the RESPONSE file */ int i, j; unsigned int test_group = 0; - unsigned int num_tests; + unsigned int num_tests = 0; PRBool is_encrypt; unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 16; unsigned char iv[10*16]; /* 1 to 10 blocks */ - unsigned int ivsize; + unsigned int ivsize = 12; unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen = 0; unsigned char aad[10*16]; /* 1 to 10 blocks */ unsigned int aadlen = 0; unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen; + unsigned int ciphertextlen = 0; unsigned char tag[16]; - unsigned int tagsize; + unsigned int tagsize = 16; unsigned char output[10*16]; /* 1 to 10 blocks */ - unsigned int outputlen; + unsigned int outputlen = 0; unsigned int expected_keylen = 0; unsigned int expected_ivlen = 0; diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c index a9f89f31..ce89945a 100644 --- a/security/nss/cmd/pk11mode/pk11mode.c +++ b/security/nss/cmd/pk11mode/pk11mode.c @@ -3506,8 +3506,8 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, CK_ATTRIBUTE_PTR pTemplate; CK_ULONG tnObjects = 0; int curMode; - int i; - int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); + unsigned int i; + unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); NUMTESTS++; /* increment NUMTESTS */ @@ -4558,7 +4558,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession; CK_RV crv; CK_MECHANISM mk_mech; - CK_VERSION expected_version, version; + CK_VERSION version; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE type = CKK_GENERIC_SECRET; CK_BBOOL derive_bool = true; @@ -4625,8 +4625,6 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, case CKM_TLS_MASTER_KEY_DERIVE: attrs[3].pValue = NULL; attrs[3].ulValueLen = 0; - expected_version.major = 3; - expected_version.minor = 1; mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom; mkd_params.RandomInfo.ulClientRandomLen = diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 7b0467f2..398c0f84 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -756,7 +756,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, } else if (SECU_PrintSignedData(stdout, dip->der, (dip->hasKey) ? "(has private key)" : "", - 0, SECU_PrintCertificate) != 0) { + 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) { SECU_PrintError(progName,"PKCS12 print cert bag failed"); } if (dip->friendlyName != NULL) { diff --git a/security/nss/cmd/pk1sign/pk1sign.c b/security/nss/cmd/pk1sign/pk1sign.c index 5750cdb2..5f58f8c7 100644 --- a/security/nss/cmd/pk1sign/pk1sign.c +++ b/security/nss/cmd/pk1sign/pk1sign.c @@ -175,7 +175,7 @@ main(int argc, char **argv) PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; - CERTCertificate *cert; + CERTCertificate *cert = NULL; PLOptState *optstate; PLOptStatus status; SECStatus rv; diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index 31e76611..5a69a994 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -25,8 +25,11 @@ static void Usage(char *progName) "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); - fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", - "-t type", SEC_CT_PRIVATE_KEY); + fprintf(stderr, "%-14s Specify input and display type:", "-t type"); +#ifdef HAVE_EPV_TEMPLATE + fprintf(stderr, " %s (sk),", SEC_CT_PRIVATE_KEY); +#endif + fprintf(stderr, "\n"); fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, @@ -136,7 +139,7 @@ int main(int argc, char **argv) if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c index 5740876d..ba635062 100644 --- a/security/nss/cmd/sdrtest/sdrtest.c +++ b/security/nss/cmd/sdrtest/sdrtest.c @@ -71,9 +71,9 @@ long_usage (char *program_name) int readStdin(SECItem * result) { - int bufsize = 0; + unsigned int bufsize = 0; int cc; - int wanted = 8192; + unsigned int wanted = 8192U; result->len = 0; result->data = NULL; diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index d87f0de0..9509892d 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -119,16 +119,16 @@ const int ssl3CipherSuites[] = { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ TLS_RSA_WITH_RC4_128_SHA, /* n */ - -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ - -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ - -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ - -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */ - -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */ - -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ - -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ + TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ - -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ TLS_RSA_WITH_NULL_SHA, /* z */ 0 @@ -141,6 +141,9 @@ static PRBool noDelay; static int requestCert; static int verbose; static SECItem bigBuf; +static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ +static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/ +static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ static PRThread * acceptorThread; @@ -160,11 +163,12 @@ PrintUsageHeader(const char *progName) " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" " [-V [min-version]:[max-version]] [-a sni_name]\n" " [ T ] [-A ca]\n" +" [-C SSLCacheEntries] [-S dsa_nickname]" #ifndef NSS_DISABLE_ECC -" [-C SSLCacheEntries] [-e ec_nickname]\n" -#else -" [-C SSLCacheEntries]\n" + " [-e ec_nickname]" #endif /* NSS_DISABLE_ECC */ +"\n" +" -U [0|1] -H [0|1] -W [0|1]\n" ,progName); } @@ -216,6 +220,9 @@ PrintParameterUsage() " good, revoked, unknown, failure, badsig, corrupted\n" " ocsp: fetch from external OCSP server using AIA, or none\n" "-A Nickname of a CA used to sign a stapled cert status\n" +"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n" +"-H override default DHE server support, 0: disable, 1: enable\n" +"-W override default DHE server weak parameters support, 0: disable, 1: enable\n" "-c Restrict ciphers\n" "-Y prints cipher values allowed for parameter -c and exits\n" , stderr); @@ -252,7 +259,16 @@ PrintCipherUsage(const char *progName) "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" "n SSL3 RSA WITH RC4 128 SHA\n" +"o TLS_DHE_DSS_WITH_RC4_128_SHA\n" +"p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n" +"q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n" +"r TLS_DHE_RSA_WITH_DES_CBC_SHA\n" +"s TLS_DHE_DSS_WITH_DES_CBC_SHA\n" +"t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n" +"u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n" "v SSL3 RSA WITH AES 128 CBC SHA\n" +"w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n" +"x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n" "y SSL3 RSA WITH AES 256 CBC SHA\n" "z SSL3 RSA WITH NULL SHA\n" "\n" @@ -486,8 +502,8 @@ mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, pwdata = SSL_RevealPinArg(fd); - for (;current && i < sniNameArrSize;i++) { - int j = 0; + for (;current && (PRUint32)i < sniNameArrSize;i++) { + unsigned int j = 0; for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) { if (!PORT_Strncmp(nameArr[j], (const char *)current[i].data, @@ -1113,7 +1129,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, SECItemArray *result = NULL; SECItem *ocspResponse = NULL; CERTOCSPSingleResponse **singleResponses; - CERTOCSPSingleResponse *sr; + CERTOCSPSingleResponse *sr = NULL; CERTOCSPCertID *cid = NULL; CERTCertificate *ca; PRTime now = PR_Now(); @@ -1129,7 +1145,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, if (!cid) errExit("cannot created cid"); - nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ + nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ switch (osm) { case osm_good: @@ -1144,7 +1160,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, case osm_revoked: sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, &nextUpdate, - now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ + now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ NULL); break; default: @@ -1905,6 +1921,27 @@ server_main( } } + if (configureDHE > -1) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring server side DHE support"); + } + } + + if (configureReuseECDHE > -1) { + rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring server side reuse of ECDHE key"); + } + } + + if (configureWeakDHE > -1) { + rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring weak DHE prime group"); + } + } + for (kea = kt_rsa; kea < kt_kea_size; kea++) { if (cert[kea] != NULL) { secStatus = SSL_ConfigSecureServer(model_sock, @@ -2136,6 +2173,7 @@ main(int argc, char **argv) #ifndef NSS_DISABLE_ECC char * ecNickName = NULL; #endif + char * dsaNickName = NULL; const char * fileName = NULL; char * cipherString= NULL; const char * dir = "."; @@ -2180,7 +2218,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:A:BC:DEL:M:NP:RT:V:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); + "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -2194,6 +2232,7 @@ main(int argc, char **argv) case 'D': noDelay = PR_TRUE; break; case 'E': disableStepDown = PR_TRUE; break; + case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; case 'I': /* reserved for OCSP multi-stapling */ break; @@ -2217,6 +2256,8 @@ main(int argc, char **argv) case 'R': disableRollBack = PR_TRUE; break; + case 'S': dsaNickName = PORT_Strdup(optstate->value); break; + case 'T': if (enableOCSPStapling(optstate->value) != SECSuccess) { fprintf(stderr, "Invalid OCSP stapling mode.\n"); @@ -2225,6 +2266,8 @@ main(int argc, char **argv) } break; + case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value, enabledVersions, enableSSL2, &enabledVersions, &enableSSL2) != SECSuccess) { @@ -2232,10 +2275,12 @@ main(int argc, char **argv) } break; + case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'Y': PrintCipherUsage(progName); exit(0); break; case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) { - Usage(progName); + Usage(progName); break; } virtServerNameArray[virtServerNameIndex++] = PORT_Strdup(optstate->value); break; @@ -2362,6 +2407,7 @@ main(int argc, char **argv) } if ((nickName == NULL) + && (dsaNickName == NULL) #ifndef NSS_DISABLE_ECC && (ecNickName == NULL) #endif @@ -2593,6 +2639,33 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, &pwdata); } + if (dsaNickName) { + /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa. + * See bug 102794.*/ + cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata); + if (cert[ssl_kea_dh] == NULL) { + fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName); + exit(12); + } + privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata); + if (privKey[ssl_kea_dh] == NULL) { + fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n", + dsaNickName); + exit(11); + } + if (testbypass) { + PRBool bypassOK; + if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist, + nciphers, &bypassOK, &pwdata) != SECSuccess) { + SECU_PrintError(progName, "Bypass test failed %s\n", nickName); + exit(14); + } + fprintf(stderr, "selfserv: %s can%s bypass\n", nickName, + bypassOK ? "" : "not"); + } + setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh, + &pwdata); + } #ifndef NSS_DISABLE_ECC if (ecNickName) { cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); @@ -2625,6 +2698,13 @@ main(int argc, char **argv) if (testbypass) goto cleanup; + if (configureWeakDHE > 0) { + fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n"); + rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE); + fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n"); + } + + /* allocate the array of thread slots, and launch the worker threads. */ rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads); diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index 51604414..0a4edc11 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -195,6 +195,10 @@ static const unsigned char base[] = { 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36, 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f }; +/* + * The constants h, seed, & counter aren't used in the code; they're provided + * here (commented-out) so that human readers can verify that our our PQG + * parameters were generated properly. static const unsigned char h[] = { 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac, 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6, @@ -232,6 +236,7 @@ static const unsigned char seed[] = { 0x00, 0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c }; static const unsigned int counter=1496; + */ static const unsigned char prime2[] = { 0x00, 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae, @@ -307,6 +312,10 @@ static const unsigned char base2[] = { 0x00, 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa, 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f }; +/* + * The constants h2, seed2, & counter2 aren't used in the code; they're provided + * here (commented-out) so that human readers can verify that our our PQG + * parameters were generated properly. static const unsigned char h2[] = { 0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7, 0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37, @@ -376,6 +385,7 @@ static const unsigned char seed2[] = { 0x00, 0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde }; static const unsigned int counter2=210; + */ struct tuple_str { CK_RV errNum; @@ -697,7 +707,7 @@ int main(int argc, char **argv) int bytesWritten; unsigned char file_buf[512]; int count=0; - int keySize = 0; + unsigned int keySize = 0; int i; PRBool verify = PR_FALSE; static PRBool FIPSMODE = PR_FALSE; diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 92c33fdb..0f7c596d 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -420,7 +420,6 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) SECItem der2; SECItem * result2; - void *dummy; SECOidTag alg = SEC_OID_UNKNOWN; alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN); @@ -440,7 +439,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) der2.len = 0; der2.data = NULL; - dummy = SEC_ASN1EncodeItem + (void)SEC_ASN1EncodeItem (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (rv != SECSuccess) { diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 74a208e5..73568d1b 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -16,9 +16,11 @@ static int is_dir (char *filename); long *mozilla_event_queue = 0; #ifndef XP_WIN -char *XP_GetString (int i) +char *XP_GetString (int i) { - return SECU_Strerror (i); + /* nasty hackish cast to avoid changing the signature of + * JAR_init_callbacks() */ + return (char *)SECU_Strerror (i); } #endif diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 170420a6..8ea465ef 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -41,12 +41,12 @@ struct _DataBuffer; typedef struct _DataBufferList { struct _DataBuffer *first,*last; - int size; + unsigned int size; int isEncrypted; unsigned char * msgBuf; - int msgBufOffset; - int msgBufSize; - int hMACsize; + unsigned int msgBufOffset; + unsigned int msgBufSize; + unsigned int hMACsize; } DataBufferList; typedef struct _DataBuffer { @@ -566,7 +566,7 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor (PRUint32)(GET_SHORT((chv2->rndlength))), (PRUint32)(GET_SHORT((chv2->rndlength)))); PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;pcslength));p+=3) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) { PRUint32 cs_int = GET_24((&chv2->csuites[p])); const char *cs_str = V2CipherString(cs_int); @@ -575,17 +575,17 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor } q = p; PR_fprintf(PR_STDOUT," }\n"); - if (chv2->sidlength) { + if (GET_SHORT((chv2->sidlength))) { PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;psidlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } } q += p; PR_fprintf(PR_STDOUT,"}\n"); - if (chv2->rndlength) { + if (GET_SHORT((chv2->rndlength))) { PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;prndlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } PR_fprintf(PR_STDOUT,"}\n"); @@ -978,7 +978,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, { struct sslhandshake sslh; unsigned char * hsdata; - int offset=0; + unsigned int offset=0; PR_fprintf(PR_STDOUT," handshake {\n"); @@ -1365,7 +1365,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, offset += sslh.length + 4; } /* while */ if (offset < recordLen) { /* stuff left over */ - int newMsgLen = recordLen - offset; + unsigned int newMsgLen = recordLen - offset; if (!s->msgBuf) { s->msgBuf = PORT_Alloc(newMsgLen); if (!s->msgBuf) { diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 43d121e2..f4825050 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -498,7 +498,6 @@ init_thread_data(void) PRBool useModelSocket = PR_TRUE; -static const char stopCmd[] = { "GET /stop " }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Netscape-Enterprise/2.0a\r\n" @@ -567,8 +566,8 @@ do_writes( { PRFileDesc * ssl_sock = (PRFileDesc *)a; lockedVars * lv = (lockedVars *)b; - int sent = 0; - int count = 0; + unsigned int sent = 0; + int count = 0; while (sent < bigBuf.len) { @@ -712,7 +711,7 @@ PRInt32 lastFullHandshakePeerID; void myHandshakeCallback(PRFileDesc *socket, void *arg) { - PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg); + PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); } #endif @@ -732,7 +731,6 @@ do_connects( PRFileDesc * tcp_sock = 0; PRStatus prStatus; PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus result; int rv = SECSuccess; PRSocketOptionData opt; @@ -839,7 +837,8 @@ retry: PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d", thisPeerID); SSL_SetSockPeerID(ssl_sock, sockPeerIDString); - SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID); + SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, + (char *)NULL + thisPeerID); #else /* force a full handshake by setting the no cache option */ SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1); @@ -854,9 +853,9 @@ retry: PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - result = handle_fdx_connection( ssl_sock, tid); + (void)handle_fdx_connection( ssl_sock, tid); } else { - result = handle_connection( ssl_sock, tid); + (void)handle_connection( ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c index 05de7d87..353da711 100644 --- a/security/nss/cmd/symkeyutil/symkeyutil.c +++ b/security/nss/cmd/symkeyutil/symkeyutil.c @@ -1015,8 +1015,7 @@ main(int argc, char **argv) } } if (se) { - SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se)); } PK11_FreeSlotList(slotList); } diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 72f53bad..ddfadafd 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -534,9 +534,9 @@ dumpServerCertificateChain(PRFileDesc *fd) return; } else if (dumpServerChain == 1) { - dumpFunction = SECU_PrintCertificateBasicInfo; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo; } else { - dumpFunction = SECU_PrintCertificate; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificate; if (dumpServerChain > 2) { dumpCertPEM = PR_TRUE; } @@ -566,7 +566,7 @@ dumpServerCertificateChain(PRFileDesc *fd) PR_TRUE); } if (foundChain) { - int count = 0; + unsigned int count = 0; fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); for(count = 0; count < (unsigned int)foundChain->len; count++) { CERTCertificate *c; @@ -619,7 +619,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (!serverCertAuth->shouldPause) { CERTCertificate *cert; - int i; + unsigned int i; const SECItemArray *csa; if (!serverCertAuth->testFreshStatusFromSideChannel) { @@ -644,8 +644,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (CERT_CacheOCSPResponseFromSideChannel( serverCertAuth->dbHandle, cert, PR_Now(), &csa->items[i], arg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } } @@ -1283,7 +1282,7 @@ int main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c index 216fa365..f9f1787c 100644 --- a/security/nss/cmd/vfychain/vfychain.c +++ b/security/nss/cmd/vfychain/vfychain.c @@ -333,7 +333,7 @@ configureRevocationParams(CERTRevocationFlags *flags) int i; unsigned int testType = REVCONFIG_TEST_UNDEFINED; static CERTRevocationTests *revTests = NULL; - PRUint64 *revFlags; + PRUint64 *revFlags = NULL; for(i = 0;i < REV_METHOD_INDEX_MAX;i++) { if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) { diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c index d83fc395..6ee22489 100644 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ b/security/nss/cmd/vfyserv/vfyserv.c @@ -510,7 +510,7 @@ main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index 15f0d978..686c7b13 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -603,7 +603,7 @@ void dumpCertChain(CERTCertificate *cert, SECCertUsage usage) { CERTCertificateList *certList; - int count = 0; + unsigned int count = 0; certList = CERT_CertChainFromCert(cert, usage, PR_TRUE); if (certList == NULL) { diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 6567f25f..414aef53 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -125,14 +125,58 @@ ifdef MOZ_DEBUG_SYMBOLS endif endif +ifndef COMPILER_TAG +COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc +ifeq ($(COMPILER_TAG),_clang) +# -Qunused-arguments : clang objects to arguments that it doesn't understand +# and fixing this would require rearchitecture +# -Wno-parentheses-equality : because clang warns about macro expansions +OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality +ifdef BUILD_OPT +# clang is unable to handle glib's expansion of strcmp and similar for optimized +# builds, so ignore the resulting errors. +# See https://llvm.org/bugs/show_bug.cgi?id=20144 +OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression +endif +# Clang reports its version as an older gcc, but it's OK +NSS_HAS_GCC48 = true +endif + +# Check for the existence of gcc 4.8 +ifndef NSS_HAS_GCC48 +define GCC48_TEST = +int main() {\n +#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)\n + return 1;\n +#else\n + return 0;\n +#endif\n +}\n +endef +TEST_GCC48 := /tmp/test_gcc48_$(shell echo $$$$) +NSS_HAS_GCC48 := (,$(shell echo -e "$(GCC48_TEST)" > $(TEST_GCC48).c && \ + $(CC) -o $(TEST_GCC48) $(TEST_GCC48).c && \ + $(TEST_GCC48) && echo true || echo false; \ + rm -f $(TEST_GCC48) $(TEST_GCC48).c)) +export NSS_HAS_GCC48 +endif + +ifeq (true,$(NSS_HAS_GCC48)) +# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. +# Here, we disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable +endif + ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index bf46a83e..7fe950a3 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -24,8 +24,9 @@ else CC = cl CCC = cl LINK = link + LDFLAGS += -nologo AR = lib - AR += -NOLOGO -OUT:$@ + AR += -nologo -OUT:$@ RANLIB = echo BSDECHO = echo RC = rc.exe @@ -103,10 +104,7 @@ endif DLL_SUFFIX = dll ifdef NS_USE_GCC - # The -mnop-fun-dllimport flag allows us to avoid a drawback of - # the dllimport attribute that a pointer to a function marked as - # dllimport cannot be used as as a constant address. - OS_CFLAGS += -mwindows -mms-bitfields -mnop-fun-dllimport + OS_CFLAGS += -mwindows -mms-bitfields _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY) DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB)) ifdef BUILD_OPT @@ -195,6 +193,11 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 + # NSS has too many of these to fix, downgrade the warning + # Disable C4267: conversion from 'size_t' to 'type', possible loss of data + # Disable C4244: conversion from 'type1' to 'type2', possible loss of data + # Disable C4018: 'expression' : signed/unsigned mismatch + OS_CFLAGS += -w44267 -w44244 -w44018 ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif @@ -210,12 +213,21 @@ endif ifeq (,$(filter-out x386 x86_64,$(CPU_ARCH))) ifdef USE_64 DEFINES += -D_AMD64_ + # Use subsystem 5.02 to allow running on Windows XP. + ifeq ($(_MSC_VER_GE_11),1) + LDFLAGS += -SUBSYSTEM:CONSOLE,5.02 + endif else DEFINES += -D_X86_ # VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring - # SSE2. + # SSE2. Clang-cl gets confused by -arch:IA32, so don't add it. + # (See https://llvm.org/bugs/show_bug.cgi?id=24335) + # Use subsystem 5.01 to allow running on Windows XP. ifeq ($(_MSC_VER_GE_11),1) - OS_CFLAGS += -arch:IA32 + ifneq ($(CLANG_CL),1) + OS_CFLAGS += -arch:IA32 + endif + LDFLAGS += -SUBSYSTEM:CONSOLE,5.01 endif endif endif diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 5495b0c3..0a891ebc 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -272,6 +272,10 @@ $(IMPORT_LIBRARY): $(MAPFILE) $(IMPLIB) $@ $< $(RANLIB) $@ endif +ifeq ($(OS_ARCH),WINNT) +$(IMPORT_LIBRARY): $(LIBRARY) + cp -f $< $@ +endif ifdef SHARED_LIBRARY_LIBS ifdef BUILD_TREE @@ -433,8 +437,22 @@ endif # Please keep the next two rules in sync. # $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc - @$(MAKE_OBJDIR) + $(MAKE_OBJDIR) +ifdef STRICT_CPLUSPLUS_SUFFIX + echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + rm -f $(OBJDIR)/t_$*.cc +else +ifdef USE_NT_C_SYNTAX + $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) +else +ifdef NEED_ABSOLUTE_PATH + $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) +else $(CCC) -o $@ -c $(CFLAGS) $< +endif +endif +endif #STRICT_CPLUSPLUS_SUFFIX $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 4fdb5d0d..95d68cff 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -72,6 +72,11 @@ Delete a certificate from the certificate database. + + --rename + Change the database nickname of a certificate. + + -E Add an email certificate to the certificate database. @@ -731,6 +736,11 @@ Comma separated list of one or more of the following: + + --new-n nickname + A new nickname, used when renaming a certificate. + + --source-dir certdir Identify the certificate database directory to upgrade. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 6f29575d..c3fd59f8 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,5 +1,5 @@ -CERTUTIL

    CERTUTIL

    Name

    certutil — Manage keys and certificate in both NSS databases and other NSS tokens

    Synopsis

    certutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

    Description

    The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

    Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

    Command Options and Arguments

    Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

    Command Options

    -A

    Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

    -B

    Run a series of commands from the specified batch file. This requires the -i argument.

    -C

    Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

    -D

    Delete a certificate from the certificate database.

    -E

    Add an email certificate to the certificate database.

    -F

    Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the +CERTUTIL

    CERTUTIL

    Name

    certutil — Manage keys and certificate in both NSS databases and other NSS tokens

    Synopsis

    certutil [options] [[arguments]]

    STATUS

    This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

    Description

    The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

    Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

    Command Options and Arguments

    Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

    Command Options

    -A

    Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

    -B

    Run a series of commands from the specified batch file. This requires the -i argument.

    -C

    Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

    -D

    Delete a certificate from the certificate database.

    --rename

    Change the database nickname of a certificate.

    -E

    Add an email certificate to the certificate database.

    -F

    Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

    When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname.

    -G

    Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.

    -H

    Display a list of the command options and arguments.

    -K

    List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).

    -L

    List all the certificates, or display information about a named certificate, in a certificate database. @@ -120,7 +120,7 @@ PKCS #11 key Attributes. Comma separated list of key attribute flags, selected f PKCS #11 key Operation Flags. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} -

    --source-dir certdir

    Identify the certificate database directory to upgrade.

    --source-prefix certdir

    Give the prefix of the certificate and key databases to upgrade.

    --upgrade-id uniqueID

    Give the unique ID of the database to upgrade.

    --upgrade-token-name name

    Set the name of the token to use while it is being upgraded.

    -@ pwfile

    Give the name of a password file to use for the database being upgraded.

    Usage and Examples

    +

    --new-n nickname

    A new nickname, used when renaming a certificate.

    --source-dir certdir

    Identify the certificate database directory to upgrade.

    --source-prefix certdir

    Give the prefix of the certificate and key databases to upgrade.

    --upgrade-id uniqueID

    Give the unique ID of the database to upgrade.

    --upgrade-token-name name

    Set the name of the token to use while it is being upgraded.

    -@ pwfile

    Give the name of a password file to use for the database being upgraded.

    Usage and Examples

    Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario. Use the -H option to show the complete list of arguments for each command option.

    Creating New Security Databases

    Certificates, keys, and security modules related to managing certificates are stored in three related databases: diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 6ce08f2e..a7daa936 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 23 February 2015 +.\" Date: 13 August 2015 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "23 February 2015" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "13 August 2015" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -80,6 +80,11 @@ prompts for a filename\&. Delete a certificate from the certificate database\&. .RE .PP +\-\-rename +.RS 4 +Change the database nickname of a certificate\&. +.RE +.PP \-E .RS 4 Add an email certificate to the certificate database\&. @@ -1108,6 +1113,11 @@ PKCS #11 key Attributes\&. Comma separated list of key attribute flags, selected PKCS #11 key Operation Flags\&. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} .RE .PP +\-\-new\-n nickname +.RS 4 +A new nickname, used when renaming a certificate\&. +.RE +.PP \-\-source\-dir certdir .RS 4 Identify the certificate database directory to upgrade\&. diff --git a/security/nss/lib/base/list.c b/security/nss/lib/base/list.c index d6773d74..5f34923b 100644 --- a/security/nss/lib/base/list.c +++ b/security/nss/lib/base/list.c @@ -217,9 +217,8 @@ nsslist_add_element(nssList *list, void *data) NSS_IMPLEMENT PRStatus nssList_Add(nssList *list, void *data) { - PRStatus nssrv; NSSLIST_LOCK_IF(list); - nssrv = nsslist_add_element(list, data); + (void)nsslist_add_element(list, data); NSSLIST_UNLOCK_IF(list); return PR_SUCCESS; } diff --git a/security/nss/lib/base/tracker.c b/security/nss/lib/base/tracker.c index 95881f91..06e2baf2 100644 --- a/security/nss/lib/base/tracker.c +++ b/security/nss/lib/base/tracker.c @@ -29,7 +29,7 @@ identity_hash const void *key ) { - return (PLHashNumber)key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 2581be22..f282bbb9 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -2443,7 +2443,6 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; - SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2491,10 +2490,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); + /* Bug 1192442 - propagate errors from these calls. */ + (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - rv = CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + (void)CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return ((fcerts || !ncerts) ? SECSuccess : SECFailure); + return (fcerts || !ncerts) ? SECSuccess : SECFailure; } /* @@ -2893,15 +2893,16 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } static PZLock *certTrustLock = NULL; @@ -2973,15 +2974,16 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 9f9aa0b2..05ded136 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -627,7 +627,6 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; - SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -640,8 +639,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2693,7 +2692,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); + (void)CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3050,7 +3049,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess, rv2; + SECStatus rv = SECSuccess; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3088,8 +3087,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - rv2 = NamedCRLCacheEntry_Destroy(newEntry); - PORT_Assert(SECSuccess == rv2); + NamedCRLCacheEntry_Destroy(newEntry); rv = SECFailure; } } @@ -3112,8 +3110,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3160,8 +3157,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3173,8 +3169,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - rv2 = cert_ReleaseNamedCRLCache(ncc); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); return rv; } diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index e3bc11d5..6529a6a0 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -67,16 +67,6 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; -static const SEC_ASN1Template CERTOtherName2Template[] = { - { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , - 0, NULL, sizeof(CERTGeneralName) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, - { SEC_ASN1_ANY, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, - { 0, } -}; - static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), @@ -684,7 +674,7 @@ loser: return NULL; } -CERTNameConstraint * +static CERTNameConstraint * cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree, PRBool permited) @@ -701,15 +691,17 @@ cert_DecodeNameConstraintSubTree(PLArenaPool *arena, if (current == NULL) { goto loser; } - if (last == NULL) { - first = last = current; + if (first == NULL) { + first = current; + } else { + current->l.prev = &(last->l); + last->l.next = &(current->l); } - current->l.prev = &(last->l); - current->l.next = last->l.next; - last->l.next = &(current->l); + last = current; i++; } - first->l.prev = &(current->l); + first->l.prev = &(last->l); + last->l.next = &(first->l); /* TODO: unmark arena */ return first; loser: diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c index d070bbfc..88a0cf75 100644 --- a/security/nss/lib/certdb/secname.c +++ b/security/nss/lib/certdb/secname.c @@ -240,14 +240,6 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } -/************************************************************************/ -/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ -static const SEC_ASN1Template cert_RDNTemplate[] = { - { SEC_ASN1_SET_OF, - offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } -}; - - CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index 74651baf..b06b7af3 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -24,8 +24,6 @@ CERT_MatchNickname(char *name1, char *name2) { char *nickname2 = NULL; char *token1; char *token2; - char *token = NULL; - int len; /* first deal with the straight comparison */ if (PORT_Strcmp(name1, name2) == 0) { @@ -40,20 +38,17 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_FALSE; } if (token1) { - token=name1; nickname1=token1; nickname2=name2; } else { - token=name2; nickname1=token2; nickname2=name1; } - len = nickname1-token; nickname1++; if (PORT_Strcmp(nickname1,nickname2) != 0) { return PR_FALSE; } - /* compare the other token with the internal slot here */ + /* Bug 1192443 - compare the other token with the internal slot here */ return PR_TRUE; } diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index dcb2dbf2..35f841e5 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker, { PKIX_UInt32 methodFlags = 0; PKIX_Error *error = NULL; - int priority = 0; + PKIX_UInt32 priority = 0; - if (revTest->number_of_defined_methods <= certRevMethod) { + if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) { return NULL; } if (revTest->preferred_methods) { - int i = 0; + unsigned int i = 0; for (;i < revTest->number_of_preferred_methods;i++) { if (revTest->preferred_methods[i] == certRevMethod) break; diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 59b341f1..86ae0a06 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -559,14 +559,19 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item) * because of an allocation failure, or it could get removed because we're * cleaning up. */ - PRBool couldRemoveFromHashTable; OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread())); PR_EnterMonitor(OCSP_Global.monitor); ocsp_RemoveCacheItemFromLinkedList(cache, item); - couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, - item->certID); - PORT_Assert(couldRemoveFromHashTable); +#ifdef DEBUG + { + PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, + item->certID); + PORT_Assert(couldRemoveFromHashTable); + } +#else + PL_HashTableRemove(cache->entries, item->certID); +#endif --cache->numberOfEntries; ocsp_FreeCacheItem(item); PR_ExitMonitor(OCSP_Global.monitor); diff --git a/security/nss/lib/certhigh/xcrldist.c b/security/nss/lib/certhigh/xcrldist.c index 286dc377..291a9d88 100644 --- a/security/nss/lib/certhigh/xcrldist.c +++ b/security/nss/lib/certhigh/xcrldist.c @@ -101,9 +101,6 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena, rv = SECFailure; break; - /* distributionPointName is omitted */ - case 0: break; - default: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); rv = SECFailure; diff --git a/security/nss/lib/ckfw/builtins/binst.c b/security/nss/lib/ckfw/builtins/binst.c index a837113b..8cb057d9 100644 --- a/security/nss/lib/ckfw/builtins/binst.c +++ b/security/nss/lib/ckfw/builtins/binst.c @@ -65,11 +65,8 @@ builtins_mdInstance_GetLibraryVersion NSSCKFWInstance *fwInstance ) { - extern const char __nss_builtins_rcsid[]; - extern const char __nss_builtins_sccsid[]; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_builtins_rcsid[0] + __nss_builtins_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_builtins_version +#include "verref.h" return nss_builtins_LibraryVersion; } diff --git a/security/nss/lib/ckfw/builtins/certdata.perl b/security/nss/lib/ckfw/builtins/certdata.perl index 56771f5c..e77decf9 100644 --- a/security/nss/lib/ckfw/builtins/certdata.perl +++ b/security/nss/lib/ckfw/builtins/certdata.perl @@ -11,7 +11,6 @@ my $o; my @objects = (); my @objsize; -$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n"; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; diff --git a/security/nss/lib/ckfw/builtins/ckbiver.c b/security/nss/lib/ckfw/builtins/ckbiver.c index c8ea7a9c..41783b2f 100644 --- a/security/nss/lib/ckfw/builtins/ckbiver.c +++ b/security/nss/lib/ckfw/builtins/ckbiver.c @@ -13,14 +13,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_builtins_rcsid[] = "$Header: NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_builtins_sccsid[] = "@(#)NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " + NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/builtins/config.mk b/security/nss/lib/ckfw/builtins/config.mk index 31b0f9b1..b385ac6f 100644 --- a/security/nss/lib/ckfw/builtins/config.mk +++ b/security/nss/lib/ckfw/builtins/config.mk @@ -30,8 +30,5 @@ INCLUDES += -I. # To create a loadable module on Darwin, we must use -bundle. # ifeq ($(OS_TARGET),Darwin) -ifndef USE_64 DSO_LDOPTS = -bundle endif -endif - diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index baa75470..1d261dff 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 4 -#define NSS_BUILTINS_LIBRARY_VERSION "2.4" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5 +#define NSS_BUILTINS_LIBRARY_VERSION "2.5" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/capi/ckcapiver.c b/security/nss/lib/ckfw/capi/ckcapiver.c index cddf6c46..54e48875 100644 --- a/security/nss/lib/ckfw/capi/ckcapiver.c +++ b/security/nss/lib/ckfw/capi/ckcapiver.c @@ -12,14 +12,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ckcapi_rcsid[] = "$Header: NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ckcapi_sccsid[] = "@(#)NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " + NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/capi/config.mk b/security/nss/lib/ckfw/capi/config.mk index 5f064fb9..ec0a8627 100644 --- a/security/nss/lib/ckfw/capi/config.mk +++ b/security/nss/lib/ckfw/capi/config.mk @@ -27,8 +27,5 @@ endif # To create a loadable module on Darwin, we must use -bundle. # ifeq ($(OS_TARGET),Darwin) -ifndef USE_64 DSO_LDOPTS = -bundle endif -endif - diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index 51f53b1a..e4f6ce2b 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -48,9 +48,7 @@ nss_ckfw_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/security/nss/lib/ckfw/nssmkey/ckmkver.c b/security/nss/lib/ckfw/nssmkey/ckmkver.c index e30fd987..0f689763 100644 --- a/security/nss/lib/ckfw/nssmkey/ckmkver.c +++ b/security/nss/lib/ckfw/nssmkey/ckmkver.c @@ -12,14 +12,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ckmk_rcsid[] = "$Header: NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ckmk_sccsid[] = "@(#)NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " + NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c index aaaf1188..4a975764 100644 --- a/security/nss/lib/ckfw/token.c +++ b/security/nss/lib/ckfw/token.c @@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime { /* Format is YYYYMMDDhhmmss00 */ int i; - int Y, M, D, h, m, s, z; + int Y, M, D, h, m, s; static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; for( i = 0; i < 16; i++ ) { @@ -1274,7 +1274,6 @@ nssCKFWToken_GetUTCTime h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ if( (M < 1) || (M > 12) ) goto badtime; diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c index 8f7b2982..bf0b7ba3 100644 --- a/security/nss/lib/crmf/cmmfchal.c +++ b/security/nss/lib/crmf/cmmfchal.c @@ -30,7 +30,6 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; PK11SlotInfo *slot; PK11SymKey *symKey = NULL; - CK_OBJECT_HANDLE id; CERTSubjectPublicKeyInfo *spki = NULL; @@ -76,7 +75,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); + (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); /* In order to properly encrypt the data, we import as a symmetric * key, and then wrap that key. That in essence encrypts the data. * This is the method recommended in the PK11 world in order diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c index cc386ea3..4e274d32 100644 --- a/security/nss/lib/crmf/crmfcont.c +++ b/security/nss/lib/crmf/crmfcont.c @@ -857,7 +857,6 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, { SECKEYPublicKey *caPubKey = NULL; CRMFEncryptedKey *encKey = NULL; - CRMFEncryptedValue *dummy; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -873,10 +872,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, if (encKey == NULL) { goto loser; } - dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, - caPubKey, - &encKey->value.encryptedValue); - PORT_Assert(dummy == &encKey->value.encryptedValue); +#ifdef DEBUG + { + CRMFEncryptedValue *dummy = + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); + PORT_Assert(dummy == &encKey->value.encryptedValue); + } +#else + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); +#endif /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ diff --git a/security/nss/lib/crmf/crmfi.h b/security/nss/lib/crmf/crmfi.h index 0dc9b498..fd27a9b9 100644 --- a/security/nss/lib/crmf/crmfi.h +++ b/security/nss/lib/crmf/crmfi.h @@ -52,7 +52,7 @@ struct crmfEncoderArg { SECItem *buffer; - long allocatedLen; + unsigned long allocatedLen; }; struct crmfEncoderOutput { diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c index 78381bf7..2d4e3269 100644 --- a/security/nss/lib/crmf/crmfpop.c +++ b/security/nss/lib/crmf/crmfpop.c @@ -10,7 +10,7 @@ #include "keyhi.h" #include "cryptohi.h" -#define CRMF_DEFAULT_ALLOC_SIZE 1024 +#define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, @@ -33,7 +33,6 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { - SECItem *dummy; CRMFProofOfPossession *pop; PLArenaPool *poolp; void *mark; @@ -52,9 +51,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) pop->popChoice.raVerified.data = NULL; pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; - dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), - &(pop->popChoice.raVerified), - CRMFRAVerifiedTemplate); + (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), + &(pop->popChoice.raVerified), + CRMFRAVerifiedTemplate); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c index 73d75f8b..320d5246 100644 --- a/security/nss/lib/crmf/crmftmpl.c +++ b/security/nss/lib/crmf/crmftmpl.c @@ -138,19 +138,6 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} }; -static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) }, - { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1, - offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(CRMFPOPOSigningKeyInput, publicKey), - SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, - { 0 } -}; - const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, @@ -252,19 +239,3 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { CRMFEncryptedValueTemplate}, { 0 } }; - -static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)}, - { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC, - offsetof(CRMFSinglePubInfo, pubLocation) }, - { 0 } -}; - -static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) }, - { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) }, - { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos), - CRMFSinglePubInfoTemplate}, - { 0 } -}; diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 88a77f15..411ea00e 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -37,6 +37,11 @@ extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena, extern SECStatus SECKEY_UpdateCertPQG(CERTCertificate * subjectCert); +/* +** Return the number of bits in the provided big integer. This assumes that the +** SECItem contains a big-endian number and counts from the first non-zero bit. +*/ +extern unsigned SECKEY_BigIntegerBitLength(const SECItem *number); /* ** Return the strength of the public key in bytes diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 16d2a499..db72b745 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -178,8 +178,8 @@ SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c PK11SlotInfo *slot; if (!param || !param->base.data || !param->prime.data || - param->prime.len < 512/8 || param->base.len == 0 || - param->base.len > param->prime.len + 1 || + SECKEY_BigIntegerBitLength(¶m->prime) < DH_MIN_P_BITS || + param->base.len == 0 || param->base.len > param->prime.len + 1 || (param->base.len == 1 && param->base.data[0] == 0)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; @@ -941,61 +941,76 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams) } } +/* The number of bits in the number from the first non-zero bit onward. */ +unsigned +SECKEY_BigIntegerBitLength(const SECItem *number) +{ + const unsigned char *p; + unsigned octets; + unsigned bits; + + if (!number || !number->data) { + PORT_SetError(SEC_ERROR_INVALID_KEY); + return 0; + } + + p = number->data; + octets = number->len; + while (octets > 0 && !*p) { + ++p; + --octets; + } + if (octets == 0) { + return 0; + } + /* bits = 7..1 because we know at least one bit is set already */ + /* Note: This could do a binary search, but this is faster for keys if we + * assume that good keys will have the MSB set. */ + for (bits = 7; bits > 0; --bits) { + if (*p & (1 << bits)) { + break; + } + } + return octets * 8 + bits - 7; +} + /* returns key strength in bytes (not bits) */ unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk) { - unsigned char b0; - unsigned size; - - /* interpret modulus length as key strength */ - if (!pubk) - goto loser; - switch (pubk->keyType) { - case rsaKey: - if (!pubk->u.rsa.modulus.data) break; - b0 = pubk->u.rsa.modulus.data[0]; - return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1; - case dsaKey: - if (!pubk->u.dsa.publicValue.data) break; - b0 = pubk->u.dsa.publicValue.data[0]; - return b0 ? pubk->u.dsa.publicValue.len : - pubk->u.dsa.publicValue.len - 1; - case dhKey: - if (!pubk->u.dh.publicValue.data) break; - b0 = pubk->u.dh.publicValue.data[0]; - return b0 ? pubk->u.dh.publicValue.len : - pubk->u.dh.publicValue.len - 1; - case ecKey: - /* Get the key size in bits and adjust */ - size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); - return (size + 7)/8; - default: - break; - } -loser: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; + return (SECKEY_PublicKeyStrengthInBits(pubk) + 7) / 8; } /* returns key strength in bits */ unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) { - unsigned size; + unsigned bitSize = 0; + + if (!pubk) { + PORT_SetError(SEC_ERROR_INVALID_KEY); + return 0; + } + + /* interpret modulus length as key strength */ switch (pubk->keyType) { case rsaKey: + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus); + break; case dsaKey: + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.publicValue); + break; case dhKey: - return SECKEY_PublicKeyStrength(pubk) * 8; /* 1 byte = 8 bits */ + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue); + break; case ecKey: - size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); - return size; + bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); + break; default: - break; + PORT_SetError(SEC_ERROR_INVALID_KEY); + break; } - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; + return bitSize; } /* returns signature length in bytes (not bits) */ @@ -1550,7 +1565,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, * this yet. */ PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len); - PORT_Memset((char *)pvk, 0, sizeof(*pvk)); + PORT_Memset(pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1560,7 +1575,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, SECITEM_ZfreeItem(&pvk->version, PR_FALSE); SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE); SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE); - PORT_Memset((char *)pvk, 0, sizeof(*pvk)); + PORT_Memset(pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_Free(pvk); } @@ -1581,7 +1596,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, * this yet. */ PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len); - PORT_Memset((char *)epki, 0, sizeof(*epki)); + PORT_Memset(epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1590,7 +1605,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, } else { SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE); SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE); - PORT_Memset((char *)epki, 0, sizeof(*epki)); + PORT_Memset(epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_Free(epki); } diff --git a/security/nss/lib/dbm/config/config.mk b/security/nss/lib/dbm/config/config.mk index 535c62e7..9ad98af8 100644 --- a/security/nss/lib/dbm/config/config.mk +++ b/security/nss/lib/dbm/config/config.mk @@ -25,10 +25,6 @@ ifdef HAVE_SNPRINTF DEFINES += -DHAVE_SNPRINTF endif -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) DEFINES += -DHAVE_SYS_BYTEORDER_H endif diff --git a/security/nss/lib/dbm/include/cdefs.h b/security/nss/lib/dbm/include/cdefs.h deleted file mode 100644 index 6df5a80e..00000000 --- a/security/nss/lib/dbm/include/cdefs.h +++ /dev/null @@ -1,126 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 - */ - -#ifndef _CDEFS_H_ -#define _CDEFS_H_ - -#if defined(__cplusplus) -#define __BEGIN_DECLS extern "C" { -#define __END_DECLS } -#else -#define __BEGIN_DECLS -#define __END_DECLS -#endif - -/* - * The __CONCAT macro is used to concatenate parts of symbol names, e.g. - * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. - * The __CONCAT macro is a bit tricky -- make sure you don't put spaces - * in between its arguments. __CONCAT can also concatenate double-quoted - * strings produced by the __STRING macro, but this only works with ANSI C. - */ -#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) -#define __P(protos) protos /* full-blown ANSI C */ -#define __CONCAT(x,y) x ## y -#define __STRING(x) #x - -/* On HP-UX 11.00, defines __const. */ -#ifndef __const -#define __const const /* define reserved names to standard */ -#endif /* __const */ -#define __signed signed -#define __volatile volatile -#ifndef _WINDOWS -#if defined(__cplusplus) -#define __inline inline /* convert to C++ keyword */ -#else -#if !defined(__GNUC__) && !defined(__MWERKS__) -#define __inline /* delete GCC keyword */ -#endif /* !__GNUC__ */ -#endif /* !__cplusplus */ -#endif /* !_WINDOWS */ - -#else /* !(__STDC__ || __cplusplus) */ -#define __P(protos) () /* traditional C preprocessor */ -#define __CONCAT(x,y) x/**/y -#define __STRING(x) "x" - -#ifndef __GNUC__ -#define __const /* delete pseudo-ANSI C keywords */ -#define __inline -#define __signed -#define __volatile -/* - * In non-ANSI C environments, new programs will want ANSI-only C keywords - * deleted from the program and old programs will want them left alone. - * When using a compiler other than gcc, programs using the ANSI C keywords - * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. - * When using "gcc -traditional", we assume that this is the intent; if - * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. - */ -#ifndef NO_ANSI_KEYWORDS -#define const /* delete ANSI C keywords */ -#define inline -#define signed -#define volatile -#endif -#endif /* !__GNUC__ */ -#endif /* !(__STDC__ || __cplusplus) */ - -/* - * GCC1 and some versions of GCC2 declare dead (non-returning) and - * pure (no side effects) functions using "volatile" and "const"; - * unfortunately, these then cause warnings under "-ansi -pedantic". - * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of - * these work for GNU C++ (modulo a slight glitch in the C++ grammar - * in the distribution version of 2.5.5). - */ -#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 -#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) -#define __dead __volatile -#define __pure __const -#endif -#endif - -/* Delete pseudo-keywords wherever they are not available or needed. */ -#ifndef __dead -#define __dead -#define __pure -#endif - -#endif /* !_CDEFS_H_ */ diff --git a/security/nss/lib/dbm/include/manifest.mn b/security/nss/lib/dbm/include/manifest.mn index da971b3c..64b6fdac 100644 --- a/security/nss/lib/dbm/include/manifest.mn +++ b/security/nss/lib/dbm/include/manifest.mn @@ -8,8 +8,7 @@ CORE_DEPTH = ../../.. MODULE = dbm -EXPORTS = cdefs.h \ - mcom_db.h \ +EXPORTS = mcom_db.h \ ncompat.h \ winfile.h \ $(NULL) @@ -19,7 +18,6 @@ PRIVATE_EXPORTS = hsearch.h \ extern.h \ queue.h \ hash.h \ - mpool.h \ search.h \ $(NULL) diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h index f2044846..4cca5325 100644 --- a/security/nss/lib/dbm/include/mcom_db.h +++ b/security/nss/lib/dbm/include/mcom_db.h @@ -56,12 +56,6 @@ typedef PRUint32 uint32; #ifdef __DBINTERFACE_PRIVATE -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - #ifdef HAVE_SYS_BYTEORDER_H #include #endif diff --git a/security/nss/lib/dbm/include/mpool.h b/security/nss/lib/dbm/include/mpool.h deleted file mode 100644 index 0483d243..00000000 --- a/security/nss/lib/dbm/include/mpool.h +++ /dev/null @@ -1,97 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)mpool.h 8.2 (Berkeley) 7/14/94 - */ - -#include - -/* - * The memory pool scheme is a simple one. Each in-memory page is referenced - * by a bucket which is threaded in up to two of three ways. All active pages - * are threaded on a hash chain (hashed by page number) and an lru chain. - * Inactive pages are threaded on a free chain. Each reference to a memory - * pool is handed an opaque MPOOL cookie which stores all of this information. - */ -#define HASHSIZE 128 -#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) - -/* The BKT structures are the elements of the queues. */ -typedef struct _bkt { - CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ - CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ - void *page; /* page */ - pgno_t pgno; /* page number */ - -#define MPOOL_DIRTY 0x01 /* page needs to be written */ -#define MPOOL_PINNED 0x02 /* page is pinned into memory */ - uint8 flags; /* flags */ -} BKT; - -typedef struct MPOOL { - CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ - /* hash queue array */ - CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; - pgno_t curcache; /* current number of cached pages */ - pgno_t maxcache; /* max number of cached pages */ - pgno_t npages; /* number of pages in the file */ - uint32 pagesize; /* file page size */ - int fd; /* file descriptor */ - /* page in conversion routine */ - void (*pgin) (void *, pgno_t, void *); - /* page out conversion routine */ - void (*pgout) (void *, pgno_t, void *); - void *pgcookie; /* cookie for page in/out routines */ -#ifdef STATISTICS - uint32 cachehit; - uint32 cachemiss; - uint32 pagealloc; - uint32 pageflush; - uint32 pageget; - uint32 pagenew; - uint32 pageput; - uint32 pageread; - uint32 pagewrite; -#endif -} MPOOL; - -__BEGIN_DECLS -MPOOL *mpool_open (void *, int, pgno_t, pgno_t); -void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), - void (*)(void *, pgno_t, void *), void *); -void *mpool_new (MPOOL *, pgno_t *); -void *mpool_get (MPOOL *, pgno_t, uint); -int mpool_put (MPOOL *, void *, uint); -int mpool_sync (MPOOL *); -int mpool_close (MPOOL *); -#ifdef STATISTICS -void mpool_stat (MPOOL *); -#endif -__END_DECLS diff --git a/security/nss/lib/dbm/src/h_bigkey.c b/security/nss/lib/dbm/src/h_bigkey.c index c174e32a..ed0c5020 100644 --- a/security/nss/lib/dbm/src/h_bigkey.c +++ b/security/nss/lib/dbm/src/h_bigkey.c @@ -72,8 +72,8 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94"; #include "page.h" /* #include "extern.h" */ -static int collect_key __P((HTAB *, BUFHEAD *, int, DBT *, int)); -static int collect_data __P((HTAB *, BUFHEAD *, int, int)); +static int collect_key(HTAB *, BUFHEAD *, int, DBT *, int); +static int collect_data(HTAB *, BUFHEAD *, int, int); /* * Big_insert diff --git a/security/nss/lib/dbm/src/h_func.c b/security/nss/lib/dbm/src/h_func.c index 8c86be64..688a794f 100644 --- a/security/nss/lib/dbm/src/h_func.c +++ b/security/nss/lib/dbm/src/h_func.c @@ -45,14 +45,14 @@ static char sccsid[] = "@(#)hash_func.c 8.2 (Berkeley) 2/21/94"; /* #include "extern.h" */ #if 0 -static uint32 hash1 __P((const void *, size_t)); -static uint32 hash2 __P((const void *, size_t)); -static uint32 hash3 __P((const void *, size_t)); +static uint32 hash1(const void *, size_t); +static uint32 hash2(const void *, size_t); +static uint32 hash3(const void *, size_t); #endif -static uint32 hash4 __P((const void *, size_t)); +static uint32 hash4(const void *, size_t); /* Global default hash function */ -uint32 (*__default_hash) __P((const void *, size_t)) = hash4; +uint32 (*__default_hash)(const void *, size_t) = hash4; /* * HASH FUNCTIONS diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index 3b95554d..cc024947 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -89,13 +89,12 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94"; extern int mkstempflags(char *path, int extraFlags); -static uint32 *fetch_bitmap __P((HTAB *, uint32)); -static uint32 first_free __P((uint32)); -static int open_temp __P((HTAB *)); -static uint16 overflow_page __P((HTAB *)); -static void squeeze_key __P((uint16 *, const DBT *, const DBT *)); -static int ugly_split - __P((HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int)); +static uint32 *fetch_bitmap(HTAB *, uint32); +static uint32 first_free(uint32); +static int open_temp(HTAB *); +static uint16 overflow_page(HTAB *); +static void squeeze_key(uint16 *, const DBT *, const DBT *); +static int ugly_split(HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int); #define PAGE_INIT(P) { \ ((uint16 *)(P))[0] = 0; \ @@ -721,23 +720,6 @@ __get_page(HTAB *hashp, PAGE_INIT(p); } else { -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - if (hashp->LORDER != BYTE_ORDER) { register int i, max; diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index c7b1d181..3f9a516e 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -74,23 +74,23 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; /* #include "extern.h" */ -static int alloc_segs __P((HTAB *, int)); -static int flush_meta __P((HTAB *)); -static int hash_access __P((HTAB *, ACTION, DBT *, DBT *)); -static int hash_close __P((DB *)); -static int hash_delete __P((const DB *, const DBT *, uint)); -static int hash_fd __P((const DB *)); -static int hash_get __P((const DB *, const DBT *, DBT *, uint)); -static int hash_put __P((const DB *, DBT *, const DBT *, uint)); -static void *hash_realloc __P((SEGMENT **, size_t, size_t)); -static int hash_seq __P((const DB *, DBT *, DBT *, uint)); -static int hash_sync __P((const DB *, uint)); -static int hdestroy __P((HTAB *)); -static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *)); -static int init_htab __P((HTAB *, int)); +static int alloc_segs(HTAB *, int); +static int flush_meta(HTAB *); +static int hash_access(HTAB *, ACTION, DBT *, DBT *); +static int hash_close(DB *); +static int hash_delete(const DB *, const DBT *, uint); +static int hash_fd(const DB *); +static int hash_get(const DB *, const DBT *, DBT *, uint); +static int hash_put(const DB *, DBT *, const DBT *, uint); +static void *hash_realloc(SEGMENT **, size_t, size_t); +static int hash_seq(const DB *, DBT *, DBT *, uint); +static int hash_sync(const DB *, uint); +static int hdestroy(HTAB *); +static HTAB *init_hash(HTAB *, const char *, HASHINFO *); +static int init_htab(HTAB *, int); #if BYTE_ORDER == LITTLE_ENDIAN -static void swap_header __P((HTAB *)); -static void swap_header_copy __P((HASHHDR *, HASHHDR *)); +static void swap_header(HTAB *); +static void swap_header_copy(HASHHDR *, HASHHDR *); #endif /* Fast arithmetic, relying on powers of 2, */ diff --git a/security/nss/lib/dbm/src/hash_buf.c b/security/nss/lib/dbm/src/hash_buf.c index 727164c6..d3286943 100644 --- a/security/nss/lib/dbm/src/hash_buf.c +++ b/security/nss/lib/dbm/src/hash_buf.c @@ -70,7 +70,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94"; #include "page.h" /* #include "extern.h" */ -static BUFHEAD *newbuf __P((HTAB *, uint32, BUFHEAD *)); +static BUFHEAD *newbuf(HTAB *, uint32, BUFHEAD *); /* Unlink B from its place in the lru */ #define BUF_REMOVE(B) { \ diff --git a/security/nss/lib/dbm/src/memmove.c b/security/nss/lib/dbm/src/memmove.c index 935ab463..aacf9461 100644 --- a/security/nss/lib/dbm/src/memmove.c +++ b/security/nss/lib/dbm/src/memmove.c @@ -37,11 +37,6 @@ static char sccsid[] = "@(#)bcopy.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif #include /* diff --git a/security/nss/lib/dbm/src/snprintf.c b/security/nss/lib/dbm/src/snprintf.c index 96696d8e..377a8d84 100644 --- a/security/nss/lib/dbm/src/snprintf.c +++ b/security/nss/lib/dbm/src/snprintf.c @@ -4,32 +4,14 @@ #include #include -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - #include "prtypes.h" #include -#ifdef __STDC__ #include -#else -#include -#endif int -#ifdef __STDC__ snprintf(char *str, size_t n, const char *fmt, ...) -#else -snprintf(str, n, fmt, va_alist) - char *str; - size_t n; - const char *fmt; - va_dcl -#endif { va_list ap; #ifdef VSPRINTF_CHARSTAR @@ -37,11 +19,7 @@ snprintf(str, n, fmt, va_alist) #else int rval; #endif -#ifdef __STDC__ va_start(ap, fmt); -#else - va_start(ap); -#endif #ifdef VSPRINTF_CHARSTAR rp = vsprintf(str, fmt, ap); va_end(ap); diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c index d97cbba3..f49915ee 100644 --- a/security/nss/lib/dev/devslot.c +++ b/security/nss/lib/dev/devslot.c @@ -25,9 +25,6 @@ /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; -/* The flags needed to open a read-only session. */ -static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; - NSS_IMPLEMENT PRStatus nssSlot_Destroy ( NSSSlot *slot diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index b6032812..7223e489 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -1466,7 +1466,6 @@ nssToken_TraverseCertificates ( CK_ATTRIBUTE cert_template[2]; CK_ULONG ctsize; NSSArena *arena; - PRStatus status; PRUint32 arraySize, numHandles; nssCryptokiObject **objects; void *epv = nssToken_GetCryptokiEPV(token); @@ -1544,7 +1543,7 @@ nssToken_TraverseCertificates ( if (objects) { nssCryptokiObject **op; for (op = objects; *op; op++) { - status = (*callback)(*op, arg); + (void)(*callback)(*op, arg); } nss_ZFreeIf(objects); } diff --git a/security/nss/lib/freebl/cts.c b/security/nss/lib/freebl/cts.c index 5d4ed18b..984e05b9 100644 --- a/security/nss/lib/freebl/cts.c +++ b/security/nss/lib/freebl/cts.c @@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, unsigned char lastBlock[MAX_BLOCK_SIZE]; const unsigned char *tmp; unsigned int tmpLen; - int fullblocks, pad; + unsigned int fullblocks, pad; unsigned int i; SECStatus rv; diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c index 54ff4803..66c11013 100644 --- a/security/nss/lib/freebl/dh.c +++ b/security/nss/lib/freebl/dh.c @@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue, { mp_int p, Xa, Yb, ZZ, psub1; mp_err err = MP_OKAY; - int len = 0; + unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; if (!publicValue || !prime || !privateValue || !derivedSecret) { @@ -252,6 +252,24 @@ DH_Derive(SECItem *publicValue, err = MP_BADARG; goto cleanup; } + + /* + * We check to make sure that ZZ is not equal to 1 or -1 mod p. + * This helps guard against small subgroup attacks, since an attacker + * using a subgroup of size N will produce 1 or -1 with probability 1/N. + * When the protocol is executed within a properly large subgroup, the + * probability of this result will be negligibly small. For example, + * with a strong prime of the form 2p+1, the probability will be 1/p. + * + * We return MP_BADARG because this is probably the result of a bad + * public value or a bad prime having been provided. + */ + if (mp_cmp_d(&ZZ, 1) == 0 || + mp_cmp(&ZZ, &psub1) == 0) { + err = MP_BADARG; + goto cleanup; + } + /* allocate a buffer which can hold the entire derived secret. */ secret = PORT_Alloc(len); /* grab the derived secret */ diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index 4745df4c..e20db2e6 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -247,26 +247,32 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, /* * build some fast inline functions for adding. */ -#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \ - carry = cy; \ - for (k1=start; carry && k1 >=0 ; k1--) { \ - carry = !(++dest[k1]); \ - } +#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \ + { \ + int k1; \ + for (k1 = start; carry && k1 >= 0; k1--) { \ + carry = !(++dest[k1]); \ + } \ + } /* * NOTE: dest must be an array for the following to work. */ -#define PRNG_ADD_BITS(dest, dest_len, add, len) \ +#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ carry = 0; \ - for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \ - carry += dest[k1]+ add[k2]; \ - dest[k1] = (PRUint8) carry; \ - carry >>= 8; \ + PORT_Assert((dest_len) >= (len)); \ + { \ + int k1, k2; \ + for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \ + carry += dest[k1] + add[k2]; \ + dest[k1] = (PRUint8) carry; \ + carry >>= 8; \ + } \ } -#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \ - PRNG_ADD_BITS(dest, dest_len, add, len) \ - PRNG_ADD_CARRY_ONLY(dest, k1, carry) +#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ + PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ + PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -286,7 +292,6 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, SHA256Context ctx; unsigned int len; unsigned int carry; - int k1; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); @@ -295,7 +300,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); + carry = no_of_returned_bytes; + PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); } PORT_Memset(data, 0, sizeof data); } @@ -315,7 +321,6 @@ prng_generateNewBytes(RNGContext *rng, PRUint8 H[SHA256_LENGTH]; /* both H and w since they * aren't used concurrently */ unsigned int carry; - int k1, k2; if (!rng->isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -336,7 +341,7 @@ prng_generateNewBytes(RNGContext *rng, SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data); SHA256_Update(&ctx, additional_input, additional_input_len); SHA256_End(&ctx, w, NULL, sizeof w); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w) + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry) PORT_Memset(w, 0, sizeof w); #undef w } @@ -350,11 +355,12 @@ prng_generateNewBytes(RNGContext *rng, /* advance our internal state... */ rng->V_type = prngGenerateByteType; SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H) - PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C); + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry) + PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry); PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, - sizeof rng->reseed_counter) - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); + sizeof rng->reseed_counter, carry) + carry = 1; + PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry); /* continuous rng check */ if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { @@ -510,7 +516,7 @@ RNG_RandomUpdate(const void *data, size_t bytes) PR_STATIC_ASSERT(sizeof(size_t) > 4); - if (bytes > PRNG_MAX_ADDITIONAL_BYTES) { + if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) { bytes = PRNG_MAX_ADDITIONAL_BYTES; } #else diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index ad3ce004..0da63ed5 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, mp_int u1, u2, v, w; /* intermediate values used in verification */ mp_int y; /* public key */ mp_err err; - int dsa_subprime_len, dsa_signature_len, offset; + unsigned int dsa_subprime_len, dsa_signature_len, offset; SECItem localDigest; unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN]; SECStatus verified = SECFailure; diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index 6af242dc..4435f91e 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -543,6 +543,15 @@ ECDH_Derive(SECItem *publicValue, return SECFailure; } + /* + * We fail if the public value is the point at infinity, since + * this produces predictable results. + */ + if (ec_point_at_infinity(publicValue)) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + MP_DIGITS(&k) = 0; memset(derivedSecret, 0, sizeof *derivedSecret); len = (ecParams->fieldID.size + 7) >> 3; diff --git a/security/nss/lib/freebl/ecl/ecl-priv.h b/security/nss/lib/freebl/ecl/ecl-priv.h index 22dd355a..16f80a46 100644 --- a/security/nss/lib/freebl/ecl/ecl-priv.h +++ b/security/nss/lib/freebl/ecl/ecl-priv.h @@ -29,40 +29,39 @@ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_word w; \ - w = ((mp_word)(cin)) + (a1) + (a2); \ + w = ((mp_word)carry) + (a1) + (a2); \ s = ACCUM(w); \ - cout = CARRYOUT(w); } + carry = CARRYOUT(w); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_word w; \ - w = ((mp_word)(a1)) - (a2) - (bin); \ + w = ((mp_word)(a1)) - (a2) - borrow; \ s = ACCUM(w); \ - bout = (w >> MP_DIGIT_BIT) & 1; } + borrow = (w >> MP_DIGIT_BIT) & 1; } #else /* NOTE, - * cin and cout could be the same variable. - * bin and bout could be the same variable. + * carry and borrow are both read and written. * a1 or a2 and s could be the same variable. * don't trash those outputs until their respective inputs have * been read. */ -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_digit tmp,sum; \ tmp = (a1); \ sum = tmp + (a2); \ tmp = (sum < tmp); /* detect overflow */ \ - s = sum += (cin); \ - cout = tmp + (sum < (cin)); } + s = sum += carry; \ + carry = tmp + (sum < carry); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_digit tmp; \ tmp = (a1); \ s = tmp - (a2); \ tmp = (s > tmp); /* detect borrow */ \ - if ((bin) && !s--) tmp++; \ - bout = tmp; } + if (borrow && !s--) tmp++; \ + borrow = tmp; } #endif diff --git a/security/nss/lib/freebl/ecl/ecl_gf.c b/security/nss/lib/freebl/ecl/ecl_gf.c index 22047d51..d250d786 100644 --- a/security/nss/lib/freebl/ecl/ecl_gf.c +++ b/security/nss/lib/freebl/ecl/ecl_gf.c @@ -242,9 +242,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -273,9 +274,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); #else __asm__ ( "subq %3,%0 \n\t" @@ -329,10 +331,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); #else __asm__ ( "xorq %4,%4 \n\t" @@ -364,10 +367,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); #else __asm__ ( "subq %4,%0 \n\t" @@ -426,11 +430,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -450,11 +455,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; MP_DIGIT(r, 2) = r2; @@ -507,12 +513,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); - MP_ADD_CARRY(a5, r5, r5, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); + MP_ADD_CARRY(a5, r5, r5, carry); MP_CHECKOK(s_mp_pad(r, 6)); MP_DIGIT(r, 5) = r5; @@ -534,12 +541,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); - MP_SUB_BORROW(r5, a5, r5, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); + MP_SUB_BORROW(r5, a5, r5, carry); MP_DIGIT(r, 5) = r5; MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; @@ -587,9 +595,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -610,9 +619,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); #else __asm__ ( "addq %3,%0 \n\t" @@ -675,10 +685,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); #else __asm__ ( "xorq %4,%4 \n\t" @@ -701,10 +712,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); #else __asm__ ( "addq %4,%0 \n\t" @@ -771,11 +783,12 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -785,10 +798,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); } MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -843,12 +857,13 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); - MP_SUB_BORROW(r5, b5, r5, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); + MP_SUB_BORROW(r5, b5, r5, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -859,11 +874,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); - MP_ADD_CARRY(b4, r4, r4, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b4, r4, r4, borrow); } MP_CHECKOK(s_mp_pad(r, 6)); diff --git a/security/nss/lib/freebl/ecl/ecl_mult.c b/security/nss/lib/freebl/ecl/ecl_mult.c index a99ca825..5932828b 100644 --- a/security/nss/lib/freebl/ecl/ecl_mult.c +++ b/security/nss/lib/freebl/ecl/ecl_mult.c @@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_err res = MP_OKAY; mp_int precomp[4][4][2]; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; ARGCHK(group != NULL, MP_BADARG); @@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_zero(rx); mp_zero(ry); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c index 70b717a1..ef11cef9 100644 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ b/security/nss/lib/freebl/ecl/ecp_192.c @@ -72,34 +72,36 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0a = MP_DIGIT(a, 0); /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ - MP_ADD_CARRY(r0a, a3a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a3b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a3a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a3b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a4b, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, a3a, r0a, carry); + MP_ADD_CARRY(r0b, a3b, r0b, carry); + MP_ADD_CARRY(r1a, a3a, r1a, carry); + MP_ADD_CARRY(r1b, a3b, r1b, carry); + MP_ADD_CARRY(r2a, a4a, r2a, carry); + MP_ADD_CARRY(r2b, a4b, r2b, carry); r3 = carry; carry = 0; - MP_ADD_CARRY(r0a, a5a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a5b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a5a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a5b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a5a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a5b, r2b, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1a, a4a, r1a, 0, carry); - MP_ADD_CARRY(r1b, a4b, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + MP_ADD_CARRY(r0a, a5a, r0a, carry); + MP_ADD_CARRY(r0b, a5b, r0b, carry); + MP_ADD_CARRY(r1a, a5a, r1a, carry); + MP_ADD_CARRY(r1b, a5b, r1b, carry); + MP_ADD_CARRY(r2a, a5a, r2a, carry); + MP_ADD_CARRY(r2b, a5b, r2b, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1a, a4a, r1a, carry); + MP_ADD_CARRY(r1b, a4b, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 += carry; /* reduce out the carry */ while (r3) { - MP_ADD_CARRY(r0a, r3, r0a, 0, carry); - MP_ADD_CARRY(r0b, 0, r0b, carry, carry); - MP_ADD_CARRY(r1a, r3, r1a, carry, carry); - MP_ADD_CARRY(r1b, 0, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, r3, r0a, carry); + MP_ADD_CARRY(r0b, 0, r0b, carry); + MP_ADD_CARRY(r1a, r3, r1a, carry); + MP_ADD_CARRY(r1b, 0, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 = carry; } @@ -121,8 +123,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) (r1a == 0xfffffffe) && (r0a == 0xffffffff) && (r0b == 0xffffffff)) ) { /* do a quick subtract */ - MP_ADD_CARRY(r0a, 1, r0a, 0, carry); - MP_ADD_CARRY(r0b, carry, r0a, 0, carry); + carry = 0; + MP_ADD_CARRY(r0a, 1, r0a, carry); + MP_ADD_CARRY(r0b, carry, r0a, carry); r1a += 1+carry; r1b = r2a = r2b = 0; } @@ -154,16 +157,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, a3, r0, 0, carry); - MP_ADD_CARRY(r1, a3, r1, carry, carry); - MP_ADD_CARRY(r2, a4, r2, carry, carry); - r3 = carry; - MP_ADD_CARRY(r0, a5, r0, 0, carry); - MP_ADD_CARRY(r1, a5, r1, carry, carry); - MP_ADD_CARRY(r2, a5, r2, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1, a4, r1, 0, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a3, r0, carry); + MP_ADD_CARRY(r1, a3, r1, carry); + MP_ADD_CARRY(r2, a4, r2, carry); + r3 = carry; carry = 0; + MP_ADD_CARRY(r0, a5, r0, carry); + MP_ADD_CARRY(r1, a5, r1, carry); + MP_ADD_CARRY(r2, a5, r2, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1, a4, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 += carry; #else @@ -195,9 +199,10 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* reduce out the carry */ while (r3) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, r3, r0, 0, carry); - MP_ADD_CARRY(r1, r3, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, r3, r0, carry); + MP_ADD_CARRY(r1, r3, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 = carry; #else a3=r3; @@ -229,7 +234,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { /* do a quick subtract */ - MP_ADD_CARRY(r0, 1, r0, 0, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); r1 += 1+carry; r2 = 0; } @@ -280,9 +286,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -302,9 +309,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, 1, r0, 0, carry); - MP_ADD_CARRY(r1, 1, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); + MP_ADD_CARRY(r1, 1, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); #else __asm__ ( "addq $1,%0 \n\t" @@ -362,9 +370,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -382,9 +391,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, * (subtract the 2's complement of the curve field) */ if (borrow) { #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, 1, r0, 0, borrow); - MP_SUB_BORROW(r1, 1, r1, borrow, borrow); - MP_SUB_BORROW(r2, 0, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, 1, r0, borrow); + MP_SUB_BORROW(r1, 1, r1, borrow); + MP_SUB_BORROW(r2, 0, r2, borrow); #else __asm__ ( "subq $1,%0 \n\t" diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c index 18779ba1..4faab215 100644 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ b/security/nss/lib/freebl/ecl/ecp_224.c @@ -72,52 +72,54 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1b, a3b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a4b, r2b, carry, carry); - MP_ADD_CARRY (r3a, a5a, r3a, carry, carry); - r3b = carry; - MP_ADD_CARRY (r1b, a5b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a6a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a6b, r2b, carry, carry); - MP_ADD_CARRY (r3a, 0, r3a, carry, carry); - r3b += carry; - MP_SUB_BORROW(r0a, a3b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a4a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a4b, r1a, carry, carry); - MP_SUB_BORROW(r1b, a5a, r1b, carry, carry); - MP_SUB_BORROW(r2a, a5b, r2a, carry, carry); - MP_SUB_BORROW(r2b, a6a, r2b, carry, carry); - MP_SUB_BORROW(r3a, a6b, r3a, carry, carry); - r3b -= carry; - MP_SUB_BORROW(r0a, a5b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a6a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a6b, r1a, carry, carry); + carry = 0; + MP_ADD_CARRY (r1b, a3b, r1b, carry); + MP_ADD_CARRY (r2a, a4a, r2a, carry); + MP_ADD_CARRY (r2b, a4b, r2b, carry); + MP_ADD_CARRY (r3a, a5a, r3a, carry); + r3b = carry; carry = 0; + MP_ADD_CARRY (r1b, a5b, r1b, carry); + MP_ADD_CARRY (r2a, a6a, r2a, carry); + MP_ADD_CARRY (r2b, a6b, r2b, carry); + MP_ADD_CARRY (r3a, 0, r3a, carry); + r3b += carry; carry = 0; + MP_SUB_BORROW(r0a, a3b, r0a, carry); + MP_SUB_BORROW(r0b, a4a, r0b, carry); + MP_SUB_BORROW(r1a, a4b, r1a, carry); + MP_SUB_BORROW(r1b, a5a, r1b, carry); + MP_SUB_BORROW(r2a, a5b, r2a, carry); + MP_SUB_BORROW(r2b, a6a, r2b, carry); + MP_SUB_BORROW(r3a, a6b, r3a, carry); + r3b -= carry; carry = 0; + MP_SUB_BORROW(r0a, a5b, r0a, carry); + MP_SUB_BORROW(r0b, a6a, r0b, carry); + MP_SUB_BORROW(r1a, a6b, r1a, carry); if (carry) { - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); r3b -= carry; } while (r3b > 0) { int tmp; - MP_ADD_CARRY(r1b, r3b, r1b, 0, carry); + carry = 0; + MP_ADD_CARRY(r1b, r3b, r1b, carry); if (carry) { - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); - MP_ADD_CARRY(r3a, 0, r3a, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r3a, 0, r3a, carry); } - tmp = carry; - MP_SUB_BORROW(r0a, r3b, r0a, 0, carry); + tmp = carry; carry = 0; + MP_SUB_BORROW(r0a, r3b, r0a, carry); if (carry) { - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); tmp -= carry; } r3b = tmp; @@ -125,13 +127,14 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r3b < 0) { mp_digit maxInt = MP_DIGIT_MAX; - MP_ADD_CARRY (r0a, 1, r0a, 0, carry); - MP_ADD_CARRY (r0b, 0, r0b, carry, carry); - MP_ADD_CARRY (r1a, 0, r1a, carry, carry); - MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry); - MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry); - MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry); - MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry); + carry = 0; + MP_ADD_CARRY (r0a, 1, r0a, carry); + MP_ADD_CARRY (r0b, 0, r0b, carry); + MP_ADD_CARRY (r1a, 0, r1a, carry); + MP_ADD_CARRY (r1b, maxInt, r1b, carry); + MP_ADD_CARRY (r2a, maxInt, r2a, carry); + MP_ADD_CARRY (r2b, maxInt, r2b, carry); + MP_ADD_CARRY (r3a, maxInt, r3a, carry); r3b += carry; } /* check for final reduction */ @@ -140,9 +143,10 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) && ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0a, 1, r0a, 0, carry); - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); + carry = 0; + MP_SUB_BORROW(r0a, 1, r0a, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); r1b = r2a = r2b = r3a = 0; } @@ -194,22 +198,26 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1, a3b, r1, 0, carry); - MP_ADD_CARRY (r2, a4 , r2, carry, carry); - MP_ADD_CARRY (r3, a5a, r3, carry, carry); - MP_ADD_CARRY (r1, a5b, r1, 0, carry); - MP_ADD_CARRY (r2, a6 , r2, carry, carry); - MP_ADD_CARRY (r3, 0, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r1, a3b, r1, carry); + MP_ADD_CARRY (r2, a4 , r2, carry); + MP_ADD_CARRY (r3, a5a, r3, carry); + carry = 0; + MP_ADD_CARRY (r1, a5b, r1, carry); + MP_ADD_CARRY (r2, a6 , r2, carry); + MP_ADD_CARRY (r3, 0, r3, carry); - MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry); - MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry); - MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry); - MP_SUB_BORROW(r3, a6b , r3, carry, carry); - MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry); - MP_SUB_BORROW(r1, a6b , r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a4a_a3b, r0, carry); + MP_SUB_BORROW(r1, a5a_a4b, r1, carry); + MP_SUB_BORROW(r2, a6a_a5b, r2, carry); + MP_SUB_BORROW(r3, a6b , r3, carry); + carry = 0; + MP_SUB_BORROW(r0, a6a_a5b, r0, carry); + MP_SUB_BORROW(r1, a6b , r1, carry); if (carry) { - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } @@ -218,25 +226,28 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r3b = (int)(r3 >>32); while (r3b > 0) { r3 &= 0xffffffff; - MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry); + carry = 0; + MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry); if (carry) { - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0, r3, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0, r3, carry); } - MP_SUB_BORROW(r0, r3b, r0, 0, carry); + carry = 0; + MP_SUB_BORROW(r0, r3b, r0, carry); if (carry) { - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } r3b = (int)(r3 >>32); } while (r3b < 0) { - MP_ADD_CARRY (r0, 1, r0, 0, carry); - MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry); - MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r0, 1, r0, carry); + MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry); + MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry); r3b = (int)(r3 >>32); } /* check for final reduction */ @@ -247,8 +258,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) && ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0, 1, r0, 0, carry); - MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, 1, r0, carry); + MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry); r2 = r3 = 0; } diff --git a/security/nss/lib/freebl/ecl/ecp_256.c b/security/nss/lib/freebl/ecl/ecp_256.c index a834d15d..936ee6dd 100644 --- a/security/nss/lib/freebl/ecl/ecp_256.c +++ b/security/nss/lib/freebl/ecl/ecp_256.c @@ -68,115 +68,118 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r7 = MP_DIGIT(a,7); /* sum 1 */ - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 = carry; - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 += carry; + carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 = carry; carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r3, a12, r3, 0, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* combine last bottom of sum 3 with second sum 2 */ - MP_ADD_CARRY(r0, a8, r0, 0, carry); - MP_ADD_CARRY(r1, a9, r1, carry, carry); - MP_ADD_CARRY(r2, a10, r2, carry, carry); - MP_ADD_CARRY(r3, a12, r3, carry, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */ - r8 += carry; + MP_ADD_CARRY(r0, a8, r0, carry); + MP_ADD_CARRY(r1, a9, r1, carry); + MP_ADD_CARRY(r2, a10, r2, carry); + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */ + r8 += carry; carry = 0; /* sum 3 (rest of it)*/ - MP_ADD_CARRY(r6, a14, r6, 0, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* sum 4 (rest of it)*/ - MP_ADD_CARRY(r0, a9, r0, 0, carry); - MP_ADD_CARRY(r1, a10, r1, carry, carry); - MP_ADD_CARRY(r2, a11, r2, carry, carry); - MP_ADD_CARRY(r3, a13, r3, carry, carry); - MP_ADD_CARRY(r4, a14, r4, carry, carry); - MP_ADD_CARRY(r5, a15, r5, carry, carry); - MP_ADD_CARRY(r6, a13, r6, carry, carry); - MP_ADD_CARRY(r7, a8, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r0, a9, r0, carry); + MP_ADD_CARRY(r1, a10, r1, carry); + MP_ADD_CARRY(r2, a11, r2, carry); + MP_ADD_CARRY(r3, a13, r3, carry); + MP_ADD_CARRY(r4, a14, r4, carry); + MP_ADD_CARRY(r5, a15, r5, carry); + MP_ADD_CARRY(r6, a13, r6, carry); + MP_ADD_CARRY(r7, a8, r7, carry); + r8 += carry; carry = 0; /* diff 5 */ - MP_SUB_BORROW(r0, a11, r0, 0, carry); - MP_SUB_BORROW(r1, a12, r1, carry, carry); - MP_SUB_BORROW(r2, a13, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a8, r6, carry, carry); - MP_SUB_BORROW(r7, a10, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a11, r0, carry); + MP_SUB_BORROW(r1, a12, r1, carry); + MP_SUB_BORROW(r2, a13, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a8, r6, carry); + MP_SUB_BORROW(r7, a10, r7, carry); + r8 -= carry; carry = 0; /* diff 6 */ - MP_SUB_BORROW(r0, a12, r0, 0, carry); - MP_SUB_BORROW(r1, a13, r1, carry, carry); - MP_SUB_BORROW(r2, a14, r2, carry, carry); - MP_SUB_BORROW(r3, a15, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a9, r6, carry, carry); - MP_SUB_BORROW(r7, a11, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a12, r0, carry); + MP_SUB_BORROW(r1, a13, r1, carry); + MP_SUB_BORROW(r2, a14, r2, carry); + MP_SUB_BORROW(r3, a15, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a9, r6, carry); + MP_SUB_BORROW(r7, a11, r7, carry); + r8 -= carry; carry = 0; /* diff 7 */ - MP_SUB_BORROW(r0, a13, r0, 0, carry); - MP_SUB_BORROW(r1, a14, r1, carry, carry); - MP_SUB_BORROW(r2, a15, r2, carry, carry); - MP_SUB_BORROW(r3, a8, r3, carry, carry); - MP_SUB_BORROW(r4, a9, r4, carry, carry); - MP_SUB_BORROW(r5, a10, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a12, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a13, r0, carry); + MP_SUB_BORROW(r1, a14, r1, carry); + MP_SUB_BORROW(r2, a15, r2, carry); + MP_SUB_BORROW(r3, a8, r3, carry); + MP_SUB_BORROW(r4, a9, r4, carry); + MP_SUB_BORROW(r5, a10, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a12, r7, carry); + r8 -= carry; carry = 0; /* diff 8 */ - MP_SUB_BORROW(r0, a14, r0, 0, carry); - MP_SUB_BORROW(r1, a15, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a9, r3, carry, carry); - MP_SUB_BORROW(r4, a10, r4, carry, carry); - MP_SUB_BORROW(r5, a11, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a13, r7, carry, carry); + MP_SUB_BORROW(r0, a14, r0, carry); + MP_SUB_BORROW(r1, a15, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a9, r3, carry); + MP_SUB_BORROW(r4, a10, r4, carry); + MP_SUB_BORROW(r5, a11, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a13, r7, carry); r8 -= carry; /* reduce the overflows */ while (r8 > 0) { - mp_digit r8_d = r8; - MP_ADD_CARRY(r0, r8_d, r0, 0, carry); - MP_ADD_CARRY(r1, 0, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry); - MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry); - MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry); + mp_digit r8_d = r8; carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r8_d, r0, carry); + MP_ADD_CARRY(r1, 0, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0-r8_d, r3, carry); + MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry); + MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry); + MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry); + MP_ADD_CARRY(r7, (r8_d-1), r7, carry); r8 = carry; } /* reduce the underflows */ while (r8 < 0) { mp_digit r8_d = -r8; - MP_SUB_BORROW(r0, r8_d, r0, 0, carry); - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry); - MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry); - MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r8_d, r0, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0-r8_d, r3, carry); + MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry); + MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry); + MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry); + MP_SUB_BORROW(r7, (r8_d-1), r7, carry); r8 = 0-carry; } if (a != r) { @@ -229,69 +232,82 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0 = MP_DIGIT(a,0); /* sum 1 */ - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 = carry; - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 = carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; /* sum 3 */ - MP_ADD_CARRY(r0, a4, r0, 0, carry); - MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r0, a4, r0, carry); + MP_ADD_CARRY(r1, a5l >> 32, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 4 */ - MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry); - MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry); - MP_ADD_CARRY(r2, a7, r2, carry, carry); - MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a4h | a5l, r0, carry); + MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry); + MP_ADD_CARRY(r2, a7, r2, carry); + MP_ADD_CARRY(r3, a6h | a4l, r3, carry); r4 += carry; /* diff 5 */ - MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry); - MP_SUB_BORROW(r1, a6h, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a5h | a6l, r0, carry); + MP_SUB_BORROW(r1, a6h, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry); r4 -= carry; /* diff 6 */ - MP_SUB_BORROW(r0, a6, r0, 0, carry); - MP_SUB_BORROW(r1, a7, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6, r0, carry); + MP_SUB_BORROW(r1, a7, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry); r4 -= carry; /* diff 7 */ - MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry); - MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry); - MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry); - MP_SUB_BORROW(r3, a6l, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6h|a7l, r0, carry); + MP_SUB_BORROW(r1, a7h|a4l, r1, carry); + MP_SUB_BORROW(r2, a4h|a5l, r2, carry); + MP_SUB_BORROW(r3, a6l, r3, carry); r4 -= carry; /* diff 8 */ - MP_SUB_BORROW(r0, a7, r0, 0, carry); - MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry); - MP_SUB_BORROW(r2, a5, r2, carry, carry); - MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a7, r0, carry); + MP_SUB_BORROW(r1, a4h<<32, r1, carry); + MP_SUB_BORROW(r2, a5, r2, carry); + MP_SUB_BORROW(r3, a6h<<32, r3, carry); r4 -= carry; /* reduce the overflows */ while (r4 > 0) { mp_digit r4_long = r4; mp_digit r4l = (r4_long << 32); - MP_ADD_CARRY(r0, r4_long, r0, 0, carry); - MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry); - MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r4_long, r0, carry); + MP_ADD_CARRY(r1, 0-r4l, r1, carry); + MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry); r4 = carry; } @@ -299,10 +315,11 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r4 < 0) { mp_digit r4_long = -r4; mp_digit r4l = (r4_long << 32); - MP_SUB_BORROW(r0, r4_long, r0, 0, carry); - MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry); - MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r4_long, r0, carry); + MP_SUB_BORROW(r1, 0-r4l, r1, carry); + MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry); + MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry); r4 = 0-carry; } diff --git a/security/nss/lib/freebl/ecl/ecp_521.c b/security/nss/lib/freebl/ecl/ecp_521.c index 7eac0f07..f70c2f43 100644 --- a/security/nss/lib/freebl/ecl/ecp_521.c +++ b/security/nss/lib/freebl/ecl/ecp_521.c @@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth) { mp_err res = MP_OKAY; int a_bits = mpl_significant_bits(a); - int i; + unsigned int i; /* m1, m2 are statically-allocated mp_int of exactly the size we need */ mp_int m1; diff --git a/security/nss/lib/freebl/ecl/ecp_jac.c b/security/nss/lib/freebl/ecl/ecp_jac.c index c7bb239c..f174b169 100644 --- a/security/nss/lib/freebl/ecl/ecp_jac.c +++ b/security/nss/lib/freebl/ecl/ecp_jac.c @@ -144,6 +144,20 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz, MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth)); MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth)); + if (mp_cmp_z(&C) == 0) { + /* P == Q or P == -Q */ + if (mp_cmp_z(&D) == 0) { + /* P == Q */ + /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */ + MP_DIGIT(&D, 0) = 1; /* Set D to 1. */ + MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group)); + } else { + /* P == -Q */ + MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); + } + goto CLEANUP; + } + /* C2 = C^2, C3 = C^3 */ MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth)); MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth)); @@ -205,7 +219,8 @@ ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz, MP_CHECKOK(mp_init(&M)); MP_CHECKOK(mp_init(&S)); - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { + /* P == inf or P == -P */ + if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) { MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); goto CLEANUP; } @@ -372,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_int precomp[4][4][2]; mp_int rz; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; for (i = 0; i < 4; i++) { @@ -479,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, MP_CHECKOK(mp_init(&rz)); MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ecl/ecp_jm.c b/security/nss/lib/freebl/ecl/ecp_jm.c index b1a3dc89..2d564127 100644 --- a/security/nss/lib/freebl/ecl/ecp_jm.c +++ b/security/nss/lib/freebl/ecl/ecp_jm.c @@ -16,7 +16,7 @@ * output that is still field-encoded. * */ -mp_err +static mp_err ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz, const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz, mp_int *raz4, mp_int scratch[], const ECGroup *group) @@ -86,7 +86,7 @@ ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz, * Uses mixed Modified_Jacobian-affine coordinates. Assumes input is * already field-encoded using field_enc, and returns output that is still * field-encoded. */ -mp_err +static mp_err ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz, const mp_int *paz4, const mp_int *qx, const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz, diff --git a/security/nss/lib/freebl/freeblver.c b/security/nss/lib/freebl/freeblver.c index c288b41a..9136f0b0 100644 --- a/security/nss/lib/freebl/freeblver.c +++ b/security/nss/lib/freebl/freeblver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_freebl_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_freebl_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_freebl_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index deb6770f..1d9affec 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -294,13 +294,9 @@ static const struct FREEBLVectorStr vector = const FREEBLVector * FREEBL_GetVector(void) { - extern const char __nss_freebl_rcsid[]; - extern const char __nss_freebl_sccsid[]; +#define NSS_VERSION_VARIABLE __nss_freebl_version +#include "verref.h" - /* force a reference that won't get optimized away */ - volatile char c; - - c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 5eb50de9..9105a690 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -132,7 +132,6 @@ freebl_LoadDSO( void ) handle = loader_LoadLibrary(name); if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); - PRStatus status; if (address) { FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; const FREEBLVector * dsoVector = getVector(); @@ -149,8 +148,14 @@ freebl_LoadDSO( void ) } } } - status = PR_UnloadLibrary(handle); - PORT_Assert(PR_SUCCESS == status); +#ifdef DEBUG + { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } +#else + PR_UnloadLibrary(blLib); +#endif } return PR_FAILURE; } @@ -901,8 +906,12 @@ BL_Unload(void) if (blLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(blLib); +#endif } blLib = NULL; } diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c index 1a0916e2..6ac15b64 100644 --- a/security/nss/lib/freebl/md5.c +++ b/security/nss/lib/freebl/md5.c @@ -259,7 +259,7 @@ MD5_Begin(MD5Context *cx) (i32) #else #define lendian(i32) \ - (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK) + (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK)) #endif #ifndef IS_LITTLE_ENDIAN diff --git a/security/nss/lib/freebl/mpi/mpcpucache.c b/security/nss/lib/freebl/mpi/mpcpucache.c index 9a4a9d30..92500611 100644 --- a/security/nss/lib/freebl/mpi/mpcpucache.c +++ b/security/nss/lib/freebl/mpi/mpcpucache.c @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mpi.h" +#include "prtypes.h" /* * This file implements a single function: s_mpi_getProcessorLineSize(); @@ -619,35 +620,17 @@ unsigned long s_mpi_is_sse2() { unsigned long eax, ebx, ecx, edx; - int manufacturer = MAN_UNKNOWN; - int i; - char string[13]; if (is386() || is486()) { return 0; } freebl_cpuid(0, &eax, &ebx, &ecx, &edx); - /* string holds the CPU's manufacturer ID string - a twelve - * character ASCII string stored in ebx, edx, ecx, and - * the 32-bit extended feature flags are in edx, ecx. - */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; - string[12] = 0; /* has no SSE2 extensions */ if (eax == 0) { return 0; } - for (i=0; i < n_manufacturers; i++) { - if ( strcmp(manMap[i],string) == 0) { - manufacturer = i; - break; - } - } - freebl_cpuid(1,&eax,&ebx,&ecx,&edx); return (edx & SSE2_FLAG) == SSE2_FLAG; } @@ -657,11 +640,12 @@ unsigned long s_mpi_getProcessorLineSize() { unsigned long eax, ebx, ecx, edx; + PRUint32 cpuid[3]; unsigned long cpuidLevel; unsigned long cacheLineSize = 0; int manufacturer = MAN_UNKNOWN; int i; - char string[65]; + char string[13]; #if !defined(AMD_64) if (is386()) { @@ -678,9 +662,10 @@ s_mpi_getProcessorLineSize() * character ASCII string stored in ebx, edx, ecx, and * the 32-bit extended feature flags are in edx, ecx. */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; + cpuid[0] = ebx; + cpuid[1] = ecx; + cpuid[2] = edx; + memcpy(string, cpuid, sizeof(cpuid)); string[12] = 0; manufacturer = MAN_UNKNOWN; diff --git a/security/nss/lib/freebl/mpi/mpi-priv.h b/security/nss/lib/freebl/mpi/mpi-priv.h index e81d0fe0..7a0725f4 100644 --- a/security/nss/lib/freebl/mpi/mpi-priv.h +++ b/security/nss/lib/freebl/mpi/mpi-priv.h @@ -254,8 +254,10 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, mp_digit *quot, mp_digit *rem); /* c += a * b * (MP_RADIX ** offset); */ +/* Callers of this macro should be aware that the return type might vary; + * it should be treated as a void function. */ #define s_mp_mul_d_add_offset(a, b, c, off) \ -(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) + s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off) typedef struct { mp_int N; /* modulus N */ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 2a3719b8..43ce83ae 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) mp_int s, x; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c mp_int s, x, mu; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp) { mp_digit d; mp_size n = 0; - int ix; + unsigned int ix; if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) return n; @@ -2916,8 +2916,7 @@ void s_mp_exch(mp_int *a, mp_int *b) mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; - mp_size pos; - int ix; + unsigned int ix; if(p == 0) return MP_OKAY; @@ -2928,14 +2927,13 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) return res; - pos = USED(mp) - 1; - /* Shift all the significant figures over as needed */ - for(ix = pos - p; ix >= 0; ix--) + for (ix = USED(mp) - p; ix-- > 0;) { DIGIT(mp, ix + p) = DIGIT(mp, ix); + } /* Fill the bottom digits with zeroes */ - for(ix = 0; ix < p; ix++) + for(ix = 0; (mp_size)ix < p; ix++) DIGIT(mp, ix) = 0; return MP_OKAY; @@ -3046,7 +3044,7 @@ void s_mp_div_2(mp_int *mp) mp_err s_mp_mul_2(mp_int *mp) { mp_digit *pd; - int ix, used; + unsigned int ix, used; mp_digit kin = 0; /* Shift digits leftward by 1 bit */ @@ -4672,10 +4670,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) /* }}} */ /* {{{ mp_unsigned_octet_size(mp) */ -int +unsigned int mp_unsigned_octet_size(const mp_int *mp) { - int bytes; + unsigned int bytes; int ix; mp_digit d = 0; @@ -4712,12 +4710,12 @@ mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4744,12 +4742,12 @@ mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4784,12 +4782,12 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); + ARGCHK(bytes <= length, MP_BADARG); /* place any needed leading zeros */ for (;length > bytes; --length) { diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index a556c17e..b1b45d25 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec); /* Octet string conversion functions */ mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -int mp_unsigned_octet_size(const mp_int *mp); +unsigned int mp_unsigned_octet_size(const mp_int *mp); mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); diff --git a/security/nss/lib/freebl/mpi/mplogic.c b/security/nss/lib/freebl/mpi/mplogic.c index dbec7acf..df0aad0e 100644 --- a/security/nss/lib/freebl/mpi/mplogic.c +++ b/security/nss/lib/freebl/mpi/mplogic.c @@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) returns number of significnant bits in abs(a). returns 1 if value is zero. */ -mp_err mpl_significant_bits(const mp_int *a) +mp_size mpl_significant_bits(const mp_int *a) { - mp_err bits = 0; + mp_size bits = 0; int ix; ARGCHK(a != NULL, MP_BADARG); diff --git a/security/nss/lib/freebl/mpi/mplogic.h b/security/nss/lib/freebl/mpi/mplogic.h index f45fe366..e05374a8 100644 --- a/security/nss/lib/freebl/mpi/mplogic.h +++ b/security/nss/lib/freebl/mpi/mplogic.h @@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_err mpl_significant_bits(const mp_int *a); +mp_size mpl_significant_bits(const mp_int *a); #endif /* end _H_MPLOGIC_ */ diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c index d619360a..9667755d 100644 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ b/security/nss/lib/freebl/mpi/mpmontg.c @@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) for (i = 0; i < MP_USED(&mmm->N); ++i ) { mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; /* T += N * m_i * (MP_RADIX ** i); */ - MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); + s_mp_mul_d_add_offset(&mmm->N, m_i, T, i); } s_mp_clamp(T); diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c index f0baf9d2..9b97fb20 100644 --- a/security/nss/lib/freebl/mpi/mpprime.c +++ b/security/nss/lib/freebl/mpi/mpprime.c @@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, { mp_digit np; mp_err res; - int i = 0; + unsigned int i = 0; mp_int trial; mp_int q; mp_size num_tests; diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c index e6a634ae..a9ab5b73 100644 --- a/security/nss/lib/freebl/nsslowhash.c +++ b/security/nss/lib/freebl/nsslowhash.c @@ -285,14 +285,9 @@ static NSSLOWInitContext dummyContext = { 0 }; NSSLOWInitContext * NSSLOW_Init(void) { - SECStatus rv; CK_RV crv; #ifdef FREEBL_NO_DEPEND - PRBool nsprAvailable = PR_FALSE; - - - rv = FREEBL_InitStubs(); - nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; + (void)FREEBL_InitStubs(); #endif if (post_failed) { diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c index 56cdd20c..f7971557 100644 --- a/security/nss/lib/freebl/pqg.c +++ b/security/nss/lib/freebl/pqg.c @@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor( mp_int * q, /* sub prime, can be 1 */ mp_int * prime, /* output. */ SECItem * prime_seed, /* input/output. */ - int * prime_gen_counter) /* input/output. */ + unsigned int *prime_gen_counter) /* input/output. */ { mp_int c; mp_int c0_2; @@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor( const SECItem * input_seed, /* input. */ mp_int * prime, /* output. */ SECItem * prime_seed, /* output. */ - int * prime_gen_counter) /* output. */ + unsigned int *prime_gen_counter) /* output. */ { mp_int c; mp_int c0; @@ -882,7 +882,7 @@ findQfromSeed( const SECItem * seed, /* input. */ mp_int * Q, /* input. */ mp_int * Q_, /* output. */ - int * qseed_len, /* output */ + unsigned int *qseed_len, /* output */ HASH_HashType *hashtypePtr, /* output. Hash uses */ pqgGenType *typePtr) /* output. Generation Type used */ { @@ -937,7 +937,7 @@ const SECItem * seed, /* input. */ firstseed.len = seed->len/3; for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; hashtype=getNextHash(hashtype)) { - int count; + unsigned int count; rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, &qseed, &count); @@ -1229,7 +1229,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy) { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ - unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ @@ -1309,8 +1308,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ n = (L - 1) / outlen; - /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */ - b = (L - 1) % outlen; + /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */ seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */ step_5: /* ****************************************************************** @@ -1348,7 +1346,7 @@ step_5: CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) ); } else { /* FIPS186_3_ST_TYPE */ - int qgen_counter, pgen_counter; + unsigned int qgen_counter, pgen_counter; /* Step 1 (L,N) already checked for acceptability */ @@ -1589,7 +1587,7 @@ PQG_VerifyParams(const PQGParams *params, mp_err err = MP_OKAY; int j; unsigned int counter_max = 0; /* handle legacy L < 1024 */ - int qseed_len; + unsigned int qseed_len; SECItem pseed_ = {0, 0, 0}; HASH_HashType hashtype; pqgGenType type; @@ -1682,8 +1680,8 @@ PQG_VerifyParams(const PQGParams *params, if (type == FIPS186_3_ST_TYPE) { SECItem qseed = { 0, 0, 0 }; SECItem pseed = { 0, 0, 0 }; - int first_seed_len; - int pgen_counter = 0; + unsigned int first_seed_len; + unsigned int pgen_counter = 0; /* extract pseed and qseed from domain_parameter_seed, which is * first_seed || pseed || qseed. qseed is first_seed + small_integer diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 498cc96b..f885acc4 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PLArenaPool *arena = NULL; /* Require key size to be a multiple of 16 bits. */ if (!publicExponent || keySizeInBits % 16 != 0 || - BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) { + BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c index b826cf93..29019495 100644 --- a/security/nss/lib/freebl/sha_fast.c +++ b/security/nss/lib/freebl/sha_fast.c @@ -148,7 +148,6 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout, { register PRUint64 size; register PRUint32 lenB; - PRUint32 tmpbuf[5]; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -188,7 +187,6 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout, #if defined(SHA_NEED_TMP_VARIABLE) register PRUint32 tmp; #endif - PRUint32 tmpbuf[5]; PORT_Assert (maxDigestLen >= SHA1_LENGTH); SHA_STORE_RESULT; diff --git a/security/nss/lib/freebl/sha_fast.h b/security/nss/lib/freebl/sha_fast.h index 9d47aba4..256e1900 100644 --- a/security/nss/lib/freebl/sha_fast.h +++ b/security/nss/lib/freebl/sha_fast.h @@ -147,6 +147,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value) SHA_STORE(3); \ SHA_STORE(4); \ } else { \ + PRUint32 tmpbuf[5]; \ tmpbuf[0] = SHA_HTONL(ctx->H[0]); \ tmpbuf[1] = SHA_HTONL(ctx->H[1]); \ tmpbuf[2] = SHA_HTONL(ctx->H[2]); \ diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index 1de9b497..993d01e1 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -324,7 +324,7 @@ extern PROffset32 PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) { int *lfd; - int lwhence = SEEK_SET;; + int lwhence = SEEK_SET; STUB_SAFE_CALL3(PR_Seek, fd, offset, whence); lfd = (int *)fd; switch (whence) { @@ -334,6 +334,8 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) case PR_SEEK_END: lwhence = SEEK_END; break; + case PR_SEEK_SET: + break; } return lseek(*lfd, offset, lwhence); diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index a604f19c..3346dbec 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -36,11 +36,12 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len, char **data); static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length); +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length); static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, - unsigned int method); +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length, unsigned int method); static int jar_verify_extract(JAR *jar, char *path, char *physical_path); @@ -74,6 +75,10 @@ static int dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 +/* The following macros throw up warnings. */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) #define x86LongToUint32(ii) (*(const PRUint32 *)(ii)) #else @@ -241,7 +246,8 @@ JAR_extract(JAR *jar, char *path, char *outpath) #define CHUNK 32768 static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length) { JAR_FILE out; char *buffer = (char *)PORT_ZAlloc(CHUNK); @@ -251,7 +257,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) return JAR_ERR_MEMORY; if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { @@ -289,7 +295,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) #define OCHUNK 32768 static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length, unsigned int method) { char *inbuf, *outbuf; @@ -315,11 +321,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, } if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { - long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; + unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; unsigned long tin; if (JAR_FREAD (fp, inbuf, chunk) != chunk) { @@ -353,7 +359,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, return JAR_ERR_CORRUPT; } ochunk = zs.total_out - prev_total; - if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) { + if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) { /* most likely a disk full error */ status = JAR_ERR_DISK; break; @@ -820,8 +826,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) char *s; JAR_Physical *phy; long pos = 0L; - long sz, mode; - time_t when; + long sz; union TarEntry tarball; while (1) { @@ -833,9 +838,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) if (!*tarball.val.filename) break; - when = octalToLong (tarball.val.time); sz = octalToLong (tarball.val.size); - mode = octalToLong (tarball.val.mode); /* Tag the end of filename */ s = tarball.val.filename; diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c index 9d05d9b5..f0299b1c 100644 --- a/security/nss/lib/jar/jarsign.c +++ b/security/nss/lib/jar/jarsign.c @@ -171,7 +171,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, { SEC_PKCS7ContentInfo *cinfo; const SECHashObject *hashObj; - char *errstring; void *mw = NULL; void *hashcx; unsigned int len; @@ -231,7 +230,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, status = PORT_GetError(); SEC_PKCS7DestroyContentInfo (cinfo); if (rv != SECSuccess) { - errstring = JAR_get_error (status); return ((status < 0) ? status : JAR_ERR_GENERAL); } return 0; diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h index 2feb3334..fb705644 100644 --- a/security/nss/lib/libpkix/include/pkix_certstore.h +++ b/security/nss/lib/libpkix/include/pkix_certstore.h @@ -10,6 +10,7 @@ #define _PKIX_CERTSTORE_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { @@ -327,7 +328,7 @@ typedef PKIX_Error * PKIX_PL_Cert *issuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, PKIX_RevocationStatus *revStatus, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c index c77ac8ef..d6f5b6bc 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; @@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h index d7213aad..35f1a474 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h @@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c index 481aa52b..b6fca9a3 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c @@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_PL_OcspCertID *cid = NULL; @@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h index 547b403b..fbec315f 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h @@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c index ebe37739..7bed9b88 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check( * first we are going to test all local(cached) info * second, all remote info(fetching) */ for (tries = 0;tries < 2;tries++) { - int methodNum = 0; + unsigned int methodNum = 0; for (;methodNum < revList->length;methodNum++) { PKIX_UInt32 methodFlags = 0; @@ -372,7 +372,8 @@ PKIX_RevocationChecker_Check( methodFlags, chainVerificationState, &revStatus, - pReasonCode, plContext), + (CERTCRLEntryReasonCode *)pReasonCode, + plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; if (revStatus == PKIX_RevStatus_Revoked) { @@ -397,7 +398,8 @@ PKIX_RevocationChecker_Check( (*method->externalRevChecker)(cert, issuer, date, method, procParams, methodFlags, - &revStatus, pReasonCode, + &revStatus, + (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h index 80d9eeaa..20dfe377 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h @@ -12,6 +12,7 @@ #define _PKIX_REVOCATIONCHECKER_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 19322373..a97c7620 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); /* External revocation check function prototype definition. @@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c index 9967af9b..e9a9c03d 100644 --- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + + hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c index 91d8a74b..fd8cee98 100644 --- a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c +++ b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c @@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode( (node, &nodeHash, plContext), PKIX_SINGLEPOLICYNODEHASHCODEFAILED); - nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent); + nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL); PKIX_HASHCODE (node->children, diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.c b/security/nss/lib/libpkix/pkix/store/pkix_store.c index 31c21ea1..af8be2bb 100644 --- a/security/nss/lib/libpkix/pkix/store/pkix_store.c +++ b/security/nss/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32) certStore->certCallback + - (PKIX_UInt32) certStore->crlCallback + - (PKIX_UInt32) certStore->certContinue + - (PKIX_UInt32) certStore->crlContinue + - (PKIX_UInt32) certStore->trustCallback + + *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + (tempHash << 7); cleanup: diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 9ca307e4..94515785 100644 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors( PKIX_List **pMatchList, void *plContext) { - int anchorIndex = 0; + unsigned int anchorIndex = 0; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *matchList = NULL; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_error.c b/security/nss/lib/libpkix/pkix/util/pkix_error.c index e6fba866..9d730ca1 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_error.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_error.c @@ -325,7 +325,7 @@ pkix_Error_Hashcode( /* XXX Unimplemented */ /* XXX Need to make hashcodes equal when two errors are equal */ - *pResult = (PKIX_UInt32)object; + *pResult = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(ERROR); } diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.c b/security/nss/lib/libpkix/pkix/util/pkix_logger.c index cfd870de..a916e6e4 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + + hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h index fe6ce634..1a4689da 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h @@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry; struct pkix_ClassTable_EntryStruct { char *description; - PKIX_Int32 objCounter; - PKIX_Int32 typeObjectSize; + PKIX_UInt32 objCounter; + PKIX_UInt32 typeObjectSize; PKIX_PL_DestructorCallback destructor; PKIX_PL_EqualsCallback equalsFunction; PKIX_PL_HashcodeCallback hashcodeFunction; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index d459a4a7..9954f0ca 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( contentLength = /* Try to reserve 4K+ buffer */ client->filledupBytes + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && - contentLength > client->maxResponseLen) { + contentLength > (PKIX_Int32)client->maxResponseLen) { if (client->filledupBytes < client->maxResponseLen) { contentLength = client->maxResponseLen; } else { @@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( default: client->rcv_http_data_len = contentLength; if (client->maxResponseLen > 0 && - client->maxResponseLen < contentLength) { + (PKIX_Int32)client->maxResponseLen < contentLength) { client->connectStatus = HTTP_ERROR; goto cleanup; } @@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( /* * Do we have all of the message body, or do we need to read some more? */ - if (client->filledupBytes < contentLength) { + if ((PKIX_Int32)client->filledupBytes < contentLength) { client->connectStatus = HTTP_RECV_BODY; *pKeepGoing = PKIX_TRUE; } else { @@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody( * plus remaining capacity, plus new expansion. */ int currBuffSize = client->capacity; /* Try to increase the buffer by 4K */ - int newLength = currBuffSize + HTTP_DATA_BUFSIZE; + unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && newLength > client->maxResponseLen) { newLength = client->maxResponseLen; @@ -1480,8 +1480,6 @@ pkix_pl_HttpDefaultClient_Cancel( SEC_HTTP_REQUEST_SESSION request, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel"); PKIX_NULLCHECK_ONE(request); @@ -1491,8 +1489,6 @@ pkix_pl_HttpDefaultClient_Cancel( plContext), PKIX_REQUESTNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)request; - /* XXX Not implemented */ cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c index 51ffce97..4546e339 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c @@ -263,16 +263,12 @@ pkix_pl_LdapRequest_Destroy( PKIX_PL_Object *object, void *plContext) { - PKIX_PL_LdapRequest *ldapRq = NULL; - PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext), PKIX_OBJECTNOTLDAPREQUEST); - ldapRq = (PKIX_PL_LdapRequest *)object; - /* * All dynamic fields in an LDAPRequest are allocated * in an arena, and will be freed when the arena is destroyed. diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 078862c8..7de614ea 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -379,14 +379,12 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert, PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE; PKIX_List *dpList = NULL; pkix_pl_CrlDp *dp = NULL; - CERTCertificate *cert; PKIX_UInt32 dpIndex = 0; SECStatus rv = SECSuccess; PRTime reloadDelay = 0, badCrlInvalDelay = 0; PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl"); - cert = pkixCert->nssCert; reloadDelay = ((PKIX_PL_NssContext*)plContext)->crlReloadDelay * PR_USEC_PER_SEC; @@ -480,7 +478,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl( PKIX_PL_Cert *pkixIssuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, PKIX_RevocationStatus *pStatus, void *plContext) { @@ -675,7 +673,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date, { NamedCRLCache* nameCrlCache = NULL; pkix_pl_CrlDp *dp = NULL; - int dpIndex = 0; + unsigned int dpIndex = 0; PRTime time; PRTime reloadDelay = 0, badCrlInvalDelay = 0; SECStatus rv; @@ -779,7 +777,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, SECItem *derCrlCopy = NULL; CERTSignedCrl *nssCrl = NULL; CERTGeneralName *genName = NULL; - PKIX_Int32 savedError = -1; SECItem **derGenNames = NULL; SECItem *derGenName = NULL; @@ -799,13 +796,11 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (!derGenName || !genName->name.other.data) { /* get to next name if no data. */ - savedError = PKIX_UNSUPPORTEDCRLDPTYPE; break; } uri = &genName->name.other; location = (char*)PR_Malloc(1 + uri->len); if (!location) { - savedError = PKIX_ALLOCERROR; break; } PORT_Memcpy(location, uri->data, uri->len); @@ -813,7 +808,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -823,7 +817,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -835,7 +828,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), &pRequestSession) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } @@ -858,12 +850,10 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, NULL, &myHttpResponseData, &myHttpResponseDataLen) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } if (myHttpResponseCode != 200) { - savedError = PKIX_HTTPSERVERERROR; break; } } while(0); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 2afd680c..6bd0a3a0 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -62,7 +62,12 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE; static void pkix_pl_socket_timestamp() { PRInt64 prTime; prTime = PR_Now(); +/* We shouldn't use PR_ALTERNATE_INT64_TYPEDEF, but nor can we use PRId64 */ +#if PR_BYTES_PER_LONG == 8 && !defined(PR_ALTERNATE_INT64_TYPEDEF) + printf("%ld:\n", prTime); +#else printf("%lld:\n", prTime); +#endif } /* @@ -140,7 +145,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) { */ static void pkix_pl_socket_traceLine(char *ptr) { PKIX_UInt32 i = 0; - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); for (i = 0; i < 16; i++) { printf(" "); pkix_pl_socket_hexDigit(ptr[i]); @@ -184,7 +189,7 @@ static void pkix_pl_socket_traceLine(char *ptr) { static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) { PKIX_UInt32 i = 0; if (nBytes > 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); } for (i = 0; i < nBytes; i++) { printf(" "); @@ -243,7 +248,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) { * Special case: if called with length of zero, just do address */ if (nBytes == 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)buf); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL)); printf("\n"); } else { while (bytesRemaining >= 16) { diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 2036f5c9..fa8f1851 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -1515,7 +1515,6 @@ PKIX_PL_Cert_Create( SECItem *derCertItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; - PKIX_Boolean copyDER; PKIX_PL_Cert *cert = NULL; CERTCertDBHandle *handle; @@ -1542,7 +1541,6 @@ PKIX_PL_Cert_Create( * allowing us to free our copy without worrying about whether NSS * is still using it */ - copyDER = PKIX_TRUE; handle = CERT_GetDefaultCertDB(); nssCert = CERT_NewTempCertificate(handle, derCertItem, /* nickname */ NULL, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index 0f6d7833..b83db357 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper( void *plContext) { char *asciiFormat = NULL; - PKIX_UInt32 crlVersion; + PKIX_UInt32 crlVersion = 0; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 6bc74b61..338eb1c0 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable) PKIX_UInt32 pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable) { - int typeCounter = 0; + unsigned int typeCounter = 0; PKIX_UInt32 numObjects = 0; char classNameBuff[128]; char *className = NULL; @@ -245,7 +245,9 @@ cleanup: PKIX_Error * PKIX_PL_Shutdown(void *plContext) { +#ifdef DEBUG PKIX_UInt32 numLeakedObjects = 0; +#endif PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown"); @@ -258,10 +260,14 @@ PKIX_PL_Shutdown(void *plContext) pkix_pl_HttpCertStore_Shutdown(plContext); +#ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } +#else + pkix_pl_lifecycle_ObjectLeakCheck(NULL); +#endif if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 881a1ed5..9a33fd5e 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default( PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default"); PKIX_NULLCHECK_TWO(object, pValue); - *pValue = (PKIX_UInt32)object; + *pValue = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(OBJECT); } diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fdc8a8a1..fbabaa09 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1070,9 +1070,15 @@ SEC_GetCrlTimes; ;+ local: ;+ *; ;+}; -;+NSS_3.18.1 { # NSS 3.18.1 release +;+NSS_3.19 { # NSS 3.19 release ;+ global: CERT_GetImposedNameConstraints; ;+ local: ;+ *; ;+}; +;+NSS_3.19.1 { # NSS 3.19.1 release +;+ global: +SECKEY_BigIntegerBitLength; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 6bac8320..8caafa53 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,9 +33,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.18.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.20.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 18 +#define NSS_VMINOR 20 #define NSS_VPATCH 0 #define NSS_VBUILD 1 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 6218a7e9..b22f9151 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -491,10 +491,6 @@ struct NSSInitContextStr { #define NSS_INIT_MAGIC 0x1413A91C static SECStatus nss_InitShutdownList(void); -#ifdef DEBUG -static CERTCertificate dummyCert; -#endif - /* All initialized to zero in BSS */ static PRCallOnceType nssInitOnce; static PZLock *nssInitLock; @@ -571,8 +567,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, * functions */ if (!isReallyInitted) { +#ifdef DEBUG + CERTCertificate dummyCert; /* New option bits must not change the size of CERTCertificate. */ PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); +#endif if (SECSuccess != cert_InitLocks()) { goto loser; @@ -1230,8 +1229,7 @@ NSS_IsInitialized(void) } -extern const char __nss_base_rcsid[]; -extern const char __nss_base_sccsid[]; +extern const char __nss_base_version[]; PRBool NSS_VersionCheck(const char *importedVersion) @@ -1247,9 +1245,8 @@ NSS_VersionCheck(const char *importedVersion) */ int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0; const char *ptr = importedVersion; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_base_rcsid[0] + __nss_base_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_base_version +#include "verref.h" while (isdigit(*ptr)) { vmajor = 10 * vmajor + *ptr - '0'; diff --git a/security/nss/lib/nss/nssver.c b/security/nss/lib/nss/nssver.c index e2aa0cec..653ebec6 100644 --- a/security/nss/lib/nss/nssver.c +++ b/security/nss/lib/nss/nssver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_base_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_base_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_base_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 1bf8a7f5..dbf6b961 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -143,6 +143,8 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(&theTemplate,0,NULL,0); switch (pubKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len); break; @@ -228,7 +230,6 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); - PRStatus status; /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); @@ -278,7 +279,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, * different NSSCertificate that it found in the cache. * Presumably, the nickname which we just output above remains valid. :) */ - status = nssTrustDomain_AddCertsToCache(td, &c, 1); + (void)nssTrustDomain_AddCertsToCache(td, &c, 1); return STAN_GetCERTCertificateOrRelease(c); } @@ -2005,7 +2006,6 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, SECStatus(* callback)(CERTCertificate*, void *), void *arg) { - struct nss3_cert_cbstr pk11cb; PRStatus nssrv = PR_SUCCESS; NSSToken *token; NSSTrustDomain *td; @@ -2016,8 +2016,6 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, NSSCertificate **certs; nssList *nameList = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - pk11cb.callback = callback; - pk11cb.arg = arg; token = PK11Slot_GetNSSToken(slot); if (!nssToken_IsPresent(token)) { return SECSuccess; @@ -2700,7 +2698,8 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { - return SEC_ERROR_INVALID_ARGS; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index 6700180a..e3ba1226 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -589,8 +589,12 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (softokenLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(softokenLib); +#endif } softokenLib = NULL; } diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index ad9b1fda..187e2e1f 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -750,8 +750,7 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0}; CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0}; SECStatus lrv = SECSuccess; - int error; - + int error = SEC_ERROR_LIBRARY_FAILURE; sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL); if (sourceCert == NULL) { diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 70802948..e09d2276 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1781,7 +1781,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); /* if you change the array, change the variable below as well */ CK_OBJECT_HANDLE peerID; - CK_OBJECT_HANDLE parent; PLArenaPool *arena; CK_RV crv; @@ -1810,7 +1809,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, /* * issue the find */ - parent = *(CK_OBJECT_CLASS *)(keyclass->pValue); *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass; peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize); diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 471e57b3..2152a41e 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -422,7 +422,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { - CK_KEY_TYPE keyType = CKK_RSA; SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; const SEC_ASN1Template *keyTemplate, *paramTemplate; @@ -449,7 +448,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = rsaKey; - keyType = CKK_RSA; break; case SEC_OID_ANSIX9_DSA_SIGNATURE: prepare_dsa_priv_key_export_for_asn1(lpk); @@ -457,7 +455,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = SECKEY_PQGParamsTemplate; paramDest = &(lpk->u.dsa.params); lpk->keyType = dsaKey; - keyType = CKK_DSA; break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: if(!publicValue) { @@ -468,7 +465,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = dhKey; - keyType = CKK_DH; break; default: diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 4c5b9f16..20d9eaad 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -1821,6 +1821,8 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, switch (privKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: case nullKey: PORT_SetError(SEC_ERROR_BAD_KEY); break; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 1f6597b5..044956fe 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -555,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, break; } if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && - ( (!tokenName) || (tmpSlot->token_name && - (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && - ( (!slotName) || (tmpSlot->slot_name && - (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { + ( (!tokenName) || + (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && + ( (!slotName) || + (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { if (tmpSlot) { PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; @@ -1105,7 +1105,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) { CK_TOKEN_INFO tokenInfo; CK_RV crv; - char *tmp; SECStatus rv; PRStatus status; @@ -1139,8 +1138,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (slot->isActiveCard) { slot->protectedAuthPath = PR_FALSE; } - tmp = PK11_MakeString(NULL,slot->token_name, - (char *)tokenInfo.label, sizeof(tokenInfo.label)); + (void)PK11_MakeString(NULL,slot->token_name, + (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; slot->maxPassword = tokenInfo.ulMaxPinLen; PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); @@ -1349,7 +1348,6 @@ void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) { SECStatus rv; - char *tmp; CK_SLOT_INFO slotInfo; slot->functionList = mod->functionList; @@ -1371,7 +1369,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) * works because modules keep implicit references * from their slots, and won't unload and disappear * until all their slots have been freed */ - tmp = PK11_MakeString(NULL,slot->slot_name, + (void)PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); #define ACTIVE_CARD "ActivCard SA" @@ -2052,7 +2050,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, PK11SlotInfo *slot = NULL; PRBool freeit = PR_FALSE; PRBool listNeedLogin = PR_FALSE; - int i; + unsigned int i; SECStatus rv; list = PK11_GetSlotList(type[0]); diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 6a3a38c9..51bf0f7f 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, return SECFailure; } - for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) { SECItem *newNickname = NULL; SECItem *defaultNickname = NULL; SECStatus rename_rv; diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 5584407f..76693849 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -695,7 +695,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, void *bagData) { sec_PKCS12SafeBag *safeBag; - PRBool setName = PR_TRUE; void *mark = NULL; SECStatus rv = SECSuccess; SECOidData *oidData = NULL; @@ -740,7 +739,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: safeBag->safeBagContent.safeContents = (sec_PKCS12SafeContents *)bagData; - setName = PR_FALSE; break; default: goto loser; @@ -1532,8 +1530,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) * it is confirmed that integrity must be in place */ if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) { - SECStatus rv; - /* create public key integrity mode */ p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData( p12exp->integrityInfo.pubkeyInfo.cert, @@ -1549,8 +1545,7 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) { goto loser; } - rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo)); } else { p12enc->aSafeCinfo = SEC_PKCS7CreateData(); diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c index 80689544..7a52d820 100644 --- a/security/nss/lib/pkcs7/p7decode.c +++ b/security/nss/lib/pkcs7/p7decode.c @@ -1290,7 +1290,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, const SECItem *digest; SECItem **digests; SECItem **rawcerts; - CERTSignedCrl **crls; SEC_PKCS7SignerInfo **signerinfos, *signerinfo; CERTCertificate *cert, **certs; PRBool goodsig; @@ -1340,7 +1339,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = sdp->digestAlgorithms; digests = sdp->digests; rawcerts = sdp->rawCerts; - crls = sdp->crls; signerinfos = sdp->signerInfos; content_type = &(sdp->contentInfo.contentType); sigkey = NULL; @@ -1355,7 +1353,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = saedp->digestAlgorithms; digests = saedp->digests; rawcerts = saedp->rawCerts; - crls = saedp->crls; signerinfos = saedp->signerInfos; content_type = &(saedp->encContentInfo.contentType); sigkey = saedp->sigKey; diff --git a/security/nss/lib/pkcs7/p7encode.c b/security/nss/lib/pkcs7/p7encode.c index 99b68ee5..349bc846 100644 --- a/security/nss/lib/pkcs7/p7encode.c +++ b/security/nss/lib/pkcs7/p7encode.c @@ -59,13 +59,10 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; - void *mark, *wincx; + void *mark; int i; PLArenaPool *arena = NULL; - /* Get the context in case we need it below. */ - wincx = cinfo->pwfn_arg; - kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index 6a7af1f8..8c5e0bfa 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index ed6145a5..fdf147c9 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -895,7 +895,6 @@ nssCertificateList_DoCallback ( { nssListIterator *certs; NSSCertificate *cert; - PRStatus nssrv; certs = nssList_CreateIterator(certList); if (!certs) { return PR_FAILURE; @@ -904,7 +903,7 @@ nssCertificateList_DoCallback ( cert != (NSSCertificate *)NULL; cert = (NSSCertificate *)nssListIterator_Next(certs)) { - nssrv = (*callback)(cert, arg); + (void)(*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 953d7380..a415ace4 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ - int index; + unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); @@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* caller made sure nssTrust isn't NULL */ nssPKIObject *tobject = &nssTrust->object; nssPKIObject *cobject = &c->object; - int i; + unsigned int i; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 083b9b66..c86e5bb4 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -903,7 +903,6 @@ nssPKIObjectCollection_Traverse ( nssPKIObjectCallback *callback ) { - PRStatus status; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { @@ -920,19 +919,19 @@ nssPKIObjectCollection_Traverse ( } switch (collection->objectType) { case pkiObjectType_Certificate: - status = (*callback->func.cert)((NSSCertificate *)node->object, + (void)(*callback->func.cert)((NSSCertificate *)node->object, callback->arg); break; case pkiObjectType_CRL: - status = (*callback->func.crl)((NSSCRL *)node->object, + (void)(*callback->func.crl)((NSSCRL *)node->object, callback->arg); break; case pkiObjectType_PrivateKey: - status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, + (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, callback->arg); break; case pkiObjectType_PublicKey: - status = (*callback->func.pbkey)((NSSPublicKey *)node->object, + (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, callback->arg); break; } @@ -1057,7 +1056,6 @@ nssCertificateCollection_Create ( NSSCertificate **certsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); collection->objectType = pkiObjectType_Certificate; @@ -1068,7 +1066,7 @@ nssCertificateCollection_Create ( if (certsOpt) { for (; *certsOpt; certsOpt++) { nssPKIObject *object = (nssPKIObject *)(*certsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; @@ -1164,7 +1162,6 @@ nssCRLCollection_Create ( NSSCRL **crlsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); collection->objectType = pkiObjectType_CRL; @@ -1175,7 +1172,7 @@ nssCRLCollection_Create ( if (crlsOpt) { for (; *crlsOpt; crlsOpt++) { nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 7842189c..5f9dfdd5 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( nssList *subjectList; cache_entry *ce; NSSArena *arena; - NSSUTF8 *nickname; + NSSUTF8 *nickname = NULL; #ifdef DEBUG_CACHE log_cert_ref("attempt to remove cert", cert); @@ -776,14 +776,18 @@ add_cert_to_cache ( added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { +#ifdef nodef PRBool handle = PR_FALSE; +#endif if (certNickname) { nssrv = add_nickname_entry(arena, td->cache, certNickname, subjectList); if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added++; } if (cert->email) { @@ -791,7 +795,9 @@ add_cert_to_cache ( if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added += 2; } #ifdef nodef diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index a3d26a88..90e8f268 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -991,7 +991,6 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { - PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1028,7 +1027,7 @@ NSSTrustDomain_TraverseCertificates ( session = nssTrustDomain_GetSessionForToken(td, token); if (session) { /* perform the traversal */ - status = nssToken_TraverseCertificates(token, + (void)nssToken_TraverseCertificates(token, session, tokenOnly, collector, @@ -1041,7 +1040,7 @@ NSSTrustDomain_TraverseCertificates ( /* Traverse the collection */ pkiCallback.func.cert = callback; pkiCallback.arg = arg; - status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); + (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { nssSlotArray_Destroy(slots); diff --git a/security/nss/lib/smime/cmsasn1.c b/security/nss/lib/smime/cmsasn1.c index 4519363b..b09a2e18 100644 --- a/security/nss/lib/smime/cmsasn1.c +++ b/security/nss/lib/smime/cmsasn1.c @@ -51,10 +51,6 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = { { 0 } }; -static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = { - { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate } -}; - /* ----------------------------------------------------------------------------- * ENCAPSULATED & ENCRYPTED CONTENTINFO * (both use a NSSCMSContentInfo) diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 16d64361..958d4e47 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/smime/cmsencode.c b/security/nss/lib/smime/cmsencode.c index 651f0865..3025740b 100644 --- a/security/nss/lib/smime/cmsencode.c +++ b/security/nss/lib/smime/cmsencode.c @@ -122,7 +122,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) NSSCMSEncoderContext *p7ecx; NSSCMSContentInfo *rootcinfo, *cinfo; PRBool after = !before; - PLArenaPool *poolp; SECOidTag childtype; SECItem *item; @@ -130,7 +129,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -201,12 +199,9 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx) SECStatus rv; SECOidTag childtype; NSSCMSContentInfo *cinfo; - PLArenaPool *poolp; NSSCMSEncoderContext *childp7ecx; const SEC_ASN1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c index 72026e6c..a44fb0b5 100644 --- a/security/nss/lib/smime/cmsmessage.c +++ b/security/nss/lib/smime/cmsmessage.c @@ -28,26 +28,26 @@ NSS_CMSMessage_Create(PLArenaPool *poolp) PRBool poolp_is_ours = PR_FALSE; if (poolp == NULL) { - poolp = PORT_NewArena (1024); /* XXX what is right value? */ - if (poolp == NULL) - return NULL; - poolp_is_ours = PR_TRUE; - } + poolp = PORT_NewArena (1024); /* XXX what is right value? */ + if (poolp == NULL) + return NULL; + poolp_is_ours = PR_TRUE; + } if (!poolp_is_ours) - mark = PORT_ArenaMark(poolp); + mark = PORT_ArenaMark(poolp); - cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc (poolp, sizeof(NSSCMSMessage)); - if (cmsg == NULL) { - if (!poolp_is_ours) { - if (mark) { - PORT_ArenaRelease(poolp, mark); - } - } else - PORT_FreeArena(poolp, PR_FALSE); - return NULL; + cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSMessage)); + if (cmsg == NULL || + NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)) != SECSuccess) { + if (!poolp_is_ours) { + if (mark) { + PORT_ArenaRelease(poolp, mark); + } + } else + PORT_FreeArena(poolp, PR_FALSE); + return NULL; } - NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)); cmsg->poolp = poolp; cmsg->poolp_is_ours = poolp_is_ours; diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 5e08870b..abc22542 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -526,7 +526,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; - SECAlgorithmID *encalg; SECOidTag encalgtag; SECItem *enckey; int error; @@ -536,7 +535,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -551,7 +549,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { @@ -573,7 +570,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ diff --git a/security/nss/lib/smime/cmsudf.c b/security/nss/lib/smime/cmsudf.c index 13071113..472b6d66 100644 --- a/security/nss/lib/smime/cmsudf.c +++ b/security/nss/lib/smime/cmsudf.c @@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved) static PLHashNumber nss_cmstype_hash_key(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static PRIntn nss_cmstype_compare_keys(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = nss_cmstype_hash_key(v1); + PLHashNumber value2 = nss_cmstype_hash_key(v2); return (value1 == value2); } diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 90fa0cf2..84d1960a 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -754,12 +754,13 @@ loser: return cert; } -extern const char __nss_smime_rcsid[]; -extern const char __nss_smime_sccsid[]; +extern const char __nss_smime_version[]; PRBool NSSSMIME_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_smime_version +#include "verref.h" /* * This is the secret handshake algorithm. * @@ -769,10 +770,6 @@ NSSSMIME_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_smime_rcsid[0] + __nss_smime_sccsid[0]; - return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/smime/smimever.c b/security/nss/lib/smime/smimever.c index 917bbf59..8c06130a 100644 --- a/security/nss/lib/smime/smimever.c +++ b/security/nss/lib/smime/smimever.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_smime_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_smime_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_smime_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index 085b2be2..c3dd887b 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1476,7 +1476,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *cipherText = NULL; SECItem *dummy = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; +#endif int savelen; #endif @@ -1589,9 +1591,11 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } +#ifdef EC_DEBUG fordebug = &(pki->privateKey); SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif break; #endif /* NSS_DISABLE_ECC */ @@ -1704,7 +1708,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; #endif @@ -1817,9 +1821,11 @@ seckey_decrypt_private_key(SECItem*epki, pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey, &pki->privateKey) ) break; rv = SEC_QuickDERDecodeItem(permarena, pk, @@ -1990,12 +1996,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, SECItem *encCheck) { SECOidData *oidData; - SECStatus rv; oidData = SECOID_FindOIDByTag(alg); if ( oidData == NULL ) { - rv = SECFailure; - goto loser; + return SECFailure; } entry->len = 1 + oidData->oid.len + encCheck->len; @@ -2006,7 +2010,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, } if ( entry->data == NULL ) { - goto loser; + return SECFailure; } /* first length of oid */ @@ -2017,10 +2021,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data, encCheck->len); - return(SECSuccess); - -loser: - return(SECFailure); + return SECSuccess; } @@ -2032,7 +2033,6 @@ static SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) { SECStatus rv; - int ret; int errors = 0; if ( handle->db == NULL ) { @@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) done: /* sync the database */ - ret = keydb_Sync(handle, 0); + (void)keydb_Sync(handle, 0); db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); @@ -2089,7 +2089,6 @@ done: static int keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2099,7 +2098,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2107,7 +2106,6 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2117,7 +2115,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2125,7 +2123,6 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2135,7 +2132,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2143,7 +2140,6 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) static int keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2153,7 +2149,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2161,7 +2157,6 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) static int keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2171,7 +2166,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2179,7 +2174,6 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static void keydb_Close(NSSLOWKEYDBHandle *kdb) { - PRStatus prstat; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2188,7 +2182,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb) (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock)); + SKIP_AFTER_FORK(PZ_Unlock(kdbLock)); return; } diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 00a0a746..7c80c568 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -210,8 +210,6 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr = LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue)); static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0); char lg_StaticOneValue = 1; -static const CK_ATTRIBUTE lg_StaticOneAttr = - LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue)); /* * helper functions which get the database and call the underlying @@ -434,11 +432,6 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } -static const SEC_ASN1Template lg_SerialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, - { 0 } -}; - static CK_RV lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index 37efcd6f..47da8f04 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -22,15 +22,9 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_dbm_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_dbm_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_dbm_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; typedef struct LGPrivateStr { NSSLOWCERTCertDBHandle *certDB; @@ -482,14 +476,14 @@ lg_Close(SDB *sdb) static PLHashNumber lg_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } PRIntn lg_CompareValues(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = lg_HashNumber(v1); + PLHashNumber value2 = lg_HashNumber(v2); return (value1 == value2); } @@ -593,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix, CK_RV crv = CKR_OK; SECStatus rv; PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_dbm_rcsid[0] + __nss_dbm_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_dbm_version +#include "verref.h" rv = SECOID_Init(); if (SECSuccess != rv) { diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 5f767006..4eda4f0f 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -103,13 +103,12 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) static void nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) { - PRStatus prstat; - - prstat = PZ_ExitMonitor(handle->dbMon); - +#ifdef DEBUG + PRStatus prstat = PZ_ExitMonitor(handle->dbMon); PORT_Assert(prstat == PR_SUCCESS); - - return; +#else + PZ_ExitMonitor(handle->dbMon); +#endif } @@ -134,15 +133,16 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } /* @@ -166,15 +166,16 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } @@ -199,15 +200,17 @@ nsslowcert_LockFreeList(void) static void nsslowcert_UnlockFreeList(void) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(freeListLock != NULL); - SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PR_SUCCESS; + SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + SKIP_AFTER_FORK(PZ_Unlock(freeListLock)); +#endif } NSSLOWCERTCertificate * @@ -224,7 +227,6 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) static int certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -232,7 +234,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -240,7 +242,6 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PORT_Assert(dbLock != NULL); @@ -248,7 +249,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -256,7 +257,6 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Sync(DB *db, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -273,7 +273,6 @@ certdb_Sync(DB *db, unsigned int flags) static int certdb_Del(DB *db, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -281,7 +280,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); /* don't fail if the record is already deleted */ if (ret == DB_NOT_FOUND) { @@ -294,7 +293,6 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) static int certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -302,7 +300,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -310,14 +308,12 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) static void certdb_Close(DB *db) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(dbLock != NULL); SKIP_AFTER_FORK(PZ_Lock(dbLock)); (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock)); + SKIP_AFTER_FORK(PZ_Unlock(dbLock)); return; } @@ -2430,7 +2426,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, certDBEntrySubject *entry; SECStatus rv; unsigned int nnlen; - unsigned int eaddrlen; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2480,7 +2475,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, goto loser; } - eaddrlen = PORT_Strlen(emailAddr) + 1; entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *)); if ( entry->emailAddrs == NULL ) { PORT_Free(emailAddr); @@ -3586,7 +3580,6 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) certDBEntrySMime *emailEntry = NULL; char *nickname; char *emailAddr; - SECStatus rv; /* * Sequence through the old database and copy all of the entries @@ -3700,7 +3693,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if ( subjectEntry->nickname ) { PORT_Memcpy(subjectEntry->nickname, nickname, key.size - 1); - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } else if ( type == certDBEntryTypeSMimeProfile ) { emailAddr = &((char *)key.data)[1]; @@ -3729,7 +3722,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr, key.size - 1); subjectEntry->nemailAddrs = 1; - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } } @@ -3791,14 +3784,13 @@ static SECStatus UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { NSSLOWCERTCertDBHandle updatehandle; - SECStatus rv; updatehandle.permCertDB = updatedb; updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB); updatehandle.dbVerify = 0; updatehandle.ref = 1; /* prevent premature close */ - rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, + (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, (void *)handle); PZ_DestroyMonitor(updatehandle.dbMon); @@ -5071,7 +5063,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL) { SECItem keyitem; - DBT key; SECStatus rv; PLArenaPool *arena = NULL; certDBEntryRevocation *entry = NULL; @@ -5088,9 +5079,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, goto loser; } - key.data = keyitem.data; - key.size = keyitem.len; - /* find in perm database */ entry = ReadDBCrlEntry(handle, crlKey, crlType); diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index c0949fec..16d4c914 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, } PORT_Memcpy(Ai, iterBuf, hashLength); - for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { + for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) { PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index bd7c4bd5..e52c57db 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -393,6 +393,7 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA512_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA512_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE}, + {CKM_TLS_MAC, {0, 512, CKF_SN_VR}, PR_FALSE}, {CKM_NSS_TLS_PRF_GENERAL_SHA256, {0, 512, CKF_SN_VR}, PR_FALSE}, /* ------------------------- HKDF Operations -------------------------- */ @@ -462,12 +463,15 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA384_KEY_DERIVATION, { 0, 48, CKF_DERIVE}, PR_FALSE}, {CKM_SHA512_KEY_DERIVATION, { 0, 64, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, /* ---------------------- PBE Key Derivations ------------------------ */ @@ -1742,7 +1746,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); if (crv == CKR_OK) { - int keyLen,curveLen; + unsigned int keyLen,curveLen; curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8; keyLen = (2*curveLen)+1; @@ -2217,7 +2221,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) static PLHashNumber sftk_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -3135,17 +3139,16 @@ CK_RV NSC_Finalize (CK_VOID_PTR pReserved) return crv; } -extern const char __nss_softokn_rcsid[]; -extern const char __nss_softokn_sccsid[]; +extern const char __nss_softokn_version[]; /* NSC_GetInfo returns general information about Cryptoki. */ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { - volatile char c; /* force a reference that won't get optimized away */ +#define NSS_VERSION_VARIABLE __nss_softokn_version +#include "verref.h" CHECK_FORK(); - c = __nss_softokn_rcsid[0] + __nss_softokn_sccsid[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32); @@ -4002,7 +4005,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class, PRBool isValidFIPSUserSlot = PR_FALSE; PRBool isValidSlot = PR_FALSE; PRBool isFIPS = PR_FALSE; - unsigned long moduleIndex; + unsigned long moduleIndex = NSC_NON_FIPS_MODULE; SFTKAttribute *attribute; sftk_parameters paramStrings; char *paramString; @@ -4511,7 +4514,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, { PRBool isCert = PR_FALSE; int emailIndex = -1; - int i; + unsigned int i; SFTKSearchResults smime_search; CK_ATTRIBUTE smime_template[2]; CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index fc050f35..0a2c5dc8 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -73,6 +73,7 @@ static void sftk_Null(void *data, PRBool freeit) } \ printf("\n") #else +#undef EC_DEBUG #define SEC_PRINT(a, b, c, d) #endif #endif /* NSS_DISABLE_ECC */ @@ -2517,10 +2518,52 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); break; + case CKM_TLS_MAC: { + CK_TLS_MAC_PARAMS *tls12_mac_params; + HASH_HashType tlsPrfHash; + const char *label; + + if (pMechanism->ulParameterLen != sizeof(CK_TLS_MAC_PARAMS)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + tls12_mac_params = (CK_TLS_MAC_PARAMS *)pMechanism->pParameter; + if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) { + /* The TLS 1.0 and 1.1 PRF */ + tlsPrfHash = HASH_AlgNULL; + if (tls12_mac_params->ulMacLength != 12) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else { + /* The hash function for the TLS 1.2 PRF */ + tlsPrfHash = + GetHashTypeFromMechanism(tls12_mac_params->prfMechanism); + if (tlsPrfHash == HASH_AlgNULL || + tls12_mac_params->ulMacLength < 12) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } + if (tls12_mac_params->ulServerOrClient == 1) { + label = "server finished"; + } else if (tls12_mac_params->ulServerOrClient == 2) { + label = "client finished"; + } else { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, + tls12_mac_params->ulMacLength); + if (crv == CKR_OK) { + context->hashUpdate(context->hashInfo, label, 15); + } + break; + } case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); break; case CKM_NSS_HMAC_CONSTANT_TIME: { @@ -3114,10 +3157,10 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); break; case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); break; default: @@ -4039,7 +4082,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, CK_MECHANISM mech = {0, NULL, 0}; CK_ULONG modulusLen; - CK_ULONG subPrimeLen; + CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; PRBool isDerivable = PR_FALSE; @@ -4337,7 +4380,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, DSAPrivateKey * dsaPriv; /* Diffie Hellman */ - int private_value_bits = 0; DHPrivateKey * dhPriv; #ifndef NSS_DISABLE_ECC @@ -4389,7 +4431,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, */ for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { - private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; continue; } @@ -4859,7 +4900,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug; +#endif int savelen; #endif @@ -4932,9 +4975,11 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) lk->u.ec.ecParams.curveOID.len = savelen; lk->u.ec.publicValue.len >>= 3; +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); +#endif param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -4973,7 +5018,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5822,9 +5867,10 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; CK_OBJECT_CLASS classType = CKO_SECRET_KEY; CK_KEY_DERIVATION_STRING_DATA *stringPtr; + CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; PRBool isTLS = PR_FALSE; - PRBool isSHA256 = PR_FALSE; PRBool isDH = PR_FALSE; + HASH_HashType tlsPrfHash = HASH_AlgNULL; SECStatus rv; int i; unsigned int outLen; @@ -5871,7 +5917,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, keySize = sftk_MapKeySize(keyType); } - switch (pMechanism->mechanism) { + switch (mechanism) { case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ @@ -5919,18 +5965,16 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, } } - switch (pMechanism->mechanism) { + switch (mechanism) { /* * generate the master secret */ + case CKM_TLS12_MASTER_KEY_DERIVE: + case CKM_TLS12_MASTER_KEY_DERIVE_DH: case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: - isSHA256 = PR_TRUE; - /* fall thru */ case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_MASTER_KEY_DERIVE_DH: - isTLS = PR_TRUE; - /* fall thru */ case CKM_SSL3_MASTER_KEY_DERIVE: case CKM_SSL3_MASTER_KEY_DERIVE_DH: { @@ -5938,10 +5982,30 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, SSL3RSAPreMasterSecret * rsa_pms; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || - (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || - (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) - isDH = PR_TRUE; + if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || + (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { + CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = + (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; + tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || + (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { + tlsPrfHash = HASH_AlgSHA256; + } + + if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && + (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { + isTLS = PR_TRUE; + } + if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || + (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || + (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || + (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { + isDH = PR_TRUE; + } /* first do the consistancy checks */ if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { @@ -6008,8 +6072,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, pms.data = (unsigned char*)att->attrib.pValue; pms.len = att->attrib.ulValueLen; - if (isSHA256) { - status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", + if (tlsPrfHash != HASH_AlgNULL) { + status = TLS_P_hash(tlsPrfHash, &pms, "master secret", &crsr, &master, isFIPS); } else { status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); @@ -6072,12 +6136,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } + case CKM_TLS12_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: - isSHA256 = PR_TRUE; - /* fall thru */ case CKM_TLS_KEY_AND_MAC_DERIVE: - isTLS = PR_TRUE; - /* fall thru */ case CKM_SSL3_KEY_AND_MAC_DERIVE: { CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; @@ -6087,6 +6148,22 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; + if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { + CK_TLS12_KEY_MAT_PARAMS *tls12_keys = + (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; + tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { + tlsPrfHash = HASH_AlgSHA256; + } + + if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { + isTLS = PR_TRUE; + } + crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) break; @@ -6166,8 +6243,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, master.data = (unsigned char*)att->attrib.pValue; master.len = att->attrib.ulValueLen; - if (isSHA256) { - status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", + if (tlsPrfHash != HASH_AlgNULL) { + status = TLS_P_hash(tlsPrfHash, &master, "key expansion", &srcr, &keyblk, isFIPS); } else { status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, @@ -6731,7 +6808,7 @@ key_and_mac_derive_fail: PRBool withCofactor = PR_FALSE; unsigned char *secret; unsigned char *keyData = NULL; - int secretlen, curveLen, pubKeyLen; + unsigned int secretlen, curveLen, pubKeyLen; CK_ECDH1_DERIVE_PARAMS *mechParams; NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena = NULL; @@ -6783,7 +6860,7 @@ key_and_mac_derive_fail: ecPoint = newPoint; } - if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { + if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { withCofactor = PR_TRUE; } else { /* When not using cofactor derivation, one should diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 9a00273f..1023a001 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -112,7 +112,7 @@ typedef void (*SFTKBegin)(void *); typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int, void *, unsigned int); typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*SFTKHash)(void *,void *,unsigned int); +typedef void (*SFTKHash)(void *,const void *,unsigned int); typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int); typedef void (*SFTKFree)(void *); @@ -724,8 +724,8 @@ sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); -void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len); -void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len); +void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len); +void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len); void sftk_MACConstantTime_EndHash( void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); @@ -738,7 +738,8 @@ extern CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg); + HASH_HashType hash_alg, + unsigned int out_len); SEC_END_PROTOS diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 78e2fdc9..de5cbbc2 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1174,7 +1174,6 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKSessionObject *so = sftk_narrowToSessionObject(object); - SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); @@ -1191,8 +1190,10 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); - +#ifdef DEBUG + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(to); +#endif crv = sftkdb_DestroyObject(handle, object->handle); sftk_freeDB(handle); } @@ -1899,7 +1900,6 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { SFTKObject *object = NULL; - SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; CK_RV crv; @@ -1908,7 +1908,6 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) if (object == NULL) { return NULL; } - tokObject = (SFTKTokenObject *) object; object->handle = handle; /* every object must have a class, if we can't get it, the object diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 0bb7c8ea..042a683f 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, char *join=""; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; - int i; + unsigned int i; LOCK_SQLITE() *find = NULL; @@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_RV error = CKR_OK; int found = 0; int retry = 0; - int i; + unsigned int i; /* open a new db if necessary */ @@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PR_Sleep(SDB_BUSY_RETRY_TIME); } if (sqlerr == SQLITE_ROW) { - int blobSize; + unsigned int blobSize; const char *blobData; blobSize = sqlite3_column_bytes(stmt, 0); @@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, int sqlerr = SQLITE_OK; int retry = 0; CK_RV error = CKR_OK; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id, CK_RV error = CKR_OK; CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE; int retry = 0; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index 14919101..b686e8e1 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -325,9 +325,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if (sftkdb_isULONGAttribute(template[i].type)) { if (template[i].pValue) { CK_ULONG value; - unsigned char *data; - data = (unsigned char *)ntemplate[i].pValue; value = sftk_SDBULong2ULong(ntemplate[i].pValue); if (length < sizeof(CK_ULONG)) { template[i].ulValueLen = -1; @@ -475,7 +473,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template, CK_ULONG count) { - int i; + unsigned int i; CK_RV crv; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -573,11 +571,8 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle, SDB *db, CK_OBJECT_HANDLE *objectID, CK_ATTRIBUTE *template, CK_ULONG count) { - PRBool inTransaction = PR_FALSE; CK_RV crv; - inTransaction = PR_TRUE; - crv = (*db->sdb_CreateObject)(db, objectID, template, count); if (crv != CKR_OK) { goto loser; @@ -595,9 +590,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object, SFTKDBHandle *handle,CK_ULONG *pcount, CK_RV *crv) { - int count; + unsigned int count; CK_ATTRIBUTE *template; - int i, templateIndex; + unsigned int i, templateIndex; SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); PRBool doEnc = PR_TRUE; @@ -1021,7 +1016,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, { CK_ATTRIBUTE *attr; char *nickname, *newNickname; - int end, digit; + unsigned int end, digit; /* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { @@ -1060,9 +1055,11 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, return CKR_OK; } - for (end = attr->ulValueLen - 1; - end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0'; - end--) { + for (end = attr->ulValueLen; end-- > 0;) { + digit = nickname[end]; + if (digit > '9' || digit < '0') { + break; + } if (digit < '9') { nickname[end]++; return CKR_OK; @@ -1257,7 +1254,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find, crv = (*db->sdb_FindObjects)(db, find, ids, arraySize, count); if (crv == CKR_OK) { - int i; + unsigned int i; for (i=0; i < *count; i++) { ids[i] |= (handle->type | SFTK_TOKEN_TYPE); } @@ -1600,14 +1597,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = { CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS }; -static int known_attributes_size= sizeof(known_attributes)/ +static unsigned int known_attributes_size= sizeof(known_attributes)/ sizeof(known_attributes[0]); static CK_RV sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id, CK_ATTRIBUTE *ptemplate, CK_ULONG *max) { - int i,j; + unsigned int i,j; CK_RV crv; if (*max < known_attributes_size) { @@ -2011,7 +2008,6 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, {CKA_ID, NULL, 0}, {CKA_LABEL, NULL, 0} }; - CK_RV crv; attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen); @@ -2023,7 +2019,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, } /* the source has either an id or a label, see what the target has */ - crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); + (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); /* if the target has neither, update from the source */ if ( ((ttemplate[0].ulValueLen == 0) || @@ -2168,7 +2164,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id, CK_OBJECT_CLASS objectType; SDB *source = handle->update; SDB *target = handle->db; - int i; + unsigned int i; CK_RV crv; PLArenaPool *arena = NULL; @@ -2257,7 +2253,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key) SECItem *updatePasswordKey = NULL; CK_RV crv, crv2; PRBool inTransaction = PR_FALSE; - int i; + unsigned int i; if (handle == NULL) { return CKR_OK; diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index 3b55a057..f4e859bc 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -143,31 +143,29 @@ loser: } void -sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) +sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = HMAC_ConstantTime( + PORT_CheckSuccess(HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void -sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) +sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = SSLv3_MAC_ConstantTime( + PORT_CheckSuccess(SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index 4c9ac172..d8ce8577 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -864,8 +864,6 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_RV crv = CKR_OK; - CK_RV crv2; CK_ATTRIBUTE authAttrs[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, @@ -879,7 +877,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, }; CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -902,7 +900,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, /* * STEP 1: find the MACed attributes of this object */ - crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); count = 0; /* allocate space for the attributes */ for (i=0; i < authAttrCount; i++) { @@ -912,7 +910,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, count++; authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); if (authAttrs[i].pValue == NULL) { - crv = CKR_HOST_MEMORY; break; } } @@ -922,7 +919,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, return CKR_OK; } - crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); /* ignore error code, we expect some possible errors */ /* GetAttributeValue just verified the old macs, safe to write @@ -969,7 +966,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, {CKA_EXPONENT_2, NULL, 0}, {CKA_COEFFICIENT, NULL, 0} }; CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; /* * STEP 1. Read the old attributes in the clear. @@ -1113,7 +1110,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, CK_ULONG idCount = SFTK_MAX_IDS; CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; CK_RV crv, crv2; - int i; + unsigned int i; crv = sftkdb_FindObjectsInit(handle, template, count, &find); @@ -1247,7 +1244,7 @@ loser: PORT_ZFree(newKey.data,newKey.len); } if (result) { - SECITEM_FreeItem(result, PR_FALSE); + SECITEM_FreeItem(result, PR_TRUE); } if (rv != SECSuccess) { (*keydb->db->sdb_Abort)(keydb->db); diff --git a/security/nss/lib/softoken/softkver.c b/security/nss/lib/softoken/softkver.c index de21bfef..3f20fad2 100644 --- a/security/nss/lib/softoken/softkver.c +++ b/security/nss/lib/softoken/softkver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_softokn_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_softokn_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_softokn_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 9e7b2c14..c7adc4bb 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,9 +25,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.18.0.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.20.0.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 18 +#define SOFTOKEN_VMINOR 20 #define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/softoken/tlsprf.c b/security/nss/lib/softoken/tlsprf.c index 8c97ad3a..0ebad602 100644 --- a/security/nss/lib/softoken/tlsprf.c +++ b/security/nss/lib/softoken/tlsprf.c @@ -6,6 +6,7 @@ #include "pkcs11i.h" #include "blapi.h" +#include "secerr.h" #define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) @@ -23,6 +24,7 @@ typedef struct { SECStatus cxRv; /* records failure of void functions. */ PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ + unsigned int cxOutLen; /* bytes of output if nonzero */ unsigned char cxBuf[512]; /* actual size may be larger than 512. */ } TLSPRFContext; @@ -87,7 +89,14 @@ sftk_TLSPRFUpdate(TLSPRFContext *cx, seedItem.len = cx->cxDataLen; sigItem.data = sig; - sigItem.len = maxLen; + if (cx->cxOutLen == 0) { + sigItem.len = maxLen; + } else if (cx->cxOutLen <= maxLen) { + sigItem.len = cx->cxOutLen; + } else { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } if (cx->cxHashAlg != HASH_AlgNULL) { rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, @@ -142,7 +151,8 @@ CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg) + HASH_HashType hash_alg, + unsigned int out_len) { SFTKAttribute * keyVal; TLSPRFContext * prf_cx; @@ -169,6 +179,7 @@ sftk_TLSPRFInit(SFTKSessionContext *context, prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); prf_cx->cxBufPtr = prf_cx->cxBuf; prf_cx->cxHashAlg = hash_alg; + prf_cx->cxOutLen = out_len; if (keySize) PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); diff --git a/security/nss/lib/sqlite/Makefile b/security/nss/lib/sqlite/Makefile index a2f0cf7d..dd8ea143 100644 --- a/security/nss/lib/sqlite/Makefile +++ b/security/nss/lib/sqlite/Makefile @@ -46,3 +46,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export +ifeq (WINNT,$(OS_ARCH)) +# sqlite calls the deprecated GetVersionExA method +OS_CFLAGS += -w44996 +endif + diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 8ec2bb95..8f261e80 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */ ** Macros to determine whether the machine is big or little endian, ** evaluated at runtime. */ -#ifdef SQLITE_AMALGAMATION -SQLITE_PRIVATE const int sqlite3one = 1; -#else -SQLITE_PRIVATE const int sqlite3one; -#endif #if defined(i386) || defined(__i386__) || defined(_M_IX86)\ || defined(__x86_64) || defined(__x86_64__) # define SQLITE_BIGENDIAN 0 # define SQLITE_LITTLEENDIAN 1 # define SQLITE_UTF16NATIVE SQLITE_UTF16LE #else +# ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +# else +SQLITE_PRIVATE const int sqlite3one; +# endif # define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) # define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) # define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index 174037b1..da561644 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -422,3 +422,15 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131), "The server rejected the handshake because the client downgraded to a lower " "TLS version than the server supports.") + +ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132), +"The server certificate included a public key that was too weak.") + +ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133), +"Not enough room in buffer for DTLS record.") + +ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), +"No supported TLS signature algorithm was configured.") + +ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), +"The peer used an unsupported combination of signature and hash algorithm.") diff --git a/security/nss/lib/ssl/dhe-param.c b/security/nss/lib/ssl/dhe-param.c new file mode 100644 index 00000000..ac0942e2 --- /dev/null +++ b/security/nss/lib/ssl/dhe-param.c @@ -0,0 +1,413 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +static const unsigned char ff_dhe_g2[] = { 2 }; + +static const unsigned char ff_dhe_2048_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_2048 = { + { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_3072_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_3072 = { + { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_4096_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_4096 = { + { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_6144_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, + 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_6144 = { + { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_8192_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, + 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, + 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, + 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, + 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, + 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, + 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, + 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, + 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, + 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, + 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, + 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, + 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, + 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, + 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, + 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, + 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, + 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, + 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, + 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, + 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, + 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, + 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, + 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, + 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, + 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, + 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, + 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, + 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, + 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, + 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, + 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, + 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, + 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_8192 = { + { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 89315eee..1b211070 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -229,7 +227,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ if (message_length > MAX_HANDSHAKE_MSG_LEN) { (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); return SECFailure; } #undef MAX_HANDSHAKE_MSG_LEN @@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This avoids having to fill in the bitmask in the common * case of adjacent fragments received in sequence */ - if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { + if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + @@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* The reason we use 8 here is that that's the length of * the new DTLS data that we add to the header */ - fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), + fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); /* Make totally sure that we are within the buffer. diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def index 3a2340b4..efcf9a94 100644 --- a/security/nss/lib/ssl/ssl.def +++ b/security/nss/lib/ssl/ssl.def @@ -171,3 +171,22 @@ SSL_SetCanFalseStartCallback; ;+ local: ;+*; ;+}; +;+NSS_3.20 { # NSS 3.20 release +;+ global: +;+# If the 3.20 release includes any additional functions +;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup +;+# they should be labeled as NSS_3.20a +SSL_DHEGroupPrefSet; +SSL_EnableWeakDHEPrimeGroup; +;+ local: +;+*; +;+}; +;+NSS_3.21 { # NSS 3.21 release +;+ global: +SSL_GetPreliminaryChannelInfo; +SSL_SignaturePrefSet; +SSL_SignaturePrefGet; +SSL_SignatureMaxCount; +;+ local: +;+*; +;+}; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 91a47a69..40f8476d 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -185,12 +185,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is * reused for multiple handshakes or generated each time. * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default. + * This socket option is for ECDHE, only. It is unrelated to DHE. */ #define SSL_REUSE_SERVER_ECDHE_KEY 27 #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in * handshakes. */ +/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket. + */ +#define SSL_ENABLE_SERVER_DHE 29 + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); @@ -292,6 +297,86 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); +/* +** Control for TLS signature algorithms for TLS 1.2 only. +** +** This governs what signature algorithms are sent by a client in the +** signature_algorithms extension. A client will not accept a signature from a +** server unless it uses an enabled algorithm. +** +** This also governs what the server sends in the supported_signature_algorithms +** field of a CertificateRequest. It also changes what the server uses to sign +** ServerKeyExchange: a server uses the first entry from this list that is +** compatible with the client's advertised signature_algorithms extension and +** the selected server certificate. +** +** Omitting SHA-256 from this list might be foolish. Support is mandatory in +** TLS 1.2 and there might be interoperability issues. For a server, NSS only +** supports SHA-256 for verifying a TLS 1.2 CertificateVerify. This list needs +** to include SHA-256 if client authentication is requested or required, or +** creating a CertificateRequest will fail. +*/ +SSL_IMPORT SECStatus SSL_SignaturePrefSet( + PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, + unsigned int count); + +/* +** Get the currently configured signature algorithms. +** +** The algorithms are written to |algorithms| but not if there are more than +** |maxCount| values configured. The number of algorithms that are in use are +** written to |count|. This fails if |maxCount| is insufficiently large. +*/ +SSL_IMPORT SECStatus SSL_SignaturePrefGet( + PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count, + unsigned int maxCount); + +/* +** Returns the maximum number of signature algorithms that are supported and +** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet. +*/ +SSL_IMPORT unsigned int SSL_SignatureMaxCount(); + +/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group +** parameters that can be used by NSS for the given server socket. +** The first item in the array is used as the default group, if no other +** selection criteria can be used by NSS. +** The set is provided as an array of identifiers as defined by SSLDHEGroupType. +** If more than one group identifier is provided, NSS will select the one to use. +** For example, a TLS extension sent by the client might indicate a preference. +*/ +SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, + SSLDHEGroupType *groups, + PRUint16 num_groups); + +/* Enable the use of a DHE group that's smaller than the library default, +** for backwards compatibility reasons. The DH parameters will be created +** at the time this function is called, which might take a very long time. +** The function will block until generation is completed. +** The intention is to enforce that fresh and safe parameters are generated +** each time a process is started. +** At the time this API was initially implemented, the API will enable the +** use of 1024 bit DHE parameters. This value might get increased in future +** versions of NSS. +** +** It is allowed to call this API will a NULL value for parameter fd, +** which will prepare the global parameters that NSS will reuse for the remainder +** of the process lifetime. This can be used early after startup of a process, +** to avoid a delay when handling incoming client connections. +** This preparation with a NULL for parameter fd will NOT enable the weak group +** on sockets. The function needs to be called again for every socket that +** should use the weak group. +** +** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API. +** If both APIs have been called, the weakest group will be used, +** unless it is certain that the client supports larger group parameters. +** The weak group will be used as the default group, overriding the preference +** for the first group potentially set with a call to SSL_DHEGroupPrefSet +** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but +** it's no longer the default group.) +*/ +SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled); + /* SSL Version Range API ** ** This API should be used to control SSL 3.0 & TLS support instead of the @@ -895,10 +980,27 @@ SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); /* Report more information than SSL_SecurityStatus. -** Caller supplies the info struct. Function fills it in. -*/ + * Caller supplies the info struct. This function fills it in. + * The information here will be zeroed prior to details being confirmed. The + * details are confirmed either when a Finished message is received, or - for a + * client - when the second flight of messages have been sent. This function + * therefore produces unreliable results prior to receiving the + * SSLHandshakeCallback or the SSLCanFalseStartCallback. + */ SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len); +/* Get preliminary information about a channel. + * This function can be called prior to handshake details being confirmed (see + * SSL_GetChannelInfo above for what that means). Thus, information provided by + * this function is available to SSLAuthCertificate, SSLGetClientAuthData, + * SSLSNISocketConfig, and other callbacks that might be called during the + * processing of the first flight of client of server handshake messages. + * Values are marked as being unavailable when renegotiation is initiated. + */ +SSL_IMPORT SECStatus +SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, + SSLPreliminaryChannelInfo *info, + PRUintn len); SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, SSLCipherSuiteInfo *info, PRUintn len); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 7d26568f..7da3aa6d 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -61,8 +61,8 @@ static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); +static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); -static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, const unsigned char *input, @@ -108,14 +108,17 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -173,6 +176,23 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, }; +static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = { + {ssl_hash_sha256, ssl_sign_rsa}, + {ssl_hash_sha384, ssl_sign_rsa}, + {ssl_hash_sha512, ssl_sign_rsa}, + {ssl_hash_sha1, ssl_sign_rsa}, +#ifndef NSS_DISABLE_ECC + {ssl_hash_sha256, ssl_sign_ecdsa}, + {ssl_hash_sha384, ssl_sign_ecdsa}, + {ssl_hash_sha512, ssl_sign_ecdsa}, + {ssl_hash_sha1, ssl_sign_ecdsa}, +#endif + {ssl_hash_sha256, ssl_sign_dsa}, + {ssl_hash_sha1, ssl_sign_dsa} +}; +PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <= + MAX_SIGNATURE_ALGORITHMS); + /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. */ #ifdef DEBUG @@ -233,20 +253,6 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_DSS_sign, }; -/* This block is the contents of the supported_signature_algorithms field of - * our TLS 1.2 CertificateRequest message, in wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * - * This block contains only sha256 entries because we only support TLS 1.2 - * CertificateVerify messages that use the handshake hash. */ -static const PRUint8 supported_signature_algorithms[] = { - tls_hash_sha256, tls_sig_rsa, -#ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, -#endif - tls_hash_sha256, tls_sig_dsa, -}; - #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ @@ -284,30 +290,30 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; -static const ssl3KEADef kea_defs[] = +static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */ - /* kea exchKeyType signKeyType is_limited limit tls_keygen */ - {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE}, - {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, + /* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */ + {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE}, + {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE, PR_FALSE}, #ifndef NSS_DISABLE_ECC - {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, + {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, #endif /* NSS_DISABLE_ECC */ }; @@ -408,6 +414,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + #ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, @@ -644,12 +654,15 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: + case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and @@ -772,16 +785,11 @@ ssl3_config_match_init(sslSocket *ss) * that the server uses an RSA cert for (EC)DHE-RSA. */ switch (cipher_def->key_exchange_alg) { + case kea_dhe_dss: + svrAuth = ss->serverCerts + ssl_kea_dh; + break; case kea_ecdhe_rsa: -#if NSS_SERVER_DHE_IMPLEMENTED - /* XXX NSS does not yet implement the server side of _DHE_ - * cipher suites. Correcting the computation for svrAuth, - * as the case below does, causes NSS SSL servers to begin to - * negotiate cipher suites they do not implement. So, until - * server side _DHE_ is implemented, keep this disabled. - */ case kea_dhe_rsa: -#endif svrAuth = ss->serverCerts + kt_rsa; break; case kea_ecdh_ecdsa: @@ -793,6 +801,8 @@ ssl3_config_match_init(sslSocket *ss) * simultaneously. For now, both of them use * whatever is in the certificate slot for kt_ecdh */ + case kea_dhe_dss_export: + case kea_dhe_rsa_export: default: svrAuth = ss->serverCerts + exchKeyType; break; @@ -829,11 +839,22 @@ ssl3_config_match_init(sslSocket *ss) * cipher suite. */ static PRBool config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange, const sslSocket *ss) { + const ssl3CipherSuiteDef *cipher_def; + PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); if (policy == SSL_NOT_ALLOWED || !enabled) - return PR_FALSE; + return PR_FALSE; + + cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite); + PORT_Assert(cipher_def != NULL); + + PORT_Assert(ss != NULL); + if (ss->sec.isServer && !ss->opt.enableServerDhe && + kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh) + return PR_FALSE; + return (PRBool)(suite->enabled && suite->isPresent && suite->policy != SSL_NOT_ALLOWED && @@ -854,7 +875,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) return 0; } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { - if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange)) + if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss)) count++; } if (count <= 0) { @@ -946,9 +967,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, break; case dsaKey: doDerEncode = isTLS; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -959,9 +980,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, #ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -976,7 +997,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, } PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { signatureLen = PK11_SignatureLen(key); if (signatureLen <= 0) { PORT_SetError(SEC_ERROR_INVALID_KEY); @@ -990,7 +1011,8 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, rv = PK11_Sign(key, buf, &hashItem); } else { - rv = SGN_Digest(key, hash->hashAlg, buf, &hashItem); + SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); + rv = SGN_Digest(key, hashOID, buf, &hashItem); } if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); @@ -1038,7 +1060,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, return SECFailure; } - hashAlg = hash->hashAlg; + hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); switch (key->keyType) { case rsaKey: encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION; @@ -1047,9 +1069,9 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, break; case dsaKey: encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -1070,13 +1092,13 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, #ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. * ECDSA signatures always encode the integers r and s using ASN.1 * (unlike DSA where ASN.1 encoding is used with TLS but not with * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashAlg = SEC_OID_SHA1; hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); @@ -1104,8 +1126,8 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, */ rv = PK11_Verify(key, buf, &hashItem, pwArg); } else { - rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, - pwArg); + rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, + pwArg); } SECKEY_DestroyPublicKey(key); if (signature) { @@ -1121,75 +1143,71 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, /* Caller must set hiLevel error code. */ /* Called from ssl3_ComputeExportRSAKeyHash * ssl3_ComputeDHKeyHash - * which are called from ssl3_HandleServerKeyExchange. + * which are called from ssl3_HandleServerKeyExchange. * - * hashAlg: either the OID for a hash algorithm or SEC_OID_UNKNOWN to specify - * the pre-1.2, MD5/SHA1 combination hash. + * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash. */ SECStatus -ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, - PRUint8 * hashBuf, unsigned int bufLen, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, + PRUint8 * hashBuf, unsigned int bufLen, + SSL3Hashes *hashes, PRBool bypassPKCS11) { - SECStatus rv = SECSuccess; + SECStatus rv; + SECOidTag hashOID; #ifndef NO_PKCS11_BYPASS if (bypassPKCS11) { - if (hashAlg == SEC_OID_UNKNOWN) { - MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); - SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else if (hashAlg == SEC_OID_SHA1) { - SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA1_LENGTH; - } else if (hashAlg == SEC_OID_SHA256) { - SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA256_LENGTH; - } else if (hashAlg == SEC_OID_SHA384) { - SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA384_LENGTH; - } else if (hashAlg == SEC_OID_SHA512) { - SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA512_LENGTH; - } else { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - } else + if (hashAlg == ssl_hash_none) { + MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); + SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else if (hashAlg == ssl_hash_sha1) { + SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA1_LENGTH; + } else if (hashAlg == ssl_hash_sha256) { + SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA256_LENGTH; + } else if (hashAlg == ssl_hash_sha384) { + SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA384_LENGTH; + } else if (hashAlg == ssl_hash_sha512) { + SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA512_LENGTH; + } else { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + } else #endif { - if (hashAlg == SEC_OID_UNKNOWN) { - rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); - rv = SECFailure; - goto done; - } - - rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); - rv = SECFailure; - } - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else { - hashes->len = HASH_ResultLenByOidTag(hashAlg); - if (hashes->len > sizeof(hashes->u.raw)) { - ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - rv = SECFailure; - goto done; - } - rv = PK11_HashBuf(hashAlg, hashes->u.raw, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - rv = SECFailure; - } - } + if (hashAlg == ssl_hash_none) { + rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); + return rv; + } + rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); + return rv; + } + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else { + hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg); + hashes->len = HASH_ResultLenByOidTag(hashOID); + if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) { + ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + return rv; + } + } } hashes->hashAlg = hashAlg; - -done: - return rv; + return SECSuccess; } /* Caller must set hiLevel error code. @@ -1197,10 +1215,10 @@ done: ** ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, - SECItem modulus, SECItem publicExponent, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, + SECItem modulus, SECItem publicExponent, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1238,7 +1256,7 @@ ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen)); - if (hashAlg == SEC_OID_UNKNOWN) { + if (hashAlg == ssl_hash_none) { PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result", @@ -1256,10 +1274,10 @@ ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, /* Caller must set hiLevel error code. */ /* Called from ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeDHKeyHash(SECOidTag hashAlg, - SECItem dh_p, SECItem dh_g, SECItem dh_Ys, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeDHKeyHash(SSLHashType hashAlg, + SECItem dh_p, SECItem dh_g, SECItem dh_Ys, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1302,7 +1320,7 @@ ssl3_ComputeDHKeyHash(SECOidTag hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen)); - if (hashAlg == SEC_OID_UNKNOWN) { + if (hashAlg == ssl_hash_none) { PRINT_BUF(95, (NULL, "DHkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result", @@ -2540,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; PRUint16 headerLen; - int ivLen = 0; + unsigned int ivLen = 0; int cipherBytes = 0; unsigned char pseudoHeader[13]; unsigned int pseudoHeaderLen; @@ -3102,7 +3120,8 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) { static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER | ssl_SEND_FLAG_CAP_RECORD_VERSION; - PRInt32 rv = SECSuccess; + PRInt32 count = -1; + SECStatus rv = SECSuccess; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -3116,18 +3135,19 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } else { - rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, + count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } - if (rv < 0) { + if (count < 0) { int err = PORT_GetError(); PORT_Assert(err != PR_WOULD_BLOCK_ERROR); if (err == PR_WOULD_BLOCK_ERROR) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } - } else if (rv < ss->sec.ci.sendBuf.len) { + rv = SECFailure; + } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { /* short write should never happen */ - PORT_Assert(rv >= ss->sec.ci.sendBuf.len); + PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { @@ -3592,15 +3612,17 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; - CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; + /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { - if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; - else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; - key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; + else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; } else if (isTLS) { if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; @@ -3624,9 +3646,15 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; master_params.RandomInfo.pServerRandom = sr; master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + if (isTLS12) { + master_params.prfHashMechanism = CKM_SHA256; + master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + } else { + master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); + } params.data = (unsigned char *) &master_params; - params.len = sizeof master_params; + params.len = master_params_len; } if (pms != NULL) { @@ -3756,7 +3784,9 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PK11SymKey * symKey = NULL; void * pwArg = ss->pkcs11PinArg; int keySize; - CK_SSL3_KEY_MAT_PARAMS key_material_params; + CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a + * CK_SSL3_KEY_MAT_PARAMS */ + unsigned int key_material_params_len; CK_SSL3_KEY_MAT_OUT returnedKeys; CK_MECHANISM_TYPE key_derive; CK_MECHANISM_TYPE bulk_mechanism; @@ -3810,17 +3840,21 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PORT_Assert( alg2Mech[calg].calg == calg); bulk_mechanism = alg2Mech[calg].cmech; - params.data = (unsigned char *)&key_material_params; - params.len = sizeof(key_material_params); - if (isTLS12) { - key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + key_material_params.prfHashMechanism = CKM_SHA256; + key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; + key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } else { key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; + key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } + params.data = (unsigned char *)&key_material_params; + params.len = key_material_params_len; + /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and * DERIVE by DEFAULT */ symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms, @@ -4131,6 +4165,12 @@ ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize) PRUint8 b[4]; PRUint8 * p = b; + PORT_Assert(lenSize <= 4 && lenSize > 0); + if (lenSize < 4 && num >= (1L << (lenSize * 8))) { + PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG); + return SECFailure; + } + switch (lenSize) { case 4: *p++ = (num >> 24) & 0xff; @@ -4223,17 +4263,12 @@ ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) * |sigAndHash| to the current handshake message. */ SECStatus ssl3_AppendSignatureAndHashAlgorithm( - sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash) + sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) { - unsigned char serialized[2]; + PRUint8 serialized[2]; - serialized[0] = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg); - if (serialized[0] == 0) { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - - serialized[1] = sigAndHash->sigAlg; + serialized[0] = (PRUint8)sigAndHash->hashAlg; + serialized[1] = (PRUint8)sigAndHash->sigAlg; return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); } @@ -4347,15 +4382,13 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the * SECOidTag used internally by NSS. */ static const struct { - int tlsHash; + SSLHashType tlsHash; SECOidTag oid; } tlsHashOIDMap[] = { - { tls_hash_md5, SEC_OID_MD5 }, - { tls_hash_sha1, SEC_OID_SHA1 }, - { tls_hash_sha224, SEC_OID_SHA224 }, - { tls_hash_sha256, SEC_OID_SHA256 }, - { tls_hash_sha384, SEC_OID_SHA384 }, - { tls_hash_sha512, SEC_OID_SHA512 } + { ssl_hash_sha1, SEC_OID_SHA1 }, + { ssl_hash_sha256, SEC_OID_SHA256 }, + { ssl_hash_sha384, SEC_OID_SHA384 }, + { ssl_hash_sha512, SEC_OID_SHA512 } }; /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value. @@ -4363,7 +4396,7 @@ static const struct { * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECOidTag -ssl3_TLSHashAlgorithmToOID(int hashFunc) +ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) { unsigned int i; @@ -4375,42 +4408,24 @@ ssl3_TLSHashAlgorithmToOID(int hashFunc) return SEC_OID_UNKNOWN; } -/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm - * identifier. If the hash is not recognised, zero is returned. - * - * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -static int -ssl3_OIDToTLSHashAlgorithm(SECOidTag oid) -{ - unsigned int i; - - for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) { - if (oid == tlsHashOIDMap[i].oid) { - return tlsHashOIDMap[i].tlsHash; - } - } - return 0; -} - /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm * identifier for a given KeyType. */ static SECStatus -ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, - TLSSignatureAlgorithm *out) +ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out) { switch (keyType) { case rsaKey: - *out = tls_sig_rsa; - return SECSuccess; + *out = ssl_sign_rsa; + return SECSuccess; case dsaKey: - *out = tls_sig_dsa; - return SECSuccess; + *out = ssl_sign_dsa; + return SECSuccess; case ecKey: - *out = tls_sig_ecdsa; - return SECSuccess; + *out = ssl_sign_ecdsa; + return SECSuccess; default: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_KEY); + return SECFailure; } } @@ -4418,15 +4433,15 @@ ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, * algorithm identifier for the given certificate. */ static SECStatus ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, - TLSSignatureAlgorithm *out) + SSLSignType *out) { SECKEYPublicKey *key; KeyType keyType; key = CERT_ExtractPublicKey(cert); if (key == NULL) { - ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); + return SECFailure; } keyType = key->keyType; @@ -4436,24 +4451,75 @@ ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, /* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature * algorithm identifier in |sigAndHash| is consistent with the public key in - * |cert|. If so, SECSuccess is returned. Otherwise, PORT_SetError is called - * and SECFailure is returned. */ + * |cert|. It also checks the hash algorithm against the configured signature + * algorithms. If all the tests pass, SECSuccess is returned. Otherwise, + * PORT_SetError is called and SECFailure is returned. */ SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - const SSL3SignatureAndHashAlgorithm *sigAndHash, CERTCertificate* cert) + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, + CERTCertificate* cert) { SECStatus rv; - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; + unsigned int i; rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg); if (rv != SECSuccess) { - return rv; + return rv; } if (sigAlg != sigAndHash->sigAlg) { - PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); - return SECFailure; + PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + return SECFailure; } - return SECSuccess; + + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; + if (sigAndHash->sigAlg == alg->sigAlg && + sigAndHash->hashAlg == alg->hashAlg) { + return SECSuccess; + } + } + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; +} + +PRBool +ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg) +{ + static const SSLHashType supportedHashes[] = { + ssl_hash_sha1, + ssl_hash_sha256, + ssl_hash_sha384, + ssl_hash_sha512 + }; + + static const SSLSignType supportedSigAlgs[] = { + ssl_sign_rsa, +#ifndef NSS_DISABLE_ECC + ssl_sign_ecdsa, +#endif + ssl_sign_dsa + }; + + unsigned int i; + PRBool hashOK = PR_FALSE; + PRBool signOK = PR_FALSE; + + for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) { + if (alg->hashAlg == supportedHashes[i]) { + hashOK = PR_TRUE; + break; + } + } + + for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) { + if (alg->sigAlg == supportedSigAlgs[i]) { + signOK = PR_TRUE; + break; + } + } + + return hashOK && signOK; } /* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm @@ -4463,25 +4529,24 @@ ssl3_CheckSignatureAndHashAlgorithmConsistency( * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, - SSL3Opaque **b, - PRUint32 *length, - SSL3SignatureAndHashAlgorithm *out) + SSL3Opaque **b, + PRUint32 *length, + SSLSignatureAndHashAlg *out) { - unsigned char bytes[2]; + PRUint8 bytes[2]; SECStatus rv; rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length); if (rv != SECSuccess) { - return rv; + return rv; } - out->hashAlg = ssl3_TLSHashAlgorithmToOID(bytes[0]); - if (out->hashAlg == SEC_OID_UNKNOWN) { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; + out->hashAlg = (SSLHashType)bytes[0]; + out->sigAlg = (SSLSignType)bytes[1]; + if (!ssl3_IsSupportedSignatureAlgorithm(out)) { + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; } - - out->sigAlg = bytes[1]; return SECSuccess; } @@ -4511,7 +4576,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, SSL3Opaque sha_inner[MAX_MAC_LENGTH]; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - hashes->hashAlg = SEC_OID_UNKNOWN; + hashes->hashAlg = ssl_hash_none; #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11 && @@ -4532,7 +4597,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = SEC_OID_SHA256; + hashes->hashAlg = ssl_hash_sha256; rv = SECSuccess; } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ @@ -4647,7 +4712,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, } /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = SEC_OID_SHA256; + hashes->hashAlg = ssl_hash_sha256; rv = SECSuccess; tls12_loser: @@ -4826,7 +4891,7 @@ ssl3_ComputeBackupHandshakeHashes(sslSocket * ss, rv = SECFailure; goto loser; } - hashes->hashAlg = SEC_OID_SHA1; + hashes->hashAlg = ssl_hash_sha1; loser: PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE); @@ -4907,7 +4972,9 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (rv != SECSuccess) { return rv; /* ssl3_InitState has set the error code. */ } - ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ + /* These must be reset every handshake. */ + ss->ssl3.hs.sendingSCSV = PR_FALSE; + ss->ssl3.hs.preliminaryInfo = 0; PORT_Assert(IS_DTLS(ss) || !resending); SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE); @@ -5279,7 +5346,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { + if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) { actual_count++; if (actual_count > num_suites) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } @@ -5401,9 +5468,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) return SECFailure; } if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - ssl_GetXmitBufLock(ss); - rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation); - ssl_ReleaseXmitBufLock(ss); + (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation); PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); return SECFailure; } @@ -6097,9 +6162,9 @@ ssl3_SendClientKeyExchange(sslSocket *ss) isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); /* enforce limits on kea key sizes. */ if (ss->ssl3.hs.kea_def->is_limited) { - int keyLen = SECKEY_PublicKeyStrength(serverKey); /* bytes */ + unsigned int keyLen = SECKEY_PublicKeyStrengthInBits(serverKey); - if (keyLen * BPB > ss->ssl3.hs.kea_def->key_size_limit) { + if (keyLen > ss->ssl3.hs.kea_def->key_size_limit) { if (isTLS) (void)SSL3_SendAlert(ss, alert_fatal, export_restriction); else @@ -6154,7 +6219,7 @@ ssl3_SendCertificateVerify(sslSocket *ss) SSL3Hashes hashes; KeyType keyType; unsigned int len; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); @@ -6208,11 +6273,11 @@ ssl3_SendCertificateVerify(sslSocket *ss) } if (isTLS12) { rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType, - &sigAndHash.sigAlg); + &sigAndHash.sigAlg); if (rv != SECSuccess) { goto done; } - sigAndHash.hashAlg = hashes.hashAlg; + sigAndHash.hashAlg = hashes.hashAlg; rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); if (rv != SECSuccess) { @@ -6305,6 +6370,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_InitHandshakeHashes(ss); @@ -6340,7 +6406,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; if (temp == suite->cipher_suite) { SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { /* config_match already checks whether the cipher suite is * acceptable for the version, but the check is repeated here * in order to give a more precise error code. */ @@ -6364,6 +6430,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; PORT_Assert(ss->ssl3.hs.suite_def); if (!ss->ssl3.hs.suite_def) { PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE); @@ -6581,7 +6648,17 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., + * (EC)DH_anon_* suites) require a certificate, so use that signal. */ + ss->ssl3.hs.ws = wait_server_cert; + } else { + /* All the remaining cipher suites must be (EC)DH_anon_* and so + * must be ephemeral. Note, if we ever add PSK this might + * change. */ + PORT_Assert(ss->ssl3.hs.kea_def->ephemeral); + ss->ssl3.hs.ws = wait_server_key; + } return SECSuccess; alert_loser: @@ -6592,29 +6669,6 @@ loser: return SECFailure; } -/* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, - * big-endian integer is > 1 */ -static PRBool -ssl3_BigIntGreaterThanOne(const SECItem* mpint) { - unsigned char firstNonZeroByte = 0; - unsigned int i; - - for (i = 0; i < mpint->len; i++) { - if (mpint->data[i]) { - firstNonZeroByte = mpint->data[i]; - break; - } - } - - if (firstNonZeroByte == 0) - return PR_FALSE; - if (firstNonZeroByte > 1) - return PR_TRUE; - - /* firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte - * is followed by another byte. */ - return (i < mpint->len - 1); -} /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 ServerKeyExchange message. @@ -6631,25 +6685,19 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SSL3AlertDescription desc = illegal_parameter; SSL3Hashes hashes; SECItem signature = {siBuffer, NULL, 0}; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; - sigAndHash.hashAlg = SEC_OID_UNKNOWN; + sigAndHash.hashAlg = ssl_hash_none; SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake", SSL_GETPID(), ss->fd)); PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_server_key && - ss->ssl3.hs.ws != wait_server_cert) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; - } - if (ss->sec.peerCert == NULL) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_server_key) { + errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; + desc = unexpected_message; + goto alert_loser; } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); @@ -6665,6 +6713,12 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } + /* This exchange method is only used by export cipher suites. + * Those are broken and so this code will eventually be removed. */ + if (SECKEY_BigIntegerBitLength(&modulus) < 512) { + desc = isTLS ? insufficient_security : illegal_parameter; + goto alert_loser; + } rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ @@ -6675,7 +6729,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -6698,10 +6752,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -6750,12 +6804,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem dh_p = {siBuffer, NULL, 0}; SECItem dh_g = {siBuffer, NULL, 0}; SECItem dh_Ys = {siBuffer, NULL, 0}; + unsigned dh_p_bits; + unsigned dh_g_bits; + unsigned dh_Ys_bits; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_p.len < 512/8) { + dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); + if (dh_p_bits < SSL_DH_MIN_P_BITS) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } @@ -6763,13 +6821,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g)) + /* Abort if dh_g is 0, 1, or obviously too big. */ + dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g); + if (dh_g_bits > dh_p_bits || dh_g_bits <= 1) goto alert_loser; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_Ys)) + dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys); + if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1) goto alert_loser; if (isTLS12) { rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, @@ -6777,7 +6838,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -6804,10 +6865,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -6876,14 +6937,13 @@ no_memory: /* no-memory error has already been set. */ return SECFailure; } - /* * Returns the TLS signature algorithm for the client authentication key and * whether it is an RSA or DSA key that may be able to sign only SHA-1 hashes. */ static SECStatus ssl3_ExtractClientKeyInfo(sslSocket *ss, - TLSSignatureAlgorithm *sigAlg, + SSLSignType *sigAlg, PRBool *preferSha1) { SECStatus rv = SECSuccess; @@ -6927,7 +6987,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, const SECItem *algorithms) { SECStatus rv; - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; PRBool preferSha1; PRBool supportsSha1 = PR_FALSE; PRBool supportsSha256 = PR_FALSE; @@ -6952,9 +7012,9 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, /* Determine the server's hash support for that signature algorithm. */ for (i = 0; i < algorithms->len; i += 2) { if (algorithms->data[i+1] == sigAlg) { - if (algorithms->data[i] == tls_hash_sha1) { + if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (algorithms->data[i] == tls_hash_sha256) { + } else if (algorithms->data[i] == ssl_hash_sha256) { supportsSha256 = PR_TRUE; } } @@ -7004,11 +7064,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_cert_request && - ss->ssl3.hs.ws != wait_server_key) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_cert_request) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; + goto alert_loser; } PORT_Assert(ss->ssl3.clientCertChain == NULL); @@ -7094,6 +7153,8 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.ws = wait_hello_done; if (ss->getClientAuthData != NULL) { + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); /* XXX Should pass cert_types and algorithms in this call!! */ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd, &ca_list, @@ -7198,6 +7259,8 @@ ssl3_CheckFalseStart(sslSocket *ss) SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher", SSL_GETPID(), ss->fd)); } else { + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); rv = (ss->canFalseStartCallback)(ss->fd, ss->canFalseStartCallbackData, &ss->ssl3.hs.canFalseStart); @@ -7257,9 +7320,8 @@ ssl3_HandleServerHelloDone(sslSocket *ss) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + /* Skipping CertificateRequest is always permitted. */ if (ws != wait_hello_done && - ws != wait_server_cert && - ws != wait_server_key && ws != wait_cert_request) { SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); @@ -7574,7 +7636,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss) if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) { /* see if we can legally use the key in the cert. */ - int keyLen; /* bytes */ + unsigned int keyLen; /* bytes */ keyLen = PK11_GetPrivateModulusLen( ss->serverCerts[kea_def->exchKeyType].SERVERKEY); @@ -7595,14 +7657,11 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifndef NSS_DISABLE_ECC - } else if ((kea_def->kea == kea_ecdhe_rsa) || - (kea_def->kea == kea_ecdhe_ecdsa)) { - rv = ssl3_SendServerKeyExchange(ss); - if (rv != SECSuccess) { - return rv; /* err code was set. */ - } -#endif /* NSS_DISABLE_ECC */ + } else if (kea_def->ephemeral) { + rv = ssl3_SendServerKeyExchange(ss); + if (rv != SECSuccess) { + return rv; /* err code was set. */ + } } if (ss->opt.requestCertificate) { @@ -7624,6 +7683,22 @@ ssl3_SendServerHelloSequence(sslSocket *ss) /* An empty TLS Renegotiation Info (RI) extension */ static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00}; +static PRBool +ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea) +{ + switch (kea) { + case kea_dhe_dss: + case kea_dhe_dss_export: + case kea_dh_dss_export: + case kea_dh_dss: + /* TODO: Fix session tickets for DSS. The server code rejects the + * session ticket received from the client. Bug 1174677 */ + return PR_FALSE; + default: + return PR_TRUE; + }; +} + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 Client Hello message. * Caller must hold Handshake and RecvBuf locks. @@ -7646,6 +7721,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem comps = {siBuffer, NULL, 0}; PRBool haveSpecWriteLock = PR_FALSE; PRBool haveXmitBufLock = PR_FALSE; + PRBool canOfferSessionTicket = PR_FALSE; SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", SSL_GETPID(), ss->fd)); @@ -7653,6 +7729,22 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->ssl3.initialized ); + ss->ssl3.hs.preliminaryInfo = 0; + + if (!ss->sec.isServer || + (ss->ssl3.hs.ws != wait_client_hello && + ss->ssl3.hs.ws != idle_handshake)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; + goto alert_loser; + } + if (ss->ssl3.hs.ws == idle_handshake && + ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { + desc = no_renegotiation; + level = alert_warning; + errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; + goto alert_loser; + } /* Get peer name of client */ rv = ssl_GetPeerInfo(ss); @@ -7680,20 +7772,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); ss->statelessResume = PR_FALSE; - if ((ss->ssl3.hs.ws != wait_client_hello) && - (ss->ssl3.hs.ws != idle_handshake)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; - goto alert_loser; - } - if (ss->ssl3.hs.ws == idle_handshake && - ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - desc = no_renegotiation; - level = alert_warning; - errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; - goto alert_loser; - } - if (IS_DTLS(ss)) { dtls_RehandshakeCleanup(ss); } @@ -7717,6 +7795,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -7884,8 +7963,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * resuming.) */ if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) { - ssl3_RegisterServerHelloExtensionSender(ss, - ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); + canOfferSessionTicket = PR_TRUE; } if (sid != NULL) { @@ -7964,7 +8042,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * The product policy won't change during the process lifetime. * Implemented ("isPresent") shouldn't change for servers. */ - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) break; #else if (!suite->enabled) @@ -7977,6 +8055,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; /* Use the cached compression method. */ ss->ssl3.hs.compression = sid->u.ssl3.compression; @@ -8013,7 +8092,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { continue; } for (i = 0; i + 1 < suites.len; i += 2) { @@ -8022,6 +8101,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -8030,6 +8110,15 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto alert_loser; suite_found: + if (canOfferSessionTicket) + canOfferSessionTicket = ssl3_KEAAllowsSessionTicket( + ss->ssl3.hs.suite_def->key_exchange_alg); + + if (canOfferSessionTicket) { + ssl3_RegisterServerHelloExtensionSender(ss, + ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); + } + /* Select a compression algorithm. */ for (i = 0; i < comps.len; i++) { if (!compressionEnabled(ss, comps.data[i])) @@ -8250,6 +8339,9 @@ compression_found: if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { int ret = 0; if (ss->sniSocketConfig) do { /* not a loop */ + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); + ret = SSL_SNI_SEND_ALERT; /* If extension is negotiated, the len of names should > 0. */ if (ss->xtnData.sniNameArrSize) { @@ -8297,7 +8389,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } else if (ret < ss->xtnData.sniNameArrSize) { + } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -8348,7 +8440,7 @@ compression_found: ssl3_SendServerNameXtn); } else { /* Callback returned index outside of the boundary. */ - PORT_Assert(ret < ss->xtnData.sniNameArrSize); + PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; desc = internal_error; ret = SSL_SNI_SEND_ALERT; @@ -8399,8 +8491,9 @@ compression_found: rv = ssl3_SendServerHelloSequence(ss); ssl_ReleaseXmitBufLock(ss); if (rv != SECSuccess) { - errCode = PORT_GetError(); - goto loser; + errCode = PORT_GetError(); + desc = handshake_failure; + goto alert_loser; } if (haveXmitBufLock) { @@ -8492,6 +8585,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -8547,7 +8641,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { continue; } for (i = 0; i+2 < suite_length; i += 3) { @@ -8556,6 +8650,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -8746,6 +8841,154 @@ ssl3_SendServerHello(sslSocket *ss) return SECSuccess; } +static SECStatus +ssl3_PickSignatureHashAlgorithm(sslSocket *ss, + SSLSignatureAndHashAlg* out); + +static SECStatus +ssl3_SendDHServerKeyExchange(sslSocket *ss) +{ + const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; + SECStatus rv = SECFailure; + int length; + PRBool isTLS; + SECItem signed_hash = {siBuffer, NULL, 0}; + SSL3Hashes hashes; + SSLSignatureAndHashAlg sigAndHash; + SECKEYDHParams dhParam; + + ssl3KeyPair *keyPair = NULL; + SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */ + SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */ + int certIndex = -1; + + if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) { + /* TODO: Support DH_anon. It might be sufficient to drop the signature. + See bug 1170510. */ + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + return SECFailure; + } + + dhParam.prime.data = ss->dheParams->prime.data; + dhParam.prime.len = ss->dheParams->prime.len; + dhParam.base.data = ss->dheParams->base.data; + dhParam.base.len = ss->dheParams->base.len; + + PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data, + dhParam.prime.len)); + PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data, + dhParam.base.len)); + + /* Generate ephemeral DH keypair */ + privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL); + if (!privKey || !pubKey) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + rv = SECFailure; + goto loser; + } + + keyPair = ssl3_NewKeyPair(privKey, pubKey); + if (!keyPair) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + goto loser; + } + + PRINT_BUF(50, (ss, "DH public value:", + pubKey->u.dh.publicValue.data, + pubKey->u.dh.publicValue.len)); + + if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + goto loser; + } + + rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, + pubKey->u.dh.prime, + pubKey->u.dh.base, + pubKey->u.dh.publicValue, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; + } + + /* It has been suggested to test kea_def->signKeyType instead, and to use + * ssl_auth_* instead. Investigate what to do. See bug 102794. */ + if (kea_def->kea == kea_dhe_rsa) + certIndex = ssl_kea_rsa; + else + certIndex = ssl_kea_dh; + + isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); + rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, + &signed_hash, isTLS); + if (rv != SECSuccess) { + goto loser; /* ssl3_SignHashes has set err. */ + } + if (signed_hash.data == NULL) { + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; + } + length = 2 + pubKey->u.dh.prime.len + + 2 + pubKey->u.dh.base.len + + 2 + pubKey->u.dh.publicValue.len + + 2 + signed_hash.len; + + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + length += 2; + } + + rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data, + pubKey->u.dh.prime.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data, + pubKey->u.dh.base.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data, + pubKey->u.dh.publicValue.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + } + + rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, + signed_hash.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + PORT_Free(signed_hash.data); + ss->dheKeyPair = keyPair; + return SECSuccess; + +loser: + if (signed_hash.data) + PORT_Free(signed_hash.data); + if (privKey) + SECKEY_DestroyPrivateKey(privKey); + if (pubKey) + SECKEY_DestroyPublicKey(pubKey); + return SECFailure; +} + /* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing * elements of the handshake. (The negotiated cipher suite determines the * signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always @@ -8753,18 +8996,10 @@ ssl3_SendServerHello(sslSocket *ss) * hash combinations. */ static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, - SSL3SignatureAndHashAlgorithm* out) + SSLSignatureAndHashAlg* out) { - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; unsigned int i, j; - /* hashPreference expresses our preferences for hash algorithms, most - * preferable first. */ - static const SECOidTag hashPreference[] = { - SEC_OID_SHA256, - SEC_OID_SHA384, - SEC_OID_SHA512, - SEC_OID_SHA1, - }; switch (ss->ssl3.hs.kea_def->kea) { case kea_rsa: @@ -8777,48 +9012,56 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, case kea_rsa_fips: case kea_ecdh_rsa: case kea_ecdhe_rsa: - sigAlg = tls_sig_rsa; - break; + sigAlg = ssl_sign_rsa; + break; case kea_dh_dss: case kea_dh_dss_export: case kea_dhe_dss: case kea_dhe_dss_export: - sigAlg = tls_sig_dsa; - break; + sigAlg = ssl_sign_dsa; + break; case kea_ecdh_ecdsa: case kea_ecdhe_ecdsa: - sigAlg = tls_sig_ecdsa; - break; + sigAlg = ssl_sign_ecdsa; + break; default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); - return SECFailure; + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + return SECFailure; } out->sigAlg = sigAlg; if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) { - /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and - * prior. */ - out->hashAlg = SEC_OID_UNKNOWN; - return SECSuccess; + /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and + * prior. */ + out->hashAlg = ssl_hash_none; + return SECSuccess; } if (ss->ssl3.hs.numClientSigAndHash == 0) { - /* If the client didn't provide any signature_algorithms extension then - * we can assume that they support SHA-1: - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - out->hashAlg = SEC_OID_SHA1; - return SECSuccess; + /* If the client didn't provide any signature_algorithms extension then + * we can assume that they support SHA-1: + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + out->hashAlg = ssl_hash_sha1; + return SECSuccess; } - for (i = 0; i < PR_ARRAY_SIZE(hashPreference); i++) { - for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { - const SSL3SignatureAndHashAlgorithm* sh = - &ss->ssl3.hs.clientSigAndHash[j]; - if (sh->sigAlg == sigAlg && sh->hashAlg == hashPreference[i]) { - out->hashAlg = sh->hashAlg; - return SECSuccess; - } - } + /* Here we look for the first server preference that the client has + * indicated support for in their signature_algorithms extension. */ + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *serverPref = + &ss->ssl3.signatureAlgorithms[i]; + if (serverPref->sigAlg != sigAlg) { + continue; + } + for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { + const SSLSignatureAndHashAlg *clientPref = + &ss->ssl3.hs.clientSigAndHash[j]; + if (clientPref->hashAlg == serverPref->hashAlg && + clientPref->sigAlg == sigAlg) { + out->hashAlg = serverPref->hashAlg; + return SECSuccess; + } + } } PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); @@ -8836,7 +9079,7 @@ ssl3_SendServerKeyExchange(sslSocket *ss) SECItem signed_hash = {siBuffer, NULL, 0}; SSL3Hashes hashes; SECKEYPublicKey * sdPub; /* public key for step-down */ - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -8883,6 +9126,10 @@ ssl3_SendServerKeyExchange(sslSocket *ss) 2 + sdPub->u.rsa.publicExponent.len + 2 + signed_hash.len; + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + length += 2; + } + rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); if (rv != SECSuccess) { goto loser; /* err set by AppendHandshake. */ @@ -8916,6 +9163,11 @@ ssl3_SendServerKeyExchange(sslSocket *ss) PORT_Free(signed_hash.data); return SECSuccess; + case ssl_kea_dh: { + rv = ssl3_SendDHServerKeyExchange(ss); + return rv; + } + #ifndef NSS_DISABLE_ECC case kt_ecdh: { rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); @@ -8923,7 +9175,6 @@ ssl3_SendServerKeyExchange(sslSocket *ss) } #endif /* NSS_DISABLE_ECC */ - case kt_dh: case kt_null: default: PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); @@ -8935,6 +9186,36 @@ loser: return SECFailure; } +static SECStatus +ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, + unsigned maxLen, PRUint32 *len) +{ + unsigned int i; + + PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2); + if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + *len = 0; + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; + /* Note that we don't support a handshake hash with anything other than + * SHA-256, so asking for a signature from clients for something else + * would be inviting disaster. */ + if (alg->hashAlg == ssl_hash_sha256) { + buf[(*len)++] = (PRUint8)alg->hashAlg; + buf[(*len)++] = (PRUint8)alg->sigAlg; + } + } + + if (*len == 0) { + PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } + return SECSuccess; +} static SECStatus ssl3_SendCertificateRequest(sslSocket *ss) @@ -8943,7 +9224,6 @@ ssl3_SendCertificateRequest(sslSocket *ss) SECItem * name; CERTDistNames *ca_list; const PRUint8 *certTypes; - const PRUint8 *sigAlgs; SECItem * names = NULL; SECStatus rv; int length; @@ -8951,7 +9231,8 @@ ssl3_SendCertificateRequest(sslSocket *ss) int calen = 0; int nnames = 0; int certTypesLength; - int sigAlgsLength; + PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; + unsigned int sigAlgsLength; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -8978,12 +9259,15 @@ ssl3_SendCertificateRequest(sslSocket *ss) certTypes = certificate_types; certTypesLength = sizeof certificate_types; - sigAlgs = supported_signature_algorithms; - sigAlgsLength = sizeof supported_signature_algorithms; length = 1 + certTypesLength + 2 + calen; if (isTLS12) { - length += 2 + sigAlgsLength; + rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), + &sigAlgsLength); + if (rv != SECSuccess) { + return rv; + } + length += 2 + sigAlgsLength; } rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); @@ -9049,7 +9333,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY; SSL3AlertDescription desc = handshake_failure; PRBool isTLS, isTLS12; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake", SSL_GETPID(), ss->fd)); @@ -9059,7 +9343,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - if (ss->ssl3.hs.ws != wait_cert_verify || ss->sec.peerCert == NULL) { + if (ss->ssl3.hs.ws != wait_cert_verify) { desc = unexpected_message; errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY; goto alert_loser; @@ -9072,7 +9356,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); + ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { errCode = PORT_GetError(); desc = decrypt_error; @@ -9081,7 +9365,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, /* We only support CertificateVerify messages that use the handshake * hash. */ - if (sigAndHash.hashAlg != hashes->hashAlg) { + if (sigAndHash.hashAlg != hashes->hashAlg) { errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM; desc = decrypt_error; goto alert_loser; @@ -9332,6 +9616,59 @@ double_bypass: return SECSuccess; } +static SECStatus +ssl3_HandleDHClientKeyExchange(sslSocket *ss, + SSL3Opaque *b, + PRUint32 length, + SECKEYPublicKey *srvrPubKey, + SECKEYPrivateKey *serverKey) +{ + PK11SymKey *pms; + SECStatus rv; + SECKEYPublicKey clntPubKey; + CK_MECHANISM_TYPE target; + PRBool isTLS; + + PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + PORT_Assert( srvrPubKey ); + + clntPubKey.keyType = dhKey; + clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len; + clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data; + clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len; + clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data; + + rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue, + 2, &b, &length); + if (rv != SECSuccess) { + goto loser; + } + + isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); + + if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH; + else target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + + /* Determine the PMS */ + pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL, + CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL); + if (pms == NULL) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + +loser: + if (ss->dheKeyPair) { + ssl3_FreeKeyPair(ss->dheKeyPair); + ss->dheKeyPair = NULL; + } + return rv; +} + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 ClientKeyExchange message from the remote client @@ -9344,9 +9681,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv; const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; -#ifndef NSS_DISABLE_ECC SECKEYPublicKey *serverPubKey = NULL; -#endif /* NSS_DISABLE_ECC */ SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9376,6 +9711,16 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; } else skip: + if (kea_def->kea == kea_dhe_dss || + kea_def->kea == kea_dhe_rsa) { + if (ss->dheKeyPair) { + serverKeyPair = ss->dheKeyPair; + if (serverKeyPair->pubKey) { + ss->sec.keaKeyBits = + SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey); + } + } + } else #ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have @@ -9421,6 +9766,21 @@ skip: } break; + case ssl_kea_dh: + if (ss->dheKeyPair && ss->dheKeyPair->pubKey) { + serverPubKey = ss->dheKeyPair->pubKey; + } + if (!serverPubKey) { + PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); + return SECFailure; + } + rv = ssl3_HandleDHClientKeyExchange(ss, b, length, + serverPubKey, serverKey); + if (rv != SECSuccess) { + SSL3_SendAlert(ss, alert_fatal, handshake_failure); + return SECFailure; /* error code set */ + } + break; #ifndef NSS_DISABLE_ECC case kt_ecdh: @@ -9845,11 +10205,11 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if ((ss->ssl3.hs.ws != wait_server_cert) && - (ss->ssl3.hs.ws != wait_client_cert)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; - goto alert_loser; + if ((isServer && ss->ssl3.hs.ws != wait_client_cert) || + (!isServer && ss->ssl3.hs.ws != wait_server_cert)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; + goto alert_loser; } if (ss->sec.peerCert != NULL) { @@ -10012,6 +10372,8 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.authCertificatePending = PR_FALSE; + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); /* * Ask caller-supplied callback function to validate cert chain. */ @@ -10055,49 +10417,43 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType; ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; if (pubKey) { + KeyType pubKeyType; ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); -#ifndef NSS_DISABLE_ECC - if (ss->sec.keaType == kt_ecdh) { - /* Get authKeyBits from signing key. - * XXX The code below uses a quick approximation of - * key size based on cert->signatureWrap.signature.data - * (which contains the DER encoded signature). The field - * cert->signatureWrap.signature.len contains the - * length of the encoded signature in bits. - */ - if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) { - ss->sec.authKeyBits = - cert->signatureWrap.signature.data[3]*8; - if (cert->signatureWrap.signature.data[4] == 0x00) - ss->sec.authKeyBits -= 8; - /* - * XXX: if cert is not signed by ecdsa we should - * destroy pubKey and goto bad_cert - */ - } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) { - ss->sec.authKeyBits = cert->signatureWrap.signature.len; - /* - * XXX: if cert is not signed by rsa we should - * destroy pubKey and goto bad_cert - */ - } - } -#endif /* NSS_DISABLE_ECC */ + pubKeyType = SECKEY_GetPublicKeyType(pubKey); + /* Too small: not good enough. Send a fatal alert. */ + /* We aren't checking EC here on the understanding that we only + * support curves we like, a decision that might need revisiting. */ + if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || + pubKeyType == rsaOaepKey) && + ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || + (pubKeyType == dsaKey && + ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || + (pubKeyType == dhKey && + ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { + PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); + (void)SSL3_SendAlert(ss, alert_fatal, + ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 + ? insufficient_security + : illegal_parameter); + SECKEY_DestroyPublicKey(pubKey); + return SECFailure; + } SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; } - ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ - if (ss->ssl3.hs.kea_def->is_limited || - /* XXX OR server cert is signing only. */ -#ifndef NSS_DISABLE_ECC - ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || - ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_DISABLE_ECC */ - ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { - ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ - } + /* Ephemeral suites require ServerKeyExchange. Export cipher suites + * with RSA key exchange also require ServerKeyExchange if the + * authentication key exceeds the key size limit. */ + if (ss->ssl3.hs.kea_def->ephemeral || + (ss->ssl3.hs.kea_def->is_limited && + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa && + ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) { + ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */ + } else { + ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ + } } else { ss->ssl3.hs.ws = wait_client_key; } @@ -10205,16 +10561,42 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, const SSL3Hashes * hashes, TLSFinished * tlsFinished) { - const char * label; - unsigned int len; - SECStatus rv; + SECStatus rv; + CK_TLS_MAC_PARAMS tls_mac_params; + SECItem param = {siBuffer, NULL, 0}; + PK11Context *prf_context; + unsigned int retLen; - label = isServer ? "server finished" : "client finished"; - len = 15; + if (!spec->master_secret || spec->bypassCiphers) { + const char *label = isServer ? "server finished" : "client finished"; + unsigned int len = 15; - rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, - hashes->len, tlsFinished->verify_data, - sizeof tlsFinished->verify_data); + return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, + hashes->len, tlsFinished->verify_data, + sizeof tlsFinished->verify_data); + } + + if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { + tls_mac_params.prfMechanism = CKM_TLS_PRF; + } else { + tls_mac_params.prfMechanism = CKM_SHA256; + } + tls_mac_params.ulMacLength = 12; + tls_mac_params.ulServerOrClient = isServer ? 1 : 2; + param.data = (unsigned char *)&tls_mac_params; + param.len = sizeof(tls_mac_params); + prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN, + spec->master_secret, ¶m); + if (!prf_context) + return SECFailure; + + rv = PK11_DigestBegin(prf_context); + rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len); + rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen, + sizeof tlsFinished->verify_data); + PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data); + + PK11_DestroyContext(prf_context, PR_TRUE); return rv; } @@ -10609,7 +10991,8 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, * ServerHello message.) */ if (isServer && !ss->ssl3.hs.isResuming && - ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { + ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && + ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) { /* RFC 5077 Section 3.3: "In the case of a full handshake, the * server MUST verify the client's Finished message before sending * the ticket." Presumably, this also means that the client's @@ -10657,7 +11040,8 @@ xmit_loser: return rv; } - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; @@ -11020,7 +11404,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) { (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); return SECFailure; } #undef MAX_HANDSHAKE_MSG_LEN @@ -11321,7 +11705,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) SSL3Opaque *givenHash; sslBuffer *plaintext; sslBuffer temp_buf; - PRUint64 dtls_seq_num; + PRUint64 dtls_seq_num = 0; unsigned int ivLen = 0; unsigned int originalLen = 0; unsigned int good; @@ -11802,6 +12186,7 @@ ssl3_InitState(sslSocket *ss) ss->ssl3.hs.sendingSCSV = PR_FALSE; ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); + ss->ssl3.hs.preliminaryInfo = 0; ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; #ifndef NSS_DISABLE_ECC @@ -11875,8 +12260,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair) } } - - /* * Creates the public and private RSA keys for SSL Step down. * Called from SSL_ConfigSecureServer in sslsecur.c @@ -11908,7 +12291,6 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss) return rv; } - /* record the export policy for this cipher suite */ SECStatus ssl3_SetPolicy(ssl3CipherSuite which, int policy) @@ -12009,11 +12391,87 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) return rv; } +SECStatus +SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, + unsigned int count) +{ + sslSocket *ss; + unsigned int i; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (!count || count > MAX_SIGNATURE_ALGORITHMS) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss->ssl3.signatureAlgorithmCount = 0; + for (i = 0; i < count; ++i) { + if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) { + SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d", + SSL_GETPID(), fd, algorithms[i].sigAlg, + algorithms[i].hashAlg)); + continue; + } + + ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] = + algorithms[i]; + } + + if (ss->ssl3.signatureAlgorithmCount == 0) { + PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } + return SECSuccess; +} + +SECStatus +SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, + unsigned int *count, unsigned int maxCount) +{ + sslSocket *ss; + unsigned int requiredSpace; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (!algorithms || !count || + maxCount < ss->ssl3.signatureAlgorithmCount) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + requiredSpace = + ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg); + PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace); + *count = ss->ssl3.signatureAlgorithmCount; + return SECSuccess; +} + +unsigned int +SSL_SignatureMaxCount() { + return MAX_SIGNATURE_ALGORITHMS; +} + /* copy global default policy into socket. */ void ssl3_InitSocketPolicy(sslSocket *ss) { PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); + PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms, + sizeof(defaultSignatureAlgorithms)); + ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms); } /* ssl3_config_match_init must have already been called by @@ -12041,7 +12499,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) /* ssl3_config_match_init was called by the caller of this function. */ for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) { + if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) { if (cs != NULL) { *cs++ = 0x00; *cs++ = (suite->cipher_suite >> 8) & 0xFF; @@ -12166,6 +12624,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) } } + if (ss->ssl3.dheGroups) { + PORT_Free(ss->ssl3.dheGroups); + } + ss->ssl3.initialized = PR_FALSE; SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index aca2b74d..5dbca165 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -208,7 +208,7 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus -ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, +ssl3_ComputeECDHKeyHash(SSLHashType hashAlg, SECItem ec_params, SECItem server_ecpoint, SSL3Random *client_rand, SSL3Random *server_rand, SSL3Hashes *hashes, PRBool bypassPKCS11) @@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_TLS12_MASTER_KEY_DERIVE_DH; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_TLS12_MASTER_KEY_DERIVE_DH; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -609,9 +609,9 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem ec_params = {siBuffer, NULL, 0}; SECItem ec_point = {siBuffer, NULL, 0}; unsigned char paramBuf[3]; /* only for curve_type == named_curve */ - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; - sigAndHash.hashAlg = SEC_OID_UNKNOWN; + sigAndHash.hashAlg = ssl_hash_none; isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); @@ -653,7 +653,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); + ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; } @@ -750,7 +750,7 @@ no_memory: /* no-memory error has already been set. */ SECStatus ssl3_SendECDHServerKeyExchange( sslSocket *ss, - const SSL3SignatureAndHashAlgorithm *sigAndHash) + const SSLSignatureAndHashAlg *sigAndHash) { const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; SECStatus rv = SECFailure; @@ -967,9 +967,7 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) if (!suite) suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -1128,7 +1126,10 @@ ssl3_SendSupportedCurvesXtn( ecList = tlsECList; } - if (append && maxBytes >= ecListSize) { + if (maxBytes < (PRUint32)ecListSize) { + return 0; + } + if (append) { SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); if (rv != SECSuccess) return -1; diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 6965a6df..c45f2954 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -311,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { static PRBool arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { - int i; + unsigned int i; for (i = 0; i < len; i++) { if (ex_type == array[i]) return PR_TRUE; @@ -451,7 +451,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECFailure; } for (i = 0;i < listCount;i++) { - int j; + unsigned int j; PRInt32 type; SECStatus rv; PRBool nametypePresent = PR_FALSE; @@ -539,7 +539,11 @@ ssl3_SendSessionTicketXtn( } } - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); @@ -562,9 +566,6 @@ ssl3_SendSessionTicketXtn( xtnData->advertised[xtnData->numAdvertised++] = ssl_session_ticket_xtn; } - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -625,12 +626,17 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return rv; } PORT_Assert(ss->nextProtoCallback); + /* For ALPN, the cipher suite isn't selected yet. Note that extensions + * sometimes affect what cipher suite is selected, e.g., for ECC. */ + PORT_Assert((ss->ssl3.hs.preliminaryInfo & + ssl_preinfo_all & ~ssl_preinfo_cipher_suite) == + (ssl_preinfo_all & ~ssl_preinfo_cipher_suite)); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, result.data, &result.len, sizeof(resultBuffer)); if (rv != SECSuccess) { @@ -653,8 +659,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { /* The callback might say OK, but then it picks a default value - one * that was not listed. That's OK for NPN, but not ALPN. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); return SECFailure; } @@ -673,8 +679,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * despite it being permitted by the spec. */ if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -701,8 +707,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return rv; } } @@ -722,8 +728,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SSL_ERROR_BAD_SERVER); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_BAD_SERVER); return SECFailure; } @@ -733,8 +739,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { PORT_Assert(0); - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); return SECFailure; } @@ -758,16 +764,16 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); /* The list has to be the entire extension. */ if (list_len != data->len) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -775,8 +781,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) &data->data, &data->len); /* The list must have exactly one value. */ if (rv != SECSuccess || data->len != 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -799,7 +805,10 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, extension_length = 4; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); if (rv != SECSuccess) @@ -809,8 +818,6 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_next_proto_nego_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -834,7 +841,10 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list length */ + ss->opt.nextProtoNego.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* NPN requires that the client's fallback protocol is first in the * list. However, ALPN sends protocols in preference order. So we * allocate a buffer and move the first protocol to the end of the @@ -874,8 +884,6 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_app_layer_protocol_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -903,7 +911,10 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list */ + 1 /* name length */ + ss->ssl3.nextProto.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); if (rv != SECSuccess) { @@ -922,8 +933,6 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) if (rv != SECSuccess) { return -1; } - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -970,7 +979,10 @@ ssl3_ServerSendStatusRequestXtn( return 0; extension_length = 2 + 2; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); if (rv != SECSuccess) @@ -1003,7 +1015,11 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, */ extension_length = 9; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; TLSExtensionData *xtnData; @@ -1031,9 +1047,6 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; } @@ -1045,7 +1058,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, SECStatus ssl3_SendNewSessionTicket(sslSocket *ss) { - int i; + PRUint32 i; SECStatus rv; NewSessionTicket ticket; SECItem plaintext; @@ -1125,7 +1138,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) sslSessionID sid; PORT_Memset(&sid, 0, sizeof(sslSessionID)); - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; @@ -1420,7 +1434,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; + PRUint32 i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; @@ -2010,7 +2024,10 @@ ssl3_SendRenegotiationInfoXtn( (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 : ss->ssl3.hs.finishedBytes); needed = 5 + len; - if (append && maxBytes >= needed) { + if (maxBytes < (PRUint32)needed) { + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); @@ -2063,8 +2080,8 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) } if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, data->data + 1, len)) { - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2188,8 +2205,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!found) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2202,8 +2219,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* We didn't offer an MKI, so this must be 0 length */ if (litem.len != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2299,7 +2316,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; SECItem algorithms; const unsigned char *b; - unsigned int numAlgorithms, i, j; + unsigned int numAlgorithms, i; /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { @@ -2313,8 +2330,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } @@ -2326,30 +2343,24 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); + PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; - for (i = j = 0; i < numAlgorithms; i++) { - unsigned char tls_hash = *(b++); - unsigned char tls_sig = *(b++); - SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); - - if (hash == SEC_OID_UNKNOWN) { - /* We ignore formats that we don't understand. */ - continue; + ss->ssl3.hs.numClientSigAndHash = 0; + for (i = 0; i < numAlgorithms; i++) { + SSLSignatureAndHashAlg *sigAndHash = + &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash]; + sigAndHash->hashAlg = (SSLHashType)*(b++); + sigAndHash->sigAlg = (SSLSignType)*(b++); + if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) { + ++ss->ssl3.hs.numClientSigAndHash; } - /* tls_sig support will be checked later in - * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig; - ++j; - ++ss->ssl3.hs.numClientSigAndHash; } if (!ss->ssl3.hs.numClientSigAndHash) { @@ -2367,24 +2378,11 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS * 1.2 ClientHellos. */ static PRInt32 -ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { - static const unsigned char signatureAlgorithms[] = { - /* This block is the contents of our signature_algorithms extension, in - * wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, -#ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, -#endif - tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, - }; PRInt32 extension_length; + unsigned int i; + PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2]; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return 0; @@ -2394,31 +2392,38 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - sizeof(signatureAlgorithms); + ss->ssl3.signatureAlgorithmCount * 2; - if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, - sizeof(signatureAlgorithms), 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; - } else if (maxBytes < extension_length) { + if (maxBytes < extension_length) { PORT_Assert(0); return 0; } - return extension_length; + if (append) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + return -1; + } -loser: - return -1; + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + buf[i * 2] = ss->ssl3.signatureAlgorithms[i].hashAlg; + buf[i * 2 + 1] = ss->ssl3.signatureAlgorithms[i].sigAlg; + } + rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2); + if (rv != SECSuccess) { + return -1; + } + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; + } + + return extension_length; } unsigned int @@ -2486,7 +2491,11 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } extension_length = 6; /* Type + length + number */ - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); if (rv != SECSuccess) @@ -2499,9 +2508,6 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_tls13_draft_version_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index cd487c66..23b9755b 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) break; } - PORT_Assert( nb <= gs->remainder ); - if (nb > gs->remainder) { + PORT_Assert( (unsigned int)nb <= gs->remainder ); + if ((unsigned int)nb > gs->remainder) { /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */ gs->state = GS_INIT; /* so we don't crash next time */ rv = SECFailure; diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index 485d7dd3..a93bef12 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -217,32 +217,6 @@ typedef struct { } u; } SSL3ServerParams; -/* This enum reflects HashAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * - * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ -enum { - tls_hash_md5 = 1, - tls_hash_sha1 = 2, - tls_hash_sha224 = 3, - tls_hash_sha256 = 4, - tls_hash_sha384 = 5, - tls_hash_sha512 = 6 -}; - -/* This enum reflects SignatureAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -typedef enum { - tls_sig_rsa = 1, - tls_sig_dsa = 2, - tls_sig_ecdsa = 3 -} TLSSignatureAlgorithm; - -typedef struct { - SECOidTag hashAlg; - TLSSignatureAlgorithm sigAlg; -} SSL3SignatureAndHashAlgorithm; - /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS * prior to 1.2. */ typedef struct { @@ -251,11 +225,11 @@ typedef struct { } SSL3HashesIndividually; /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| - * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually + * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually * struct. */ typedef struct { unsigned int len; - SECOidTag hashAlg; + SSLHashType hashAlg; union { PRUint8 raw[64]; SSL3HashesIndividually s; diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c index ed74d94c..b144336d 100644 --- a/security/nss/lib/ssl/sslauth.c +++ b/security/nss/lib/ssl/sslauth.c @@ -264,8 +264,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) &certStatusArray->items[0], ss->pkcs11PinArg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 8c5a5ad3..ccd00260 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -22,20 +22,6 @@ static PRBool policyWasSet; -/* This ordered list is indexed by (SSL_CK_xx * 3) */ -/* Second and third bytes are MSB and LSB of master key length. */ -static const PRUint8 allCipherSuites[] = { - 0, 0, 0, - SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, - SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, - 0, 0, 0 -}; - #define ssl2_NUM_SUITES_IMPLEMENTED 6 /* This list is sent back to the client when the client-hello message @@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) { PRUint8 * out; int rv; - int amount; + unsigned int amount; int count = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; PRUint8 macLen; int nout; - int buflen; + unsigned int buflen; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; /* of plaintext to go in record. */ unsigned int padding; /* add this many padding byte. */ int nout; /* ciphertext size after header. */ - int buflen; /* size of generated record. */ + unsigned int buflen; /* size of generated record. */ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, unsigned int ddLen; /* length of RSA decrypted data in kbuf */ unsigned int keySize; unsigned int dkLen; /* decrypted key length in bytes */ - int modulusLen; + int modulusLen; SECStatus rv; PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; @@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); - if (modulusLen == -1) { + if (modulusLen < 0) { /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ modulusLen = ekLen; } - if (ekLen > modulusLen || ekLen + ckLen < keySize) { + if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", SSL_GETPID(), ss->fd, ekLen)); PORT_SetError(SSL_ERROR_BAD_CLIENT); @@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss) PRUint8 * cid; unsigned len, certType, certLen, responseLen; int rv; - int rv2; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss) data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, responseLen); if (rv) { - rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); + (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); SET_ERROR_CODE goto loser; } @@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) PRUint8 * cs; PRUint8 * data; SECStatus rv; - int needed, sidHit, certLen, csLen, cidLen, certType, err; + unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -3669,12 +3654,14 @@ loser: */ #include "nss.h" -extern const char __nss_ssl_rcsid[]; -extern const char __nss_ssl_sccsid[]; +extern const char __nss_ssl_version[]; PRBool NSSSSL_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_ssl_version +#include "verref.h" + /* * This is the secret handshake algorithm. * @@ -3684,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 09ce43f0..f69aed2d 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -66,14 +66,17 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 12dbb1d8..4e905438 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -198,6 +198,13 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131), +SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132), + +SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133), + +SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134), +SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 896d05a1..e155a080 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is PRIVATE to SSL and should be the first thing included by * any SSL implementation file. @@ -153,6 +154,15 @@ typedef enum { SSLAppOpRead = 0, #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ +/* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ +#define SSL_RSA_MIN_MODULUS_BITS 1023 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +#define SSL_DH_MIN_P_BITS 1023 +#define SSL_DSA_MIN_P_BITS 1023 + #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ @@ -170,6 +180,7 @@ typedef struct ssl3CertNodeStr ssl3CertNode; typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; typedef struct ssl3MACDefStr ssl3MACDef; typedef struct ssl3KeyPairStr ssl3KeyPair; +typedef struct ssl3DHParamsStr ssl3DHParams; struct ssl3CertNodeStr { struct ssl3CertNodeStr *next; @@ -289,13 +300,19 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 61 +#define ssl_V3_SUITES_IMPLEMENTED 64 #else -#define ssl_V3_SUITES_IMPLEMENTED 37 +#define ssl_V3_SUITES_IMPLEMENTED 40 #endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 +/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of + * SSLSignType and SSLHashType, but not all combinations (specifically, this + * doesn't allow space for combinations with MD5). */ +#define MAX_SIGNATURE_ALGORITHMS 15 + + typedef struct sslOptionsStr { /* If SSL_SetNextProtoNego has been called, then this contains the * list of supported protocols. */ @@ -328,6 +345,7 @@ typedef struct sslOptionsStr { unsigned int enableALPN : 1; /* 27 */ unsigned int reuseServerECDHEKey : 1; /* 28 */ unsigned int enableFallbackSCSV : 1; /* 29 */ + unsigned int enableServerDhe : 1; /* 30 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -725,9 +743,15 @@ typedef struct { SSL3KeyExchangeAlgorithm kea; SSL3KEAType exchKeyType; SSL3SignType signKeyType; + /* For export cipher suites: + * is_limited identifies a suite as having a limit on the key size. + * key_size_limit provides the corresponding limit. */ PRBool is_limited; - int key_size_limit; + unsigned int key_size_limit; PRBool tls_keygen; + /* True if the key exchange for the suite is ephemeral. Or to be more + * precise: true if the ServerKeyExchange message is always required. */ + PRBool ephemeral; } ssl3KEADef; /* @@ -900,12 +924,14 @@ const ssl3CipherSuiteDef *suite_def; PRBool cacheSID; PRBool canFalseStart; /* Can/did we False Start */ + /* Which preliminaryinfo values have been set. */ + PRUint32 preliminaryInfo; /* clientSigAndHash contains the contents of the signature_algorithms * extension (if any) from the client. This is only valid for TLS 1.2 * or later. */ - SSL3SignatureAndHashAlgorithm *clientSigAndHash; - unsigned int numClientSigAndHash; + SSLSignatureAndHashAlg *clientSigAndHash; + unsigned int numClientSigAndHash; /* This group of values is used for DTLS */ PRUint16 sendMessageSeq; /* The sending message sequence @@ -982,9 +1008,17 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ PRBool fatalAlertSent; + PRUint16 numDHEGroups; /* used by server */ + SSLDHEGroupType * dheGroups; /* used by server */ + PRBool dheWeakGroupEnabled; /* used by server */ + + /* TLS 1.2 introduces separate signature algorithm negotiation. + * This is our preference order. */ + SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; + unsigned int signatureAlgorithmCount; }; -#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the +#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the * headers, so slightly larger than expected */ #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) @@ -1001,6 +1035,11 @@ struct ssl3KeyPairStr { PRInt32 refCount; /* use PR_Atomic calls for this. */ }; +struct ssl3DHParamsStr { + SECItem prime; /* p */ + SECItem base; /* g */ +}; + typedef struct SSLWrappedSymWrappingKeyStr { SSL3Opaque wrappedSymmetricWrappingkey[512]; CK_MECHANISM_TYPE symWrapMechanism; @@ -1209,6 +1248,9 @@ const unsigned char * preferredCipher; ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ + const ssl3DHParams *dheParams; /* DHE param */ + ssl3KeyPair * dheKeyPair; /* DHE keys */ + /* Callbacks */ SSLAuthCertificate authCertificate; void *authCertificateArg; @@ -1601,6 +1643,8 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); */ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); +extern SECStatus ssl3_SelectDHParams(sslSocket *ss); + #ifndef NSS_DISABLE_ECC extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); extern PRBool ssl3_IsECCEnabled(sslSocket *ss); @@ -1701,11 +1745,11 @@ extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey); -extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss, - const SSL3SignatureAndHashAlgorithm *sigAndHash); +extern SECStatus ssl3_SendECDHServerKeyExchange( + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); #endif -extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, +extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, PRUint8 * hashBuf, unsigned int bufLen, SSL3Hashes *hashes, PRBool bypassPKCS11); @@ -1719,21 +1763,22 @@ extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize); extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); -extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, - const SSL3SignatureAndHashAlgorithm* sigAndHash); +extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( + sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash); extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); -extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc); +extern PRBool ssl3_IsSupportedSignatureAlgorithm( + const SSLSignatureAndHashAlg *alg); extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - const SSL3SignatureAndHashAlgorithm *sigAndHash, - CERTCertificate* cert); -extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length, - SSL3SignatureAndHashAlgorithm *out); + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, + CERTCertificate* cert); +extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( + sslSocket *ss, SSL3Opaque **b, PRUint32 *length, + SSLSignatureAndHashAlg *out); extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, PRBool isTLS); extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 00f2f380..d2df8c2e 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -85,6 +85,42 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) return SECSuccess; } +SECStatus +SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, + SSLPreliminaryChannelInfo *info, + PRUintn len) +{ + sslSocket *ss; + SSLPreliminaryChannelInfo inf; + + if (!info || len < sizeof inf.length) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", + SSL_GETPID(), fd)); + return SECFailure; + } + + if (ss->version < SSL_LIBRARY_VERSION_3_0) { + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); + return SECFailure; + } + + memset(&inf, 0, sizeof(inf)); + inf.length = PR_MIN(sizeof(inf), len); + + inf.valuesSet = ss->ssl3.hs.preliminaryInfo; + inf.protocolVersion = ss->version; + inf.cipherSuite = ss->ssl3.hs.cipher_suite; + + memcpy(info, &inf, inf.length); + return SECSuccess; +} + #define CS(x) x, #x #define CK(x) x | 0xff00, #x @@ -135,6 +171,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, @@ -145,7 +182,9 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, @@ -244,12 +283,10 @@ SSL_DisableDefaultExportCipherSuites(void) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; @@ -265,12 +302,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; diff --git a/security/nss/lib/ssl/sslmutex.c b/security/nss/lib/ssl/sslmutex.c index ff636806..af683daf 100644 --- a/security/nss/lib/ssl/sslmutex.c +++ b/security/nss/lib/ssl/sslmutex.c @@ -504,7 +504,7 @@ sslMutex_Lock(sslMutex *pMutex) return SECSuccess; } -#elif defined(XP_UNIX) +#elif defined(XP_UNIX) && !defined(DARWIN) #include #include "unix_err.h" diff --git a/security/nss/lib/ssl/sslmutex.h b/security/nss/lib/ssl/sslmutex.h index b784baf6..d374a883 100644 --- a/security/nss/lib/ssl/sslmutex.h +++ b/security/nss/lib/ssl/sslmutex.h @@ -67,7 +67,8 @@ typedef struct { } sslMutex; typedef pid_t sslPID; -#elif defined(XP_UNIX) /* other types of Unix */ +/* other types of unix, except OS X */ +#elif defined(XP_UNIX) && !defined(DARWIN) #include /* for pid_t */ #include /* for sem_t, and sem_* functions */ @@ -83,7 +84,7 @@ typedef struct typedef pid_t sslPID; -#else +#else /* no support for cross-process locking */ /* what platform is this ?? */ @@ -95,7 +96,11 @@ typedef struct { } u; } sslMutex; +#ifdef DARWIN +typedef pid_t sslPID; +#else typedef int sslPID; +#endif #endif diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index e02442c0..2db47a53 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -177,6 +177,7 @@ #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 @@ -191,6 +192,7 @@ #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index ea2d4080..53b48858 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -138,6 +138,9 @@ ssl_FinishHandshake(sslSocket *ss) ss->gs.readOffset = 0; if (ss->handshakeCallback) { + PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 || + (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } } @@ -654,6 +657,16 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) SSL_GETPID(), ss->fd, available)); } + if (IS_DTLS(ss) && (len < available)) { + /* DTLS does not allow you to do partial reads */ + SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d", + SSL_GETPID(), ss->fd, len, available)); + ss->gs.readOffset += available; + PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ); + rv = SECFailure; + goto done; + } + /* Dole out clear data to reader */ amount = PR_MIN(len, available); PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); @@ -693,6 +706,7 @@ NSS_FindCertKEAType(CERTCertificate * cert) case SEC_OID_PKCS1_RSA_ENCRYPTION: keaType = kt_rsa; break; + case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */ case SEC_OID_X942_DIFFIE_HELMAN_KEY: keaType = kt_dh; break; @@ -789,6 +803,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, goto loser; } } + if (kea == ssl_kea_dh || kea == ssl_kea_rsa) { + if (ssl3_SelectDHParams(ss) != SECSuccess) { + goto loser; + } + } return SECSuccess; loser: @@ -1177,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) { - sslSecurityInfo *sec; int rv = 0; - sec = &ss->sec; - if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); return PR_FAILURE; diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 4d9ef380..3a80d060 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -1027,6 +1027,10 @@ CloseCache(cacheDesc *cache) memset(cache, 0, sizeof *cache); } +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif static SECStatus InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, @@ -1266,6 +1270,9 @@ loser: CloseCache(cache); return SECFailure; } +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif PRUint32 SSL_GetMaxServerCacheLocks(void) diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 90bc4572..e3521516 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -18,6 +18,7 @@ #include "blapi.h" #endif #include "nss.h" +#include "pk11pqg.h" #define SET_ERROR_CODE /* reminder */ @@ -82,7 +83,8 @@ static sslOptions ssl_defaults = { PR_TRUE, /* enableNPN */ PR_FALSE, /* enableALPN */ PR_TRUE, /* reuseServerECDHEKey */ - PR_FALSE /* enableFallbackSCSV */ + PR_FALSE, /* enableFallbackSCSV */ + PR_TRUE, /* enableServerDhe */ }; /* @@ -224,6 +226,24 @@ ssl_DupSocket(sslSocket *os) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; + PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms, + sizeof(ss->ssl3.signatureAlgorithms[0]) * + os->ssl3.signatureAlgorithmCount); + ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount; + + ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled; + ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups; + if (os->ssl3.dheGroups) { + ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, + os->ssl3.numDHEGroups); + if (!ss->ssl3.dheGroups) { + goto loser; + } + PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups, + sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups); + } else { + ss->ssl3.dheGroups = NULL; + } if (os->cipherSpecs) { ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); @@ -267,6 +287,10 @@ ssl_DupSocket(sslSocket *os) ssl3_GetKeyPairRef(os->stepDownKeyPair); ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + ss->dheKeyPair = !os->dheKeyPair ? NULL : + ssl3_GetKeyPairRef(os->dheKeyPair); + ss->dheParams = os->dheParams; + /* * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. * XXX We should detect this, and not just march on with NULL pointers. @@ -384,8 +408,11 @@ ssl_DestroySocketContents(sslSocket *ss) ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); ss->ephemeralECDHKeyPair = NULL; } + if (ss->dheKeyPair) { + ssl3_FreeKeyPair(ss->dheKeyPair); + ss->dheKeyPair = NULL; + } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); - PORT_Assert(!ss->xtnData.sniNameArr); if (ss->xtnData.sniNameArr) { PORT_Free(ss->xtnData.sniNameArr); ss->xtnData.sniNameArr = NULL; @@ -794,6 +821,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableFallbackSCSV = on; break; + case SSL_ENABLE_SERVER_DHE: + ss->opt.enableServerDhe = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -869,6 +900,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_REUSE_SERVER_ECDHE_KEY: on = ss->opt.reuseServerECDHEKey; break; case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; + case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -938,6 +970,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_FALLBACK_SCSV: on = ssl_defaults.enableFallbackSCSV; break; + case SSL_ENABLE_SERVER_DHE: + on = ssl_defaults.enableServerDhe; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1121,6 +1156,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableFallbackSCSV = on; break; + case SSL_ENABLE_SERVER_DHE: + ssl_defaults.enableServerDhe = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -1339,7 +1378,204 @@ NSS_SetFrancePolicy(void) return NSS_SetDomesticPolicy(); } +SECStatus +SSL_DHEGroupPrefSet(PRFileDesc *fd, + SSLDHEGroupType *groups, + PRUint16 num_groups) +{ + sslSocket *ss; + if ((num_groups && !groups) || (!num_groups && groups)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); + return SECFailure; + } + + if (ss->ssl3.dheGroups) { + PORT_Free(ss->ssl3.dheGroups); + ss->ssl3.dheGroups = NULL; + ss->ssl3.numDHEGroups = 0; + } + + if (groups) { + ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups); + if (!ss->ssl3.dheGroups) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + PORT_Memcpy(ss->ssl3.dheGroups, groups, + sizeof(SSLDHEGroupType) * num_groups); + } + return SECSuccess; +} + + +PRCallOnceType gWeakDHParamsRegisterOnce; +int gWeakDHParamsRegisterError; + +PRCallOnceType gWeakDHParamsOnce; +int gWeakDHParamsError; +/* As our code allocates type PQGParams, we'll keep it around, + * even though we only make use of it's parameters through gWeakDHParam. */ +static PQGParams *gWeakParamsPQG; +static ssl3DHParams *gWeakDHParams; + +static PRStatus +ssl3_CreateWeakDHParams(void) +{ + PQGVerify *vfy; + SECStatus rv, passed; + + PORT_Assert(!gWeakDHParams && !gWeakParamsPQG); + + rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/, + &gWeakParamsPQG, &vfy); + if (rv != SECSuccess) { + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed); + if (rv != SECSuccess || passed != SECSuccess) { + SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams", + SSL_GETPID())); + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams); + if (!gWeakDHParams) { + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + gWeakDHParams->prime.data = gWeakParamsPQG->prime.data; + gWeakDHParams->prime.len = gWeakParamsPQG->prime.len; + gWeakDHParams->base.data = gWeakParamsPQG->base.data; + gWeakDHParams->base.len = gWeakParamsPQG->base.len; + + PK11_PQG_DestroyVerify(vfy); + return PR_SUCCESS; +} + +static SECStatus +ssl3_WeakDHParamsShutdown(void *appData, void *nssData) +{ + if (gWeakParamsPQG) { + PK11_PQG_DestroyParams(gWeakParamsPQG); + gWeakParamsPQG = NULL; + gWeakDHParams = NULL; + } + return SECSuccess; +} + +static PRStatus +ssl3_WeakDHParamsRegisterShutdown(void) +{ + SECStatus rv; + rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL); + if (rv != SECSuccess) { + gWeakDHParamsRegisterError = PORT_GetError(); + } + return (PRStatus)rv; +} + +/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */ +SECStatus +SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled) +{ + sslSocket *ss; + PRStatus status; + + if (enabled) { + status = PR_CallOnce(&gWeakDHParamsRegisterOnce, + ssl3_WeakDHParamsRegisterShutdown); + if (status != PR_SUCCESS) { + PORT_SetError(gWeakDHParamsRegisterError); + return SECFailure; + } + + status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams); + if (status != PR_SUCCESS) { + PORT_SetError(gWeakDHParamsError); + return SECFailure; + } + } + + if (!fd) + return SECSuccess; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); + return SECFailure; + } + + ss->ssl3.dheWeakGroupEnabled = enabled; + return SECSuccess; +} + +#include "dhe-param.c" + +static const SSLDHEGroupType ssl_default_dhe_groups[] = { + ssl_ff_dhe_2048_group +}; + +/* Keep this array synchronized with the index definitions in SSLDHEGroupType */ +static const ssl3DHParams *all_ssl3DHParams[] = { + NULL, /* ssl_dhe_group_none */ + &ff_dhe_2048, + &ff_dhe_3072, + &ff_dhe_4096, + &ff_dhe_6144, + &ff_dhe_8192, +}; + +static SSLDHEGroupType +selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups) +{ + if (!groups || !num_groups) + return ssl_dhe_group_none; + + /* We don't have automatic group parameter selection yet + * (potentially) based on socket parameters, e.g. key sizes. + * For now, we return the first available group from the allowed list. */ + return groups[0]; +} + +/* Ensure DH parameters have been selected */ +SECStatus +ssl3_SelectDHParams(sslSocket *ss) +{ + SSLDHEGroupType selectedGroup = ssl_dhe_group_none; + + if (ss->ssl3.dheWeakGroupEnabled) { + ss->dheParams = gWeakDHParams; + } else { + if (ss->ssl3.dheGroups) { + selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups, + ss->ssl3.numDHEGroups); + } else { + size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups); + selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups, + number_of_default_groups); + } + + if (selectedGroup == ssl_dhe_group_none || + selectedGroup >= ssl_dhe_group_max) { + return SECFailure; + } + + ss->dheParams = all_ssl3DHParams[selectedGroup]; + } + + return SECSuccess; +} /* LOCKS ??? XXX */ static PRFileDesc * @@ -1637,6 +1873,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount; + PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms, + sizeof(ss->ssl3.signatureAlgorithms[0]) * + sm->ssl3.signatureAlgorithmCount); + ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount; if (!ss->opt.useSecurity) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -2966,6 +3206,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) ss->certStatusArray[i] = NULL; } ss->stepDownKeyPair = NULL; + + ss->dheParams = NULL; + ss->dheKeyPair = NULL; + ss->dbHandle = CERT_GetDefaultCertDB(); /* Provide default implementation of hooks */ diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 1d28feb1..f9d83c85 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file contains prototypes for the public SSL functions. * @@ -55,13 +56,35 @@ typedef enum { #define kt_ecdh ssl_kea_ecdh #define kt_kea_size ssl_kea_size + +/* Values of this enum match the SignatureAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ typedef enum { - ssl_sign_null = 0, + ssl_sign_null = 0, /* "anonymous" in TLS */ ssl_sign_rsa = 1, ssl_sign_dsa = 2, ssl_sign_ecdsa = 3 } SSLSignType; +/* Values of this enum match the HashAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +typedef enum { + /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 + * and SHA1. The other values are only used in TLS 1.2. */ + ssl_hash_none = 0, + ssl_hash_md5 = 1, + ssl_hash_sha1 = 2, + ssl_hash_sha224 = 3, + ssl_hash_sha256 = 4, + ssl_hash_sha384 = 5, + ssl_hash_sha512 = 6 +} SSLHashType; + +typedef struct SSLSignatureAndHashAlgStr { + SSLHashType hashAlg; + SSLSignType sigAlg; +} SSLSignatureAndHashAlg; + typedef enum { ssl_auth_null = 0, ssl_auth_rsa = 1, @@ -124,6 +147,23 @@ typedef struct SSLChannelInfoStr { SSLCompressionMethod compressionMethod; } SSLChannelInfo; +/* Preliminary channel info */ +#define ssl_preinfo_version (1U << 0) +#define ssl_preinfo_cipher_suite (1U << 1) +#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite) + +typedef struct SSLPreliminaryChannelInfoStr { + /* This is set to the length of the struct. */ + PRUint32 length; + /* A bitfield over SSLPreliminaryValueSet that describes which + * preliminary values are set (see ssl_preinfo_*). */ + PRUint32 valuesSet; + /* Protocol version: test (valuesSet & ssl_preinfo_version) */ + PRUint16 protocolVersion; + /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ + PRUint16 cipherSuite; +} SSLPreliminaryChannelInfo; + typedef struct SSLCipherSuiteInfoStr { PRUint16 length; PRUint16 cipherSuite; @@ -197,4 +237,14 @@ typedef enum { #define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ +typedef enum { + ssl_dhe_group_none = 0, + ssl_ff_dhe_2048_group = 1, + ssl_ff_dhe_3072_group = 2, + ssl_ff_dhe_4096_group = 3, + ssl_ff_dhe_6144_group = 4, + ssl_ff_dhe_8192_group = 5, + ssl_dhe_group_max +} SSLDHEGroupType; + #endif /* __sslt_h_ */ diff --git a/security/nss/lib/ssl/sslver.c b/security/nss/lib/ssl/sslver.c index 35e0317e..666e2592 100644 --- a/security/nss/lib/ssl/sslver.c +++ b/security/nss/lib/ssl/sslver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ssl_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ssl_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/util/derdec.c b/security/nss/lib/util/derdec.c index c6219148..2c17ce93 100644 --- a/security/nss/lib/util/derdec.c +++ b/security/nss/lib/util/derdec.c @@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end, return SECFailure; } - *header_len_p = bp - buf; + *header_len_p = (int)(bp - buf); *contents_len_p = contents_len; return SECSuccess; diff --git a/security/nss/lib/util/derenc.c b/security/nss/lib/util/derenc.c index 90a9d2df..4a02e1a7 100644 --- a/security/nss/lib/util/derenc.c +++ b/security/nss/lib/util/derenc.c @@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) int header_len; PRUint32 contents_len; unsigned long encode_kind, under_kind; - PRBool explicit, optional, universal; + PRBool explicit, universal; /* @@ -301,7 +301,6 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) encode_kind = dtemplate->kind; explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE; - optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE; encode_kind &= ~DER_OPTIONAL; universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL) ? PR_TRUE : PR_FALSE; diff --git a/security/nss/lib/util/manifest.mn b/security/nss/lib/util/manifest.mn index 9ff3758f..36c2d1df 100644 --- a/security/nss/lib/util/manifest.mn +++ b/security/nss/lib/util/manifest.mn @@ -43,6 +43,7 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + verref.h \ templates.c \ $(NULL) diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c index da0702c0..5959982b 100644 --- a/security/nss/lib/util/nssb64e.c +++ b/security/nss/lib/util/nssb64e.c @@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, { char *out_string = outStrOpt; PRUint32 max_out_len; - PRUint32 out_len; + PRUint32 out_len = 0; void *mark = NULL; char *dummy; diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c index 65fceda2..fbbfbd6e 100644 --- a/security/nss/lib/util/nssrwlk.c +++ b/security/nss/lib/util/nssrwlk.c @@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) goto loser; } if (lock_name != NULL) { - rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1); + rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1); if (rwlock->rw_name == NULL) { goto loser; } diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index effeaacc..df476920 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,9 +19,9 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.18.0.1" +#define NSSUTIL_VERSION "3.20.0.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 18 +#define NSSUTIL_VMINOR 20 #define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index b0034616..23931413 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -824,6 +824,14 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 +/* TLS 1.2 mechanisms are new for v2.40 */ +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3 +#define CKM_TLS_MAC 0x000003E4 +#define CKM_TLS_KDF 0x000003E5 + #define CKM_KEY_WRAP_LYNKS 0x00000400 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 @@ -1648,6 +1656,45 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; +/* TLS 1.2 is new for version 2.40 */ +typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_KEY_MAT_PARAMS; + +typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +} CK_TLS_MAC_PARAMS; + +typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + /* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index f9776bb9..fe72b293 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag) PORT_SetError(SEC_ERROR_BAD_DER); return SECFailure; } - src->len -= (dest->data - src->data) + dest->len; + src->len -= (int)(dest->data - src->data) + dest->len; src->data = dest->data + dest->len; return SECSuccess; } @@ -270,13 +270,9 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry, if ( (tag & SEC_ASN1_CLASS_MASK) != (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) ) { -#ifdef DEBUG /* this is only to help debugging of the decoder in case of problems */ - unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; - unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; - tagclass = tagclass; - expectedclass = expectedclass; -#endif + /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */ + /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */ *match = PR_FALSE; return SECSuccess; } @@ -657,13 +653,12 @@ static SECStatus DecodeItem(void* dest, { SECStatus rv = SECSuccess; SECItem temp; - SECItem mark; + SECItem mark = {siBuffer, NULL, 0}; PRBool pop = PR_FALSE; PRBool decode = PR_TRUE; PRBool save = PR_FALSE; unsigned long kind; PRBool match = PR_TRUE; - PRBool optional = PR_FALSE; PR_ASSERT(src && dest && templateEntry && arena); #if 0 @@ -678,7 +673,6 @@ static SECStatus DecodeItem(void* dest, { /* do the template validation */ kind = templateEntry->kind; - optional = (0 != (kind & SEC_ASN1_OPTIONAL)); if (!kind) { PORT_SetError(SEC_ERROR_BAD_TEMPLATE); diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 5b1714a3..0414c47e 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -20,15 +20,9 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING; /* MISSI Mosaic Object ID space */ /* USGov algorithm OID space: { 2 16 840 1 101 } */ @@ -492,9 +486,6 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; -CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; -CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; -CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; @@ -1878,7 +1869,7 @@ static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static void @@ -1919,9 +1910,9 @@ SECOID_Init(void) const SECOidData *oid; int i; char * envVal; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_util_rcsid[0] + __nss_util_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_util_version +#include "verref.h" if (oidhash) { return SECSuccess; /* already initialized */ diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c index 106399d2..723d89b3 100644 --- a/security/nss/lib/util/secport.c +++ b/security/nss/lib/util/secport.c @@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) PZ_Lock(pool->lock); #ifdef THREADMARK { - threadmark_mark **pw, *tm; + threadmark_mark **pw; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); @@ -488,7 +488,6 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { @@ -536,7 +535,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { - threadmark_mark **pw, *tm; + threadmark_mark **pw; PZ_Lock(pool->lock); @@ -560,7 +559,6 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 5b09b9cb..1b8f4616 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -87,6 +87,13 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT +/* This runs a function that should return SECSuccess. */ +/* The value is asserted in a debug build, otherwise it is ignored. */ +#ifdef DEBUG +#define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) +#else +#define PORT_CheckSuccess(f) (f) +#endif #define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type)) #define PORT_New(type) (type*)PORT_Alloc(sizeof(type)) #define PORT_ArenaNew(poolp, type) \ diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index 0f5970f1..50e6c839 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -480,7 +480,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len, lib_len; + int name_len, lib_len = 0; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/security/nss/lib/util/verref.h b/security/nss/lib/util/verref.h new file mode 100644 index 00000000..2d141bb5 --- /dev/null +++ b/security/nss/lib/util/verref.h @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This header is used inline in a function to ensure that a version string + * symbol is linked in and not optimized out. A volatile reference is added to + * the variable identified by NSS_VERSION_VARIABLE. + * + * Use this as follows: + * + * #define NSS_VERSION_VARIABLE __nss_ssl_version + * #include "verref.h" + */ + +/* Suppress unused variable warnings. */ +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4101) +#endif +/* This works for both gcc and clang */ +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +#ifndef NSS_VERSION_VARIABLE +#error NSS_VERSION_VARIABLE must be set before including "verref.h" +#endif +{ + extern const char NSS_VERSION_VARIABLE[]; + volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0]; +} +#undef NSS_VERSION_VARIABLE + +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic pop +#endif diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index 1a23c19c..e77a353f 100644 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -292,6 +292,14 @@ cert_create_cert() return $RET fi + CU_ACTION="Import DSA Root CA for $CERTNAME" + certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \ + -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Import EC Root CA for $CERTNAME" certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ @@ -337,6 +345,60 @@ cert_add_cert() cert_log "SUCCESS: $CERTNAME's Cert Created" +# +# Generate and add DSA cert +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Sign ${CERTNAME}'s DSA Request" + certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import $CERTNAME's DSA Cert" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + cert_log "SUCCESS: $CERTNAME's DSA Cert Created" + +# Generate DSA certificate signed with RSA + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA" +# Avoid conflicting serial numbers with TestCA issuer by keeping +# this set far away. A smaller number risks colliding with the +# extended ssl user certificates. + NEWSERIAL=`expr ${CERTSERIAL} + 20000` + certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import $CERTNAME's mixed DSA Cert" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created" + # # Generate and add EC cert # @@ -430,6 +492,34 @@ cert_all_CA() # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last # in the chain + +# +# Create DSA version of TestCA + ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" + cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1" +# +# Create DSA versions of the intermediate CA certs + ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" + ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3" + ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4" + + ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" + ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6" + ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7" + + rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert +# dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last +# in the chain + + + + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Create EC version of TestCA @@ -540,6 +630,76 @@ CERTSCRIPT cp root.cert ${NICKNAME}.ca.cert } + + + + +################################ cert_dsa_CA ############################# +# local shell function to build the Temp. Certificate Authority (CA) +# used for testing purposes, creating a CA Certificate and a root cert +# This is the ECC version of cert_CA. +########################################################################## +cert_dsa_CA() +{ + CUR_CADIR=$1 + NICKNAME=$2 + SIGNER=$3 + TRUSTARG=$4 + DOMAIN=$5 + CERTSERIAL=$6 + + echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME ==========================" + + if [ ! -d "${CUR_CADIR}" ]; then + mkdir -p "${CUR_CADIR}" + fi + cd ${CUR_CADIR} + pwd + + LPROFILE=. + if [ -n "${MULTIACCESS_DBM}" ]; then + LPROFILE="multiaccess:${DOMAIN}" + fi + + ################# Creating an DSA CA Cert ############################### + # + CU_ACTION="Creating DSA CA Cert $NICKNAME " + CU_SUBJECT=$ALL_CU_SUBJECT + certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \ + -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \ + -m $CERTSERIAL 2>&1 <&1 +# +# Repeat the above for DSA certs +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" + cp ${CERTDIR}/req ${SERVER_CADIR} + certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + + CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)" + certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ + -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1 +# +# done with DSA certs +# +# Repeat again for mixed DSA certs +# + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" + cp ${CERTDIR}/req ${SERVER_CADIR} + certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + +# CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)" +# certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \ +# -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \ +# 2>&1 + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs @@ -794,7 +998,7 @@ cert_extended_ssl() for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ; do N=`basename $CA | sed -e "s/.ca.cert//"` - if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then + if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then T="-t C,C,C" else T="-t u,u,u" @@ -830,6 +1034,53 @@ cert_extended_ssl() certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 +# +# Repeat the above for DSA certs +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" + cp ${CERTDIR}/req ${CLIENT_CADIR} + certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + + CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" + certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ + -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 +# +# done with DSA certs +# +# +# Repeat the above for mixed DSA certs +# + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" + cp ${CERTDIR}/req ${CLIENT_CADIR} + certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + +# CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" +# certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ +# -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 +# +# done with mixed DSA certs +# + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs @@ -883,7 +1134,7 @@ cert_extended_ssl() for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ; do N=`basename $CA | sed -e "s/.ca.cert//"` - if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then + if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then T="-t T,C,C" else T="-t u,u,u" @@ -920,6 +1171,10 @@ cert_ssl() cert_add_cert CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" + + CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC" + certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" @@ -1422,6 +1677,24 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or + + CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority" + +# Until Bug 292285 is resolved, do not encode x400 Addresses. After +# the bug is resolved, reintroduce "x400Address:x400Address" within +# addext issuerAltNames ... + crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \ + -o ${CRL_FILE_GRP_1}_or-dsa < ${SERVEROUTFILE} 2>&1 & RET=$? else ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ - ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose & + ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 & RET=$? fi diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index c4fee164..c050dd8b 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -86,10 +86,21 @@ noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA noECC TLS12 z TLS12_RSA_WITH_NULL_SHA + noECC TLS12 :0016 TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA + noECC TLS12 :0032 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA + noECC TLS12 :0033 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA + noECC TLS12 :0038 TLS12_DHE_DSS_WITH_AES_256_CBC_SHA + noECC TLS12 :0039 TLS12_DHE_RSA_WITH_AES_256_CBC_SHA noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256 noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256 noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256 + noECC TLS12 :0040 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256 + noECC TLS12 :0067 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256 + noECC TLS12 :006A TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256 + noECC TLS12 :006B TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256 noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256 + noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256 + noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256 # # ECC ciphers (TLS) # diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt index dded8bd9..738d6904 100644 --- a/security/nss/tests/ssl/sslstress.txt +++ b/security/nss/tests/ssl/sslstress.txt @@ -44,6 +44,7 @@ ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256 ECC 0 -c_:C02F -V_ssl3:_-c_1000_-C_:C02F Stress TLS ECDHE-RSA AES 128 GCM ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket) + ECC 0 -c_:C009_-u -V_ssl3:_-c_100_-C_:C009_-u Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (session ticket) # # add client auth versions here... # @@ -53,3 +54,33 @@ ECC 0 -r_-r_-c_:C00E -V_ssl3:_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth) ECC 0 -r_-r_-c_:C013 -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth) ECC 0 -r_-r_-c_:C013_-u -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth) + +# +# ############################ DHE ciphers ############################ +# + noECC 0 -c_:0016 -V_ssl3:_-c_100_-C_:0016_-N Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse) + noECC 0 -c_:0033 -V_ssl3:_-c_1000_-C_:0033 Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA + + + noECC 0 -c_:0039 -V_ssl3:_-c_100_-C_:0039_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse) + noECC 0 -c_:0040 -V_ssl3:_-c_100_-C_:0040_-N Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse) + +# noECC 0 -c_:0038_-u -V_ssl3:_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket) +# use the above session ticket test, once session tickets with DHE_DSS are working + noECC 0 -c_:0038 -V_ssl3:_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse) + +# noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 +# use the above reuse test, once the session cache with DHE_DSS is working + noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse + + noECC 0 -c_:006B -V_ssl3:_-c_100_-C_:006B_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse) + noECC 0 -c_:009E -V_ssl3:_-c_100_-C_:009E_-N Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse) +# +# add client auth versions here... +# + noECC 0 -r_-r_-c_:0032 -V_ssl3:_-c_100_-C_:0032_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth) + noECC 0 -r_-r_-c_:0067 -V_ssl3:_-c_1000_-C_:0067_-n_TestUser-dsamixed Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth) + +# noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth) +# use the above session ticket test, once session tickets with DHE_DSS are working + noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth) From c8d341a4c9cdbc51054f7d144265f58d332a8c20 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Thu, 12 Jul 2018 22:40:37 +0800 Subject: [PATCH 12/20] nss: follow up of pervious commit: don't try to cast function pointers into data pointers, which cause C4054 error on VC7.1. --- .../nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c | 2 +- security/nss/lib/libpkix/pkix/store/pkix_store.c | 10 +++++----- security/nss/lib/libpkix/pkix/util/pkix_logger.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c index e9a9c03d..9967af9b 100644 --- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + + hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.c b/security/nss/lib/libpkix/pkix/store/pkix_store.c index af8be2bb..31c21ea1 100644 --- a/security/nss/lib/libpkix/pkix/store/pkix_store.c +++ b/security/nss/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + + *pHashcode = (PKIX_UInt32) certStore->certCallback + + (PKIX_UInt32) certStore->crlCallback + + (PKIX_UInt32) certStore->certContinue + + (PKIX_UInt32) certStore->crlContinue + + (PKIX_UInt32) certStore->trustCallback + (tempHash << 7); cleanup: diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.c b/security/nss/lib/libpkix/pkix/util/pkix_logger.c index a916e6e4..cfd870de 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + + hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; From 9d7cba4381d50a8c6b028e1a73bfeedd7fe60085 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Sun, 19 Aug 2018 00:30:36 +0800 Subject: [PATCH 13/20] Bug 940119 - Add Camellia-GCM support --- security/nss/lib/pk11wrap/debug_module.c | 1 + security/nss/lib/pk11wrap/pk11mech.c | 2 + security/nss/lib/pk11wrap/pk11slot.c | 1 + security/nss/lib/softoken/pkcs11.c | 1 + security/nss/lib/ssl/ssl3con.c | 82 ++++++++++++++++++------ security/nss/lib/ssl/ssl3ecc.c | 4 ++ security/nss/lib/ssl/sslenum.c | 2 + security/nss/lib/ssl/sslimpl.h | 7 +- security/nss/lib/ssl/sslinfo.c | 3 + security/nss/lib/ssl/sslproto.h | 3 + security/nss/lib/ssl/sslt.h | 3 +- security/nss/lib/util/pkcs11t.h | 1 + security/nss/tests/ssl/sslcov.txt | 2 + 13 files changed, 88 insertions(+), 24 deletions(-) diff --git a/security/nss/lib/pk11wrap/debug_module.c b/security/nss/lib/pk11wrap/debug_module.c index 89ebacca..2ea1145e 100644 --- a/security/nss/lib/pk11wrap/debug_module.c +++ b/security/nss/lib/pk11wrap/debug_module.c @@ -370,6 +370,7 @@ static void print_mechanism(CK_MECHANISM_PTR m) CASE(CKM_CAMELLIA_KEY_GEN); CASE(CKM_CAMELLIA_MAC); CASE(CKM_CAMELLIA_MAC_GENERAL); + CASE(CKM_CAMELLIA_GCM); CASE(CKM_CDMF_CBC); CASE(CKM_CDMF_CBC_PAD); CASE(CKM_CDMF_ECB); diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index b7a7296b..d8b82277 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -218,6 +218,7 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_CAMELLIA_MAC_GENERAL: case CKM_CAMELLIA_CBC_PAD: case CKM_CAMELLIA_KEY_GEN: + case CKM_CAMELLIA_GCM: return CKK_CAMELLIA; case CKM_AES_ECB: case CKM_AES_CBC: @@ -428,6 +429,7 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_CAMELLIA_MAC_GENERAL: case CKM_CAMELLIA_CBC_PAD: case CKM_CAMELLIA_KEY_GEN: + case CKM_CAMELLIA_GCM: return CKM_CAMELLIA_KEY_GEN; case CKM_AES_ECB: case CKM_AES_CBC: diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 044956fe..07a8c885 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -832,6 +832,7 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type) return &pk11_seedSlotList; case CKM_CAMELLIA_CBC: case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_GCM: return &pk11_camelliaSlotList; case CKM_AES_CBC: case CKM_AES_CCM: diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index e52c57db..1a835238 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -363,6 +363,7 @@ static const struct mechanismList mechanisms[] = { {CKM_CAMELLIA_MAC, {16, 32, CKF_SN_VR}, PR_TRUE}, {CKM_CAMELLIA_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE}, {CKM_CAMELLIA_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, + {CKM_CAMELLIA_GCM, {16, 32, CKF_EN_DE}, PR_TRUE}, /* ------------------------- SEED Operations --------------------------- */ {CKM_SEED_KEY_GEN, {16, 16, CKF_GENERATE}, PR_TRUE}, {CKM_SEED_ECB, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}, diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 7da3aa6d..cf0f23ba 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -68,11 +68,11 @@ static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, const unsigned char *input, int inputLen); #ifndef NO_PKCS11_BYPASS -static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, +static SECStatus ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, unsigned char *out, int *outlen, int maxout, const unsigned char *in, int inlen, const unsigned char *additionalData, - int additionalDataLen); + int additionalDataLen, SSLCipherAlgorithm calg); #endif #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ @@ -92,6 +92,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ @@ -287,6 +289,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, + {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; @@ -413,6 +416,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_rsa}, + {TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_ecdsa}, {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss}, {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, @@ -482,6 +487,7 @@ static const SSLCipher2Mech alg2Mech[] = { { calg_camellia , CKM_CAMELLIA_CBC }, { calg_seed , CKM_SEED_CBC }, { calg_aes_gcm , CKM_AES_GCM }, + { calg_camellia_gcm , CKM_CAMELLIA_GCM }, /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ }; @@ -522,6 +528,7 @@ const char * const ssl3_cipherName[] = { "Camellia-256", "SEED-CBC", "AES-128-GCM", + "Camellia-128-GCM", "missing" }; @@ -660,7 +667,9 @@ ssl3_CipherSuiteAllowedForVersionRange( return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; @@ -1661,13 +1670,13 @@ ssl3_InitPendingContextsBypass(sslSocket *ss) calg = cipher_def->calg; - if (calg == ssl_calg_aes_gcm) { + if ( cipher_def == type_aead ) { pwSpec->encode = NULL; pwSpec->decode = NULL; pwSpec->destroy = NULL; pwSpec->encodeContext = NULL; pwSpec->decodeContext = NULL; - pwSpec->aead = ssl3_AESGCMBypass; + pwSpec->aead = ssl3_CipherGCMBypass; ssl3_InitCompressionContext(pwSpec); return SECSuccess; } @@ -1882,7 +1891,7 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out, } static SECStatus -ssl3_AESGCM(ssl3KeyMaterial *keys, +ssl3_CipherGCM(ssl3KeyMaterial *keys, PRBool doDecrypt, unsigned char *out, int *outlen, @@ -1890,13 +1899,15 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, const unsigned char *in, int inlen, const unsigned char *additionalData, - int additionalDataLen) + int additionalDataLen, + SSLCipherAlgorithm calg) { SECItem param; SECStatus rv = SECFailure; unsigned char nonce[12]; unsigned int uOutLen; CK_GCM_PARAMS gcmParams; + CK_MECHANISM_TYPE mechanism; static const int tagSize = 16; static const int explicitNonceLen = 8; @@ -1931,11 +1942,20 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, gcmParams.ulAADLen = additionalDataLen; gcmParams.ulTagBits = tagSize * 8; + switch (calg) { + case calg_aes_gcm: + mechanism = CKM_AES_GCM; + break; + case calg_camellia_gcm: + mechanism = CKM_CAMELLIA_GCM; + break; + } + if (doDecrypt) { - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, + rv = PK11_Decrypt(keys->write_key, mechanism, ¶m, out, &uOutLen, maxout, in, inlen); } else { - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, + rv = PK11_Encrypt(keys->write_key, mechanism, ¶m, out, &uOutLen, maxout, in, inlen); } *outlen += (int) uOutLen; @@ -1945,7 +1965,7 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, #ifndef NO_PKCS11_BYPASS static SECStatus -ssl3_AESGCMBypass(ssl3KeyMaterial *keys, +ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, unsigned char *out, int *outlen, @@ -1953,12 +1973,12 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, const unsigned char *in, int inlen, const unsigned char *additionalData, - int additionalDataLen) + int additionalDataLen, + SSLCipherAlgorithm calg) { SECStatus rv = SECFailure; unsigned char nonce[12]; unsigned int uOutLen; - AESContext *cx; CK_GCM_PARAMS gcmParams; static const int tagSize = 16; @@ -1996,8 +2016,28 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, gcmParams.ulAADLen = additionalDataLen; gcmParams.ulTagBits = tagSize * 8; - cx = (AESContext *)keys->cipher_context; - rv = AES_InitContext(cx, keys->write_key_item.data, + void *cx = keys->cipher_context; + BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; + SSLCipher encode = (SSLCipher)NULL; + SSLCipher decode = (SSLCipher)NULL; + SSLDestroy destroy = (SSLDestroy)NULL; + + switch (calg) { + case calg_aes_gcm: + initFn = (BLapiInitContextFunc)AES_InitContext; + encode = (SSLCipher) AES_Encrypt; + decode = (SSLCipher) AES_Decrypt; + destroy = (SSLDestroy) AES_DestroyContext; + break; + case calg_camellia_gcm: + initFn = (BLapiInitContextFunc)Camellia_InitContext; + encode = (SSLCipher) Camellia_Encrypt; + decode = (SSLCipher) Camellia_Decrypt; + destroy = (SSLDestroy) Camellia_DestroyContext; + break; + } + + rv = (*initFn)(cx, keys->write_key_item.data, keys->write_key_item.len, (unsigned char *)&gcmParams, NSS_AES_GCM, !doDecrypt, AES_BLOCK_SIZE); @@ -2005,11 +2045,11 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, return rv; } if (doDecrypt) { - rv = AES_Decrypt(cx, out, &uOutLen, maxout, in, inlen); + rv = (*decode)(cx, out, &uOutLen, maxout, in, inlen); } else { - rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen); + rv = (*encode)(cx, out, &uOutLen, maxout, in, inlen); } - AES_DestroyContext(cx, PR_FALSE); + (*destroy)(cx, PR_FALSE); *outlen += (int) uOutLen; return rv; @@ -2049,13 +2089,13 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) pwSpec->client.write_mac_context = NULL; pwSpec->server.write_mac_context = NULL; - if (calg == calg_aes_gcm) { + if (cipher_def->type == type_aead) { pwSpec->encode = NULL; pwSpec->decode = NULL; pwSpec->destroy = NULL; pwSpec->encodeContext = NULL; pwSpec->decodeContext = NULL; - pwSpec->aead = ssl3_AESGCM; + pwSpec->aead = ssl3_CipherGCM; return SECSuccess; } @@ -2629,7 +2669,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, &cipherBytes, /* out len */ wrBuf->space - headerLen, /* max out */ pIn, contentLen, /* input */ - pseudoHeader, pseudoHeaderLen); + pseudoHeader, pseudoHeaderLen, cipher_def->calg); if (rv != SECSuccess) { PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); return SECFailure; @@ -4395,7 +4435,7 @@ static const struct { * If the hash is not recognised, SEC_OID_UNKNOWN is returned. * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -SECOidTag +static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) { unsigned int i; @@ -11884,7 +11924,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) plaintext->space, /* maxout */ cText->buf->buf, /* in */ cText->buf->len, /* inlen */ - header, headerLen); + header, headerLen, cipher_def->calg); if (rv != SECSuccess) { good = 0; } diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 5dbca165..43af5294 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -914,6 +914,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, @@ -925,6 +926,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, @@ -937,6 +939,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, @@ -944,6 +947,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index f69aed2d..3b09b5bd 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -50,6 +50,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { #ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index e155a080..dc3c73ee 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -56,6 +56,7 @@ typedef SSLSignType SSL3SignType; #define calg_camellia ssl_calg_camellia #define calg_seed ssl_calg_seed #define calg_aes_gcm ssl_calg_aes_gcm +#define calg_camellia_gcm ssl_calg_camellia_gcm #define mac_null ssl_mac_null #define mac_md5 ssl_mac_md5 @@ -300,7 +301,7 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 64 +#define ssl_V3_SUITES_IMPLEMENTED 66 #else #define ssl_V3_SUITES_IMPLEMENTED 40 #endif /* NSS_DISABLE_ECC */ @@ -485,6 +486,7 @@ typedef enum { cipher_camellia_256, cipher_seed, cipher_aes_128_gcm, + cipher_camellia_128_gcm, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ } SSL3BulkCipher; @@ -546,7 +548,8 @@ typedef SECStatus (*SSLAEADCipher)( const unsigned char *in, int inlen, const unsigned char *additionalData, - int additionalDataLen); + int additionalDataLen, + SSLCipherAlgorithm calg); typedef SECStatus (*SSLCompressor)(void * context, unsigned char * out, int * outlen, diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index d2df8c2e..48b77b01 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -146,6 +146,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, #define C_NULL "NULL", calg_null #define C_SJ "SKIPJACK", calg_sj #define C_AESGCM "AES-GCM", calg_aes_gcm +#define C_CAMELLIAGCM "CAMELLIA-GCM", calg_camellia_gcm #define B_256 256, 256, 256 #define B_128 128, 128, 128 @@ -213,7 +214,9 @@ static const SSLCipherSuiteInfo suiteInfo[] = { #ifndef NSS_DISABLE_ECC /* ECC cipher suites */ {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 2db47a53..246447b7 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -260,6 +260,9 @@ #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 +#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A + /* Netscape "experimental" cipher suites. */ #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index f9d83c85..7aaa1604 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -104,7 +104,8 @@ typedef enum { ssl_calg_aes = 7, ssl_calg_camellia = 8, ssl_calg_seed = 9, - ssl_calg_aes_gcm = 10 + ssl_calg_aes_gcm = 10, + ssl_calg_camellia_gcm = 11 } SSLCipherAlgorithm; typedef enum { diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index 23931413..d03c9b5e 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -915,6 +915,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_CAMELLIA_CBC_PAD 0x00000555 #define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 #define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 +#define CKM_CAMELLIA_GCM 0x00000558 #define CKM_SEED_KEY_GEN 0x00000650 #define CKM_SEED_ECB 0x00000651 diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index c050dd8b..f24318ea 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -170,3 +170,5 @@ ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECC TLS12 :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECC TLS12 :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + ECC TLS12 :C086 TLS12_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 + ECC TLS12 :C08A TLS12_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 From ee63982defe4f153e0ebc0a7756f3aeccd47e9d0 Mon Sep 17 00:00:00 2001 From: roytam1 Date: Thu, 15 Nov 2018 22:09:09 +0800 Subject: [PATCH 14/20] allow accessing non-standard port of gopher by toggling network.gopher.port-restricted to false (default: true) --- modules/libpref/src/init/all.js | 3 +++ netwerk/protocol/gopher/src/nsGopherChannel.cpp | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/libpref/src/init/all.js b/modules/libpref/src/init/all.js index 03179400..683f7de8 100644 --- a/modules/libpref/src/init/all.js +++ b/modules/libpref/src/init/all.js @@ -2390,3 +2390,6 @@ pref("print.print_command", "lp -c -s ${MOZ_PRINTER_NAME:+'-d '}${MOZ_PRINTER_NA #ifdef MOZ_X11 pref("network.gnomevfs.supported-protocols", "smb:,sftp:"); #endif + +// restrict gopher port to port 70 only +pref("network.gopher.port-restricted", true); diff --git a/netwerk/protocol/gopher/src/nsGopherChannel.cpp b/netwerk/protocol/gopher/src/nsGopherChannel.cpp index c286cd97..8196b235 100644 --- a/netwerk/protocol/gopher/src/nsGopherChannel.cpp +++ b/netwerk/protocol/gopher/src/nsGopherChannel.cpp @@ -122,13 +122,21 @@ nsGopherChannel::Init(nsIURI* uri, nsIProxyInfo* proxyInfo) if (NS_FAILED(rv)) return rv; + PRBool restrictedPort = PR_TRUE; + nsCOMPtr branch; + nsCOMPtr prefs = do_GetService("@mozilla.org/preferences-service;1", &rv); + if (!NS_FAILED(rv)) { + branch = do_QueryInterface(prefs); + + branch->GetBoolPref("network.gopher.port-restricted" , &restrictedPort); + } // For security reasons, don't allow anything expect the default // gopher port (70). See bug 71916 - bbaetz@cs.mcgill.ca -/* - if (mPort==-1) + if(!restrictedPort) { + if (mPort==-1) + mPort=GOPHER_PORT; + } else mPort=GOPHER_PORT; -*/ - mPort=GOPHER_PORT; // No path given if (buffer[0]=='\0' || (buffer[0]=='/' && buffer[1]=='\0')) { From 045da71b23bdcd7f7f8aa23f0ade7ae167f2671e Mon Sep 17 00:00:00 2001 From: roytam1 Date: Thu, 15 Nov 2018 23:17:51 +0800 Subject: [PATCH 15/20] index2html: use -moz-pre-wrap --- netwerk/streamconv/converters/nsIndexedToHTML.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netwerk/streamconv/converters/nsIndexedToHTML.cpp b/netwerk/streamconv/converters/nsIndexedToHTML.cpp index a9fe9ff4..0bae31ed 100644 --- a/netwerk/streamconv/converters/nsIndexedToHTML.cpp +++ b/netwerk/streamconv/converters/nsIndexedToHTML.cpp @@ -376,7 +376,7 @@ nsIndexedToHTML::DoOnStartRequest(nsIRequest* request, nsISupports *aContext, buffer.AppendLiteral("