kamp/RetroZilla
1
0
Fork 0
mirror of https://github.com/rn10950/RetroZilla.git synced 2024-11-10 18:00:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

cherry-picked mozilla NSS upstream changes (to rev 902bc119dcdb, which is on par with 3.17.2):

Browse Source 
bug920719, bug1026148, bug1028647, bug963150, bug1030486, bug1025729, bug836658, bug1028582, bug1038728, bug1038526, bug1042634, bug1047210, bug1043891, bug1043108, bug1046735, bug1043082, bug1036735, bug1046718, bug1050107, bug1054625, bug1057465, bug1057476, bug1041326, bug1058933, bug1064636, bug1057161, bug1078669, bug1049435, bug1070493, bug1083360, bug1028764, bug1065990, bug1073330, bug1064670, bug1094650
This commit is contained in:
roytam1 2018-07-11 21:35:15 +08:00
parent 5f6fb75167
commit 98d377b37b
66 changed files with 1082 additions and 557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/nss/Makefile
View File

@ -73,6 +73,9 @@ endif
ifdef USE_DEBUG_RTL
NSPR_CONFIGURE_OPTS += --enable-debug-rtl
endif
ifdef USE_STATIC_RTL
NSPR_CONFIGURE_OPTS += --enable-static-rtl
endif
ifdef NS_USE_GCC
NSPR_COMPILERS = CC=gcc CXX=g++
endif

2
security/nss/cmd/certutil/certutil.c
View File

@ -2367,7 +2367,7 @@ secuCommandFlag options_init[] =
"keyAttrFlags"},
{ /* opt_EmptyPassword */ 0, PR_FALSE, 0, PR_FALSE,
"empty-password"},
{ /* opt_CertVersion */ 0, PR_FALSE, 0, PR_FALSE,
{ /* opt_CertVersion */ 0, PR_TRUE, 0, PR_FALSE,
"certVersion"},
{ /* opt_AddSubjectAltExt */ 0, PR_TRUE, 0, PR_FALSE, "extSAN"},
{ /* opt_DumpExtensionValue */ 0, PR_TRUE, 0, PR_FALSE,

4
security/nss/cmd/lib/secutil.c
View File

@ -92,6 +92,7 @@ SECU_GetPasswordString(void *arg, char *prompt)
output = fopen(consoleName, "w");
if (output == NULL) {
fprintf(stderr, "Error opening output terminal for write\n");
fclose(input);
return NULL;
}
@ -290,6 +291,9 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
output = fopen(consoleName, "w");
if (output == NULL) {
PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
#ifndef _WINDOWS
fclose(input);
#endif
return NULL;
}

6
security/nss/cmd/rsaperf/rsaperf.c
View File

@ -401,8 +401,6 @@ main(int argc, char **argv)
Usage(progName);
}
if (!doPriv && !doPub) doPriv = PR_TRUE;
if (doIters && doTime) Usage(progName);
if (!doTime) {
@ -430,8 +428,6 @@ main(int argc, char **argv)
if (useTokenKey) {
CK_OBJECT_HANDLE kh = CK_INVALID_HANDLE;
CERTCertDBHandle* certdb = NULL;
certdb = CERT_GetDefaultCertDB();
cert = PK11_FindCertFromNickname(nickname, &pwData);
if (cert == NULL) {
@ -490,8 +486,6 @@ main(int argc, char **argv)
exit(1);
}
doKeyGen = PR_TRUE; /* Always do a keygen for session keys.
Import of hardcoded key is not supported */
/* do a temporary keygen in selected slot */
if (!keybits) {
keybits = DEFAULT_KEY_BITS;

1
security/nss/cmd/ssltap/ssltap.c
View File

@ -403,6 +403,7 @@ const char * V2CipherString(int cs_int)
case 0x00009E: cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256"; break;
case 0x0000FF: cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; break;
case 0x005600: cs_str = "TLS_FALLBACK_SCSV"; break;
case 0x00C001: cs_str = "TLS/ECDH-ECDSA/NULL/SHA"; break;
case 0x00C002: cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA"; break;

16
security/nss/cmd/tstclnt/tstclnt.c
View File

@ -180,7 +180,7 @@ static void PrintUsageHeader(const char *progName)
fprintf(stderr,
"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
"[-d certdir] [-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
"[-V [min-version]:[max-version]] [-T]\n"
"[-V [min-version]:[max-version]] [-K] [-T]\n"
"[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
progName);
}
@ -206,6 +206,7 @@ static void PrintParameterUsage(void)
"%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
"%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
"-V [min]:[max]", "", "", "");
fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");
fprintf(stderr, "%-20s Client speaks first. \n", "-f");
fprintf(stderr, "%-20s Use synchronous certificate validation "
@ -807,6 +808,7 @@ int main(int argc, char **argv)
int enableCompression = 0;
int enableFalseStart = 0;
int enableCertStatus = 0;
int forceFallbackSCSV = 0;
PRSocketOptionData opt;
PRNetAddr addr;
PRPollDesc pollset[2];
@ -852,7 +854,7 @@ int main(int argc, char **argv)
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
optstate = PL_CreateOptState(argc, argv,
"46BFM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz");
"46BFKM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
@ -874,6 +876,8 @@ int main(int argc, char **argv)
case 'O': serverCertAuth.shouldPause = PR_FALSE; break;
case 'K': forceFallbackSCSV = PR_TRUE; break;
case 'M': switch (atoi(optstate->value)) {
case 1:
serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
@ -1218,6 +1222,14 @@ int main(int argc, char **argv)
return 1;
}
if (forceFallbackSCSV) {
rv = SSL_OptionSet(s, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error forcing fallback scsv");
return 1;
}
}
/* enable cert status (OCSP stapling). */
rv = SSL_OptionSet(s, SSL_ENABLE_OCSP_STAPLING, enableCertStatus);
if (rv != SECSuccess) {

43
security/nss/coreconf/WIN32.mk
View File

@ -30,9 +30,16 @@ else
BSDECHO = echo
RC = rc.exe
MT = mt.exe
# Check for clang-cl
CLANG_CL := $(shell expr `$(CC) -? 2>&1 | grep -w clang | wc -l` \> 0)
# Determine compiler version
ifeq ($(CLANG_CL),1)
# clang-cl pretends to be MSVC 2012.
CC_VERSION := 17.00.00.00
else
CC_VERSION := $(shell $(CC) 2>&1 | sed -ne \
's|.* \([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p')
endif
# Change the dots to spaces.
_CC_VERSION_WORDS := $(subst ., ,$(CC_VERSION))
_CC_VMAJOR := $(word 1,$(_CC_VERSION_WORDS))
@ -44,6 +51,8 @@ else
# VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01.
_MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \
$(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219)
# VC11 (2012).
_MSC_VER_GE_11 := $(shell expr $(_MSC_VER) \>= 1700)
# VC12 (2013).
_MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800)
ifeq ($(_CC_VMAJOR),14)
@ -127,8 +136,26 @@ else # !NS_USE_GCC
ifdef USE_DYNAMICBASE
OS_DLLFLAGS += -DYNAMICBASE
endif
ifdef BUILD_OPT
#
# Define USE_DEBUG_RTL if you want to use the debug runtime library
# (RTL) in the debug build.
# Define USE_STATIC_RTL if you want to use the static RTL.
#
ifdef USE_DEBUG_RTL
ifdef USE_STATIC_RTL
OS_CFLAGS += -MTd
else
OS_CFLAGS += -MDd
endif
OS_CFLAGS += -D_CRTDBG_MAP_ALLOC
else
ifdef USE_STATIC_RTL
OS_CFLAGS += -MT
else
OS_CFLAGS += -MD
endif
endif
ifdef BUILD_OPT
ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
OPTIMIZER += -O1
else
@ -146,15 +173,6 @@ else # !NS_USE_GCC
LDFLAGS += -DEBUG -OPT:REF
endif
else
#
# Define USE_DEBUG_RTL if you want to use the debug runtime library
# (RTL) in the debug build
#
ifdef USE_DEBUG_RTL
OS_CFLAGS += -MDd -D_CRTDBG_MAP_ALLOC
else
OS_CFLAGS += -MD
endif
OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
NULLSTRING :=
SPACE := $(NULLSTRING) # end of the line
@ -194,6 +212,11 @@ ifdef USE_64
DEFINES += -D_AMD64_
else
DEFINES += -D_X86_
# VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring
# SSE2.
ifeq ($(_MSC_VER_GE_11),1)
OS_CFLAGS += -arch:IA32
endif
endif
endif
ifeq ($(CPU_ARCH), ALPHA)

45
security/nss/doc/certutil.xml
View File

@ -203,6 +203,11 @@ If this option is not used, the validity check defaults to the current system ti
</listitem>
</varlistentry>
<varlistentry>
<term>--dump-ext-val OID </term>
<listitem><para>For single cert, print binary DER encoding of extension OID.</para></listitem>
</varlistentry>
<varlistentry>
<term>-e </term>
<listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
@ -213,6 +218,26 @@ If this option is not used, the validity check defaults to the current system ti
<listitem><para>Specify the email address of a certificate to list. Used with the -L command option.</para></listitem>
</varlistentry>
<varlistentry>
<term>--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </term>
<listitem>
<para>
Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
</para>
<itemizedlist>
<listitem>
<para>OID (example): 1.2.3.4</para>
</listitem>
<listitem>
<para>critical-flag: critical or not-critical</para>
</listitem>
<listitem>
<para>filename: full path to a file containing an encoded extension</para>
</listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>-f password-file</term>
<listitem><para>Specify a file that will automatically supply the password to include in a certificate
@ -376,6 +401,15 @@ of the attribute codes:
<para><command>V</command> (as an SSL server)</para>
</listitem>
<listitem>
<para><command>L</command> (as an SSL CA)</para>
</listitem>
<listitem>
<para><command>A</command> (as Any CA)</para>
</listitem>
<listitem>
<para><command>Y</command> (Verify CA)</para>
</listitem>
<listitem>
<para><command>S</command> (as an email signer)</para>
</listitem>
<listitem>
@ -648,6 +682,17 @@ of the attribute codes:
<listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
</varlistentry>
<varlistentry>
<term>--extSAN type:name[,type:name]...</term>
<listitem><para>
Create a Subject Alt Name extension with one or multiple names.
</para>
<para>
-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--empty-password</term>
<listitem><para>Use empty password when creating new certificate database with -N.</para></listitem>

14
security/nss/doc/html/certutil.html
View File

@ -1,4 +1,4 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261230240"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm226659332128"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argument is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the
<code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname.
</p><p>
@ -10,7 +10,9 @@ For certificate requests, ASCII output defaults to standard output unless redire
</p><p>
If this option is not used, the validity check defaults to the current system time.</p></dd><dt><span class="term">-c issuer</span></dt><dd><p>Identify the certificate of the CA from which a new certificate will derive its authenticity.
Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string
with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate
with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">--dump-ext-val OID </span></dt><dd><p>For single cert, print binary DER encoding of extension OID.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </span></dt><dd><p>
Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>OID (example): 1.2.3.4</p></li><li class="listitem"><p>critical-flag: critical or not-critical</p></li><li class="listitem"><p>filename: full path to a file containing an encoded extension</p></li></ul></div></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate
or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent
unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
The valid key type options are rsa, dsa, ec, or all. The default
@ -54,7 +56,7 @@ of the attribute codes:
</p></li></ul></div><p>
The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
</p><p><span class="command"><strong>-t "TCu,Cu,Tu"</strong></span></p><p>
Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Specify a usage context to apply when validating a certificate with the -V option.</p><p>The contexts are the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>C</strong></span> (as an SSL client)</p></li><li class="listitem"><p><span class="command"><strong>V</strong></span> (as an SSL server)</p></li><li class="listitem"><p><span class="command"><strong>S</strong></span> (as an email signer)</p></li><li class="listitem"><p><span class="command"><strong>R</strong></span> (as an email recipient)</p></li><li class="listitem"><p><span class="command"><strong>O</strong></span> (as an OCSP status responder)</p></li><li class="listitem"><p><span class="command"><strong>J</strong></span> (as an object signer)</p></li></ul></div></dd><dt><span class="term">-v valid-months</span></dt><dd><p>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <code class="option">-w</code> option. If this argument is not used, the default validity period is three months. </p></dd><dt><span class="term">-w offset-months</span></dt><dd><p>Set an offset from the current system time, in months,
Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Specify a usage context to apply when validating a certificate with the -V option.</p><p>The contexts are the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>C</strong></span> (as an SSL client)</p></li><li class="listitem"><p><span class="command"><strong>V</strong></span> (as an SSL server)</p></li><li class="listitem"><p><span class="command"><strong>L</strong></span> (as an SSL CA)</p></li><li class="listitem"><p><span class="command"><strong>A</strong></span> (as Any CA)</p></li><li class="listitem"><p><span class="command"><strong>Y</strong></span> (Verify CA)</p></li><li class="listitem"><p><span class="command"><strong>S</strong></span> (as an email signer)</p></li><li class="listitem"><p><span class="command"><strong>R</strong></span> (as an email recipient)</p></li><li class="listitem"><p><span class="command"><strong>O</strong></span> (as an OCSP status responder)</p></li><li class="listitem"><p><span class="command"><strong>J</strong></span> (as an object signer)</p></li></ul></div></dd><dt><span class="term">-v valid-months</span></dt><dd><p>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <code class="option">-w</code> option. If this argument is not used, the default validity period is three months. </p></dd><dt><span class="term">-w offset-months</span></dt><dd><p>Set an offset from the current system time, in months,
for the beginning of a certificate's validity period. Use when creating
the certificate or adding it to a database. Express the offset in integers,
using a minus sign (-) to indicate a negative offset. If this argument is
@ -109,7 +111,11 @@ of the attribute codes:
msTrustListSign
</p></li><li class="listitem"><p>
critical
</p></li></ul></div><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-7 emailAddrs</span></dt><dd><p>Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">-8 dns-names</span></dt><dd><p>Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">--extAIA</span></dt><dd><p>Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSIA</span></dt><dd><p>Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extCP</span></dt><dd><p>Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPM</span></dt><dd><p>Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPC</span></dt><dd><p>Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extIA</span></dt><dd><p>Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSKID</span></dt><dd><p>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extNC</span></dt><dd><p>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--empty-password</span></dt><dd><p>Use empty password when creating new certificate database with -N.</p></dd><dt><span class="term">--keyAttrFlags attrflags</span></dt><dd><p>
</p></li></ul></div><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-7 emailAddrs</span></dt><dd><p>Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">-8 dns-names</span></dt><dd><p>Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">--extAIA</span></dt><dd><p>Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSIA</span></dt><dd><p>Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extCP</span></dt><dd><p>Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPM</span></dt><dd><p>Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPC</span></dt><dd><p>Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extIA</span></dt><dd><p>Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSKID</span></dt><dd><p>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extNC</span></dt><dd><p>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSAN type:name[,type:name]...</span></dt><dd><p>
Create a Subject Alt Name extension with one or multiple names.
</p><p>
-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
</p></dd><dt><span class="term">--empty-password</span></dt><dd><p>Use empty password when creating new certificate database with -N.</p></dd><dt><span class="term">--keyAttrFlags attrflags</span></dt><dd><p>
PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</p></dd><dt><span class="term">--keyOpFlagsOn opflags, </span><span class="term">--keyOpFlagsOff opflags</span></dt><dd><p>
PKCS #11 key Operation Flags.
Comma separated list of one or more of the following:

6
security/nss/doc/html/pp.html
View File

@ -1,7 +1,7 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp — Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output]</code> </p></div></div><div class="refsection"><a name="idm233254308544"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="idm233250605968"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request,
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp — Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output] [-u] [-w]</code> </p></div></div><div class="refsection"><a name="idm226689875920"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="idm226686118544"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request,
pkcs7 or crl files
</p></div><div class="refsection"><a name="idm233250603984"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p>
</p></div><div class="refsection"><a name="idm226686116608"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd><dt><span class="term"><code class="option">-u </code> </span></dt><dd>Use UTF-8 (default is to show non-ascii as .)</dd><dt><span class="term"><code class="option">-w </code> </span></dt><dd>Don't wrap long output lines</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p>
Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
</p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
</p></div></div><div class="navfooter"><hr></div></body></html>

90
security/nss/doc/nroff/certutil.1
View File

@ -2,12 +2,12 @@
.\" Title: CERTUTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 5 June 2014
.\" Date: 29 July 2014
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "CERTUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
.TH "CERTUTIL" "1" "29 July 2014" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -250,6 +250,11 @@ If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE
is the default\&.
.RE
.PP
\-\-dump\-ext\-val OID
.RS 4
For single cert, print binary DER encoding of extension OID\&.
.RE
.PP
\-e
.RS 4
Check a certificate\*(Aqs signature during the process of validating a certificate\&.
@ -260,6 +265,44 @@ Check a certificate\*(Aqs signature during the process of validating a certifica
Specify the email address of a certificate to list\&. Used with the \-L command option\&.
.RE
.PP
\-\-extGeneric OID:critical\-flag:filename[,OID:critical\-flag:filename]\&.\&.\&.
.RS 4
Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files\&.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
OID (example): 1\&.2\&.3\&.4
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
critical\-flag: critical or not\-critical
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
filename: full path to a file containing an encoded extension
.RE
.RE
.PP
\-f password\-file
.RS 4
Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&.
@ -461,6 +504,42 @@ The contexts are the following:
.sp -1
.IP \(bu 2.3
.\}
\fBL\fR
(as an SSL CA)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBA\fR
(as Any CA)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBY\fR
(Verify CA)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBS\fR
(as an email signer)
.RE
@ -914,6 +993,13 @@ Add the Subject Key ID extension to the certificate\&. X\&.509 certificate exten
Add a Name Constraint extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
.RE
.PP
\-\-extSAN type:name[,type:name]\&.\&.\&.
.RS 4
Create a Subject Alt Name extension with one or multiple names\&.
.sp
\-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
.RE
.PP
\-\-empty\-password
.RS 4
Use empty password when creating new certificate database with \-N\&.

20
security/nss/doc/nroff/pp.1
View File

@ -2,12 +2,12 @@
.\" Title: PP
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 5 June 2014
.\" Date: 29 July 2014
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "PP" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
.TH "PP" "1" "29 July 2014" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -30,8 +30,8 @@
.SH "NAME"
pp \- Prints certificates, keys, crls, and pkcs7 files
.SH "SYNOPSIS"
.HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\fR\ 'u
\fBpp \-t type [\-a] [\-i input] [\-o output]\fR
.HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\ [\-u]\ [\-w]\fR\ 'u
\fBpp \-t type [\-a] [\-i input] [\-o output] [\-u] [\-w]\fR
.SH "STATUS"
.PP
This documentation is still work in progress\&. Please contribute to the initial review in
@ -57,10 +57,20 @@ Input is in ascii encoded form (RFC1113)
Define an input file to use (default is stdin)
.RE
.PP
\fB\-u \fR \fIoutputfile\fR
\fB\-o \fR \fIoutputfile\fR
.RS 4
Define an output file to use (default is stdout)
.RE
.PP
\fB\-u \fR
.RS 4
Use UTF\-8 (default is to show non\-ascii as \&.)
.RE
.PP
\fB\-w \fR
.RS 4
Don\*(Aqt wrap long output lines
.RE
.SH "ADDITIONAL RESOURCES"
.PP
NSS is maintained in conjunction with PKI and security\-related projects through Mozilla and Fedora\&. The most closely\-related project is Dogtag PKI, with a project wiki at

18
security/nss/doc/pp.xml
View File

@ -26,7 +26,7 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>pp -t type [-a] [-i input] [-o output]</command>
<command>pp -t type [-a] [-i input] [-o output] [-u] [-w]</command>
</cmdsynopsis>
</refsynopsisdiv>
@ -73,12 +73,26 @@
</varlistentry>
<varlistentry>
<term><option>-u </option> <replaceable>outputfile</replaceable></term>
<term><option>-o </option> <replaceable>outputfile</replaceable></term>
<listitem>
<simpara>Define an output file to use (default is stdout)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-u </option> </term>
<listitem>
<simpara>Use UTF-8 (default is to show non-ascii as .)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-w </option> </term>
<listitem>
<simpara>Don't wrap long output lines</simpara>
</listitem>
</varlistentry>
</variablelist>
</refsection>

8
security/nss/lib/certdb/cert.h
View File

@ -1167,7 +1167,7 @@ CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
/* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
extern CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
SECItem *encodedExtension);
const SECItem *encodedExtension);
extern CERTPrivKeyUsagePeriod *
CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue);
@ -1561,6 +1561,12 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena,
extern CERTGeneralName *
CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type);
/*
* Lookup a CERTGeneralNameType constant by its human readable string.
*/
extern CERTGeneralNameType
CERT_GetGeneralNameTypeFromString(const char *string);
/*
* PKIX extension encoding routines
*/

3
security/nss/lib/certdb/genname.h
View File

@ -26,9 +26,6 @@ cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName);
extern SECStatus
cert_DestroyGeneralNames(CERTGeneralName *name);
extern CERTGeneralNameType
CERT_GetGeneralNameTypeFromString(const char *string);
extern SECStatus
cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
SECItem *dest);

2
security/nss/lib/certdb/xconst.c
View File

@ -226,7 +226,7 @@ CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
CERTAuthInfoAccess **
CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
SECItem *encodedExtension)
const SECItem *encodedExtension)
{
CERTAuthInfoAccess **info = NULL;
SECStatus rv;

68
security/nss/lib/certhigh/certvfypkix.c
View File

@ -27,20 +27,6 @@
extern PRLogModuleInfo *pkixLog;
#ifdef DEBUG_volkov
/* Temporary declarations of functioins. Will be removed with fix for
* 391183 */
extern char *
pkix_Error2ASCII(PKIX_Error *error, void *plContext);
extern void
cert_PrintCert(PKIX_PL_Cert *pkixCert, void *plContext);
extern PKIX_Error *
cert_PrintCertChain(PKIX_List *pkixCertChain, void *plContext);
#endif /* DEBUG */
#ifdef PKIX_OBJECT_LEAK_TEST
extern PKIX_UInt32
@ -898,11 +884,6 @@ cert_GetLogFromVerifyNode(
if (children == NULL) {
PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT;
if (node->error && node->error->errCode != errCode) {
#ifdef DEBUG_volkov
char *string = pkix_Error2ASCII(node->error, plContext);
fprintf(stderr, "Branch search finished with error: \t%s\n", string);
PKIX_PL_Free(string, NULL);
#endif
if (log != NULL) {
SECErrorCodes nssErrorCode = 0;
CERTCertificate *cert = NULL;
@ -1003,9 +984,6 @@ cert_GetBuildResults(
PKIX_TrustAnchor *trustAnchor = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_List *pkixCertChain = NULL;
#ifdef DEBUG_volkov
PKIX_Error *tmpPkixError = NULL;
#endif /* DEBUG */
PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults");
if (buildResult == NULL && error == NULL) {
@ -1014,11 +992,6 @@ cert_GetBuildResults(
if (error) {
SECErrorCodes nssErrorCode = 0;
#ifdef DEBUG_volkov
char *temp = pkix_Error2ASCII(error, plContext);
fprintf(stderr, "BUILD ERROR:\n%s\n", temp);
PKIX_PL_Free(temp, NULL);
#endif /* DEBUG */
if (verifyNode) {
PKIX_Error *tmpError =
cert_GetLogFromVerifyNode(log, verifyNode, plContext);
@ -1037,13 +1010,6 @@ cert_GetBuildResults(
plContext),
PKIX_BUILDRESULTGETCERTCHAINFAILED);
#ifdef DEBUG_volkov
tmpPkixError = cert_PrintCertChain(pkixCertChain, plContext);
if (tmpPkixError) {
PKIX_PL_Object_DecRef((PKIX_PL_Object*)tmpPkixError, plContext);
}
#endif
PKIX_CHECK(
cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext),
PKIX_CERTCHAINTONSSCHAINFAILED);
@ -1065,12 +1031,6 @@ cert_GetBuildResults(
plContext),
PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
#ifdef DEBUG_volkov
if (pvalidChain == NULL) {
cert_PrintCert(trustedCert, plContext);
}
#endif
PKIX_CHECK(
PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot,
plContext),
@ -1158,10 +1118,6 @@ cert_VerifyCertChainPkix(
SECStatus rv = SECFailure;
void *plContext = NULL;
#ifdef DEBUG_volkov
CERTCertificate *trustedRoot = NULL;
CERTCertList *validChain = NULL;
#endif /* DEBUG */
#ifdef PKIX_OBJECT_LEAK_TEST
int leakedObjNum = 0;
@ -1196,10 +1152,6 @@ do {
result = NULL;
verifyNode = NULL;
error = NULL;
#ifdef DEBUG_volkov
trustedRoot = NULL;
validChain = NULL;
#endif /* DEBUG */
errorGenerated = PKIX_FALSE;
stackPosition = 0;
@ -1242,29 +1194,11 @@ do {
rv = SECSuccess;
cleanup:
error = cert_GetBuildResults(result, verifyNode, error, log,
#ifdef DEBUG_volkov
&trustedRoot, &validChain,
#else
NULL, NULL,
#endif /* DEBUG */
error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
plContext);
if (error) {
#ifdef DEBUG_volkov
char *temp = pkix_Error2ASCII(error, plContext);
fprintf(stderr, "GET BUILD RES ERRORS:\n%s\n", temp);
PKIX_PL_Free(temp, NULL);
#endif /* DEBUG */
PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
}
#ifdef DEBUG_volkov
if (trustedRoot) {
CERT_DestroyCertificate(trustedRoot);
}
if (validChain) {
CERT_DestroyCertList(validChain);
}
#endif /* DEBUG */
if (procParams) {
PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
}

206
security/nss/lib/certhigh/certvfypkixprint.c
View File

@ -1,206 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* nss_pkix_proxy.h
*
* PKIX - NSS proxy functions
*
*/
#include "cert.h"
#include "pkix_pl_common.h"
#ifdef DEBUG
char *
pkix_Error2ASCII(PKIX_Error *error, void *plContext)
{
PKIX_UInt32 length;
char *asciiString = NULL;
PKIX_PL_String *pkixString = NULL;
PKIX_Error *errorResult = NULL;
errorResult = PKIX_PL_Object_ToString
((PKIX_PL_Object*)error, &pkixString, plContext);
if (errorResult) goto cleanup;
errorResult = PKIX_PL_String_GetEncoded
(pkixString,
PKIX_ESCASCII,
(void **)&asciiString,
&length,
plContext);
cleanup:
if (pkixString){
if (PKIX_PL_Object_DecRef
((PKIX_PL_Object*)pkixString, plContext)){
return (NULL);
}
}
if (errorResult){
PKIX_PL_Object_DecRef((PKIX_PL_Object*)errorResult, plContext);
return (NULL);
}
return (asciiString);
}
char *
pkix_Object2ASCII(PKIX_PL_Object *object)
{
PKIX_UInt32 length;
char *asciiString = NULL;
PKIX_PL_String *pkixString = NULL;
PKIX_Error *errorResult = NULL;
errorResult = PKIX_PL_Object_ToString
(object, &pkixString, NULL);
if (errorResult) goto cleanup;
errorResult = PKIX_PL_String_GetEncoded
(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
cleanup:
if (pkixString){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixString, NULL)){
return (NULL);
}
}
if (errorResult){
return (NULL);
}
return (asciiString);
}
char *
pkix_Cert2ASCII(PKIX_PL_Cert *cert)
{
PKIX_PL_X500Name *issuer = NULL;
void *issuerAscii = NULL;
PKIX_PL_X500Name *subject = NULL;
void *subjectAscii = NULL;
void *asciiString = NULL;
PKIX_Error *errorResult = NULL;
PKIX_UInt32 numChars;
PKIX_UInt32 refCount = 0;
/* Issuer */
errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
if (errorResult) goto cleanup;
issuerAscii = pkix_Object2ASCII((PKIX_PL_Object*)issuer);
/* Subject */
errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
if (errorResult) goto cleanup;
if (subject){
subjectAscii = pkix_Object2ASCII((PKIX_PL_Object*)subject);
}
/* errorResult = PKIX_PL_Object_GetRefCount((PKIX_PL_Object*)cert, &refCount, NULL); */
if (errorResult) goto cleanup;
errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
if (errorResult) goto cleanup;
numChars =
PR_snprintf
(asciiString,
200,
"Ref: %d Subject=%s\nIssuer=%s\n",
refCount,
subjectAscii,
issuerAscii);
if (!numChars) goto cleanup;
cleanup:
if (issuer){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)issuer, NULL)){
return (NULL);
}
}
if (subject){
if (PKIX_PL_Object_DecRef((PKIX_PL_Object*)subject, NULL)){
return (NULL);
}
}
if (PKIX_PL_Free((PKIX_PL_Object*)issuerAscii, NULL)){
return (NULL);
}
if (PKIX_PL_Free((PKIX_PL_Object*)subjectAscii, NULL)){
return (NULL);
}
if (errorResult){
return (NULL);
}
return (asciiString);
}
PKIX_Error *
cert_PrintCertChain(
PKIX_List *pkixCertChain,
void *plContext)
{
PKIX_PL_Cert *cert = NULL;
PKIX_UInt32 numCerts = 0, i = 0;
char *asciiResult = NULL;
PKIX_ENTER(CERTVFYPKIX, "cert_PrintCertChain");
PKIX_CHECK(
PKIX_List_GetLength(pkixCertChain, &numCerts, plContext),
PKIX_LISTGETLENGTHFAILED);
fprintf(stderr, "\n");
for (i = 0; i < numCerts; i++){
PKIX_CHECK
(PKIX_List_GetItem
(pkixCertChain, i, (PKIX_PL_Object**)&cert, plContext),
PKIX_LISTGETITEMFAILED);
asciiResult = pkix_Cert2ASCII(cert);
fprintf(stderr, "CERT[%d]:\n%s\n", i, asciiResult);
PKIX_PL_Free(asciiResult, plContext);
asciiResult = NULL;
PKIX_DECREF(cert);
}
cleanup:
PKIX_DECREF(cert);
PKIX_RETURN(CERTVFYPKIX);
}
void
cert_PrintCert(
PKIX_PL_Cert *pkixCert,
void *plContext)
{
char *asciiResult = NULL;
asciiResult = pkix_Cert2ASCII(pkixCert);
fprintf(stderr, "CERT[0]:\n%s\n", asciiResult);
PKIX_PL_Free(asciiResult, plContext);
}
#endif /* DEBUG */

1
security/nss/lib/certhigh/manifest.mn
View File

@ -25,7 +25,6 @@ CSRCS = \
certhigh.c \
certvfy.c \
certvfypkix.c \
certvfypkixprint.c \
xcrldist.c \
$(NULL)

36
security/nss/lib/ckfw/builtins/bfind.c
View File

@ -183,7 +183,16 @@ nss_builtins_FindObjectsInit
NSSArena *arena;
NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
builtinsInternalObject **temp = (builtinsInternalObject **)NULL;
/*
* 99% of the time we get 0 or 1 matches. So we start with a small
* stack-allocated array to hold the matches and switch to a heap-allocated
* array later if the number of matches exceeds STACK_BUF_LENGTH.
*/
#define STACK_BUF_LENGTH 1
builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
builtinsInternalObject **temp = stackTemp;
PRBool tempIsHeapAllocated = PR_FALSE;
PRUint32 i;
arena = NSSArena_Create();
@ -211,17 +220,24 @@ nss_builtins_FindObjectsInit
rv->Next = builtins_mdFindObjects_Next;
rv->null = (void *)NULL;
temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
nss_builtins_nObjects);
if( (builtinsInternalObject **)NULL == temp ) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
for( i = 0; i < nss_builtins_nObjects; i++ ) {
builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
if( CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o) ) {
if( fo->n == STACK_BUF_LENGTH ) {
/* Switch from the small stack array to a heap-allocated array large
* enough to handle matches in all remaining cases. */
temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
fo->n + nss_builtins_nObjects - i);
if( (builtinsInternalObject **)NULL == temp ) {
*pError = CKR_HOST_MEMORY;
goto loser;
}
tempIsHeapAllocated = PR_TRUE;
(void)nsslibc_memcpy(temp, stackTemp,
sizeof(builtinsInternalObject *) * fo->n);
}
temp[ fo->n ] = o;
fo->n++;
}
@ -234,13 +250,17 @@ nss_builtins_FindObjectsInit
}
(void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
if (tempIsHeapAllocated) {
nss_ZFreeIf(temp);
temp = (builtinsInternalObject **)NULL;
}
return rv;
loser:
if (tempIsHeapAllocated) {
nss_ZFreeIf(temp);
}
nss_ZFreeIf(fo);
nss_ZFreeIf(rv);
if ((NSSArena *)NULL != arena) {

6
security/nss/lib/ckfw/builtins/nssckbi.h
View File

@ -44,9 +44,9 @@
* whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 98
#define NSS_BUILTINS_LIBRARY_VERSION "1.98"
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1
#define NSS_BUILTINS_LIBRARY_VERSION "2.1"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

2
security/nss/lib/crmf/respcli.c
View File

@ -92,12 +92,14 @@ CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
return NULL;
}
certResponse = PORT_ZNew(CMMFCertResponse);
if (certResponse){
rv = cmmf_CopyCertResponse(NULL, certResponse,
inCertRepContent->response[inIndex]);
if (rv != SECSuccess) {
CMMF_DestroyCertResponse(certResponse);
certResponse = NULL;
}
}
return certResponse;
}

2
security/nss/lib/crmf/servget.c
View File

@ -597,7 +597,7 @@ CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
if (destKey == NULL) {
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_popoprivkey(NULL,

2
security/nss/lib/cryptohi/secsign.c
View File

@ -445,11 +445,11 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break;
case SEC_OID_MD5:
sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break;
case SEC_OID_UNKNOWN: /* default for RSA if not specified */
case SEC_OID_SHA1:
sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break;
case SEC_OID_SHA224:
sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break;
case SEC_OID_UNKNOWN: /* default for RSA if not specified */
case SEC_OID_SHA256:
sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break;
case SEC_OID_SHA384:

200
security/nss/lib/cryptohi/secvfy.c
View File

@ -12,78 +12,111 @@
#include "secasn1.h"
#include "secoid.h"
#include "pk11func.h"
#include "pkcs1sig.h"
#include "secdig.h"
#include "secerr.h"
#include "keyi.h"
/*
** Decrypt signature block using public key
** Store the hash algorithm oid tag in *tagp
** Store the digest in the digest buffer
** Store the digest length in *digestlen
** Recover the DigestInfo from an RSA PKCS#1 signature.
**
** If givenDigestAlg != SEC_OID_UNKNOWN, copy givenDigestAlg to digestAlgOut.
** Otherwise, parse the DigestInfo structure and store the decoded digest
** algorithm into digestAlgOut.
**
** Store the encoded DigestInfo into digestInfo.
** Store the DigestInfo length into digestInfoLen.
**
** This function does *not* verify that the AlgorithmIdentifier in the
** DigestInfo identifies givenDigestAlg or that the DigestInfo is encoded
** correctly; verifyPKCS1DigestInfo does that.
**
** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION
*/
static SECStatus
DecryptSigBlock(SECOidTag *tagp, unsigned char *digest,
unsigned int *digestlen, unsigned int maxdigestlen,
SECKEYPublicKey *key, const SECItem *sig, char *wincx)
recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
/*out*/ SECOidTag* digestAlgOut,
/*out*/ unsigned char** digestInfo,
/*out*/ unsigned int* digestInfoLen,
SECKEYPublicKey* key,
const SECItem* sig, void* wincx)
{
SGNDigestInfo *di = NULL;
unsigned char *buf = NULL;
SECStatus rv;
SECOidTag tag;
SGNDigestInfo* di = NULL;
SECItem it;
PRBool rv = SECSuccess;
if (key == NULL) goto loser;
PORT_Assert(digestAlgOut);
PORT_Assert(digestInfo);
PORT_Assert(digestInfoLen);
PORT_Assert(key);
PORT_Assert(key->keyType == rsaKey);
PORT_Assert(sig);
it.data = NULL;
it.len = SECKEY_PublicKeyStrength(key);
if (!it.len) goto loser;
it.data = buf = (unsigned char *)PORT_Alloc(it.len);
if (!buf) goto loser;
/* decrypt the block */
rv = PK11_VerifyRecover(key, (SECItem *)sig, &it, wincx);
if (rv != SECSuccess) goto loser;
di = SGN_DecodeDigestInfo(&it);
if (di == NULL) goto sigloser;
/*
** Finally we have the digest info; now we can extract the algorithm
** ID and the signature block
*/
tag = SECOID_GetAlgorithmTag(&di->digestAlgorithm);
/* Check that tag is an appropriate algorithm */
if (tag == SEC_OID_UNKNOWN) {
goto sigloser;
if (it.len != 0) {
it.data = (unsigned char *)PORT_Alloc(it.len);
}
/* make sure the "parameters" are not too bogus. */
if (di->digestAlgorithm.parameters.len > 2) {
goto sigloser;
}
if (di->digest.len > maxdigestlen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
goto loser;
}
PORT_Memcpy(digest, di->digest.data, di->digest.len);
*tagp = tag;
*digestlen = di->digest.len;
goto done;
sigloser:
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
loser:
if (it.len == 0 || it.data == NULL ) {
rv = SECFailure;
}
done:
if (di != NULL) SGN_DestroyDigestInfo(di);
if (buf != NULL) PORT_Free(buf);
if (rv == SECSuccess) {
/* decrypt the block */
rv = PK11_VerifyRecover(key, sig, &it, wincx);
}
if (rv == SECSuccess) {
if (givenDigestAlg != SEC_OID_UNKNOWN) {
/* We don't need to parse the DigestInfo if the caller gave us the
* digest algorithm to use. Later verifyPKCS1DigestInfo will verify
* that the DigestInfo identifies the given digest algorithm and
* that the DigestInfo is encoded absolutely correctly.
*/
*digestInfoLen = it.len;
*digestInfo = (unsigned char*)it.data;
*digestAlgOut = givenDigestAlg;
return SECSuccess;
}
}
if (rv == SECSuccess) {
/* The caller didn't specify a digest algorithm to use, so choose the
* digest algorithm by parsing the AlgorithmIdentifier within the
* DigestInfo.
*/
di = SGN_DecodeDigestInfo(&it);
if (!di) {
rv = SECFailure;
}
}
if (rv == SECSuccess) {
*digestAlgOut = SECOID_GetAlgorithmTag(&di->digestAlgorithm);
if (*digestAlgOut == SEC_OID_UNKNOWN) {
rv = SECFailure;
}
}
if (di) {
SGN_DestroyDigestInfo(di);
}
if (rv == SECSuccess) {
*digestInfoLen = it.len;
*digestInfo = (unsigned char*)it.data;
} else {
if (it.data) {
PORT_Free(it.data);
}
*digestInfo = NULL;
*digestInfoLen = 0;
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
}
return rv;
}
struct VFYContextStr {
SECOidTag hashAlg; /* the hash algorithm */
SECKEYPublicKey *key;
@ -99,14 +132,14 @@ struct VFYContextStr {
union {
unsigned char buffer[1];
/* the digest in the decrypted RSA signature */
unsigned char rsadigest[HASH_LENGTH_MAX];
/* the full DSA signature... 40 bytes */
unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
/* the full ECDSA signature */
unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
} u;
unsigned int rsadigestlen;
unsigned int pkcs1RSADigestInfoLen;
/* the encoded DigestInfo from a RSA PKCS#1 signature */
unsigned char *pkcs1RSADigestInfo;
void * wincx;
void *hashcx;
const SECHashObject *hashobj;
@ -117,6 +150,17 @@ struct VFYContextStr {
* VFY_EndWithSignature call. */
};
static SECStatus
verifyPKCS1DigestInfo(const VFYContext* cx, const SECItem* digest)
{
SECItem pkcs1DigestInfo;
pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
return _SGN_VerifyPKCS1DigestInfo(
cx->hashAlg, digest, &pkcs1DigestInfo,
PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
}
/*
* decode the ECDSA or DSA signature from it's DER wrapping.
* The unwrapped/raw signature is placed in the buffer pointed
@ -376,16 +420,16 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
cx->encAlg = encAlg;
cx->hashAlg = hashAlg;
cx->key = SECKEY_CopyPublicKey(key);
cx->pkcs1RSADigestInfo = NULL;
rv = SECSuccess;
if (sig) {
switch (type) {
case rsaKey:
rv = DecryptSigBlock(&cx->hashAlg, cx->u.buffer, &cx->rsadigestlen,
HASH_LENGTH_MAX, cx->key, sig, (char*)wincx);
if (cx->hashAlg != hashAlg && hashAlg != SEC_OID_UNKNOWN) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
}
rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
&cx->pkcs1RSADigestInfo,
&cx->pkcs1RSADigestInfoLen,
cx->key,
sig, wincx);
break;
case dsaKey:
case ecKey:
@ -469,6 +513,9 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit)
if (cx->key) {
SECKEY_DestroyPublicKey(cx->key);
}
if (cx->pkcs1RSADigestInfo) {
PORT_Free(cx->pkcs1RSADigestInfo);
}
if (freeit) {
PORT_ZFree(cx, sizeof(VFYContext));
}
@ -548,21 +595,25 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
}
break;
case rsaKey:
{
SECItem digest;
digest.data = final;
digest.len = part;
if (sig) {
SECOidTag hashid = SEC_OID_UNKNOWN;
rv = DecryptSigBlock(&hashid, cx->u.buffer, &cx->rsadigestlen,
HASH_LENGTH_MAX, cx->key, sig, (char*)cx->wincx);
if ((rv != SECSuccess) || (hashid != cx->hashAlg)) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
SECOidTag hashid;
PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
&cx->pkcs1RSADigestInfo,
&cx->pkcs1RSADigestInfoLen,
cx->key,
sig, cx->wincx);
PORT_Assert(cx->hashAlg == hashid);
if (rv != SECSuccess) {
return SECFailure;
}
}
if ((part != cx->rsadigestlen) ||
PORT_Memcmp(final, cx->u.buffer, part)) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
return SECFailure;
return verifyPKCS1DigestInfo(cx, &digest);
}
break;
default:
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
return SECFailure; /* shouldn't happen */
@ -595,12 +646,7 @@ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
if (cx != NULL) {
switch (key->keyType) {
case rsaKey:
if ((digest->len != cx->rsadigestlen) ||
PORT_Memcmp(digest->data, cx->u.buffer, digest->len)) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
} else {
rv = SECSuccess;
}
rv = verifyPKCS1DigestInfo(cx, digest);
break;
case dsaKey:
case ecKey:

10
security/nss/lib/freebl/Makefile
View File

@ -141,6 +141,9 @@ else
DEFINES += -DUSE_HW_AES -DINTEL_GCM
ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm
EXTRA_SRCS += intel-gcm-wrap.c
ifeq ($(CLANG_CL),1)
INTEL_GCM_CLANG_CL = 1
endif
endif
endif
else
@ -668,3 +671,10 @@ ifneq (,$(findstring clang,$(shell $(AS) --version)))
$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as
endif
endif
ifdef INTEL_GCM_CLANG_CL
#
# clang-cl needs -mssse3
#
$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
endif

1
security/nss/lib/freebl/cts.c
View File

@ -239,7 +239,6 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
return SECSuccess;
}
outbuf += fullblocks;
maxout -= fullblocks;
/* recover the stolen text */
PORT_Memset(lastBlock, 0, blocksize);

5
security/nss/lib/freebl/ec.c
View File

@ -870,6 +870,11 @@ cleanup:
/*
** Checks the signature on the given digest using the key provided.
**
** The key argument must represent a valid EC public key (a point on
** the relevant curve). If it is not a valid point, then the behavior
** of this function is undefined. In cases where a public key might
** not be valid, use EC_ValidatePublicKey to check.
*/
SECStatus
ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,

2
security/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
View File

@ -7863,13 +7863,13 @@ s_mp_sqr_comba_4 PROC
mov rsi, rdx
push rbp
push rbx
sub rsp, 80
mov r11, rsi
xor esi, esi
mov r10, rsi
mov rbp, rsi
mov r8, rsi
push rbx
mov rbx, rsi
mov rcx, qword ptr [16+rdi]
mov rdi, rsi

27
security/nss/lib/freebl/rsa.c
View File

@ -97,7 +97,7 @@ static struct RSABlindingParamsListStr blindingParamsList = { 0 };
static PRBool nssRSAUseBlinding = PR_TRUE;
static SECStatus
rsa_build_from_primes(mp_int *p, mp_int *q,
rsa_build_from_primes(const mp_int *p, const mp_int *q,
mp_int *e, PRBool needPublicExponent,
mp_int *d, PRBool needPrivateExponent,
RSAPrivateKey *key, unsigned int keySizeInBits)
@ -116,6 +116,12 @@ rsa_build_from_primes(mp_int *p, mp_int *q,
CHECK_MPI_OK( mp_init(&psub1) );
CHECK_MPI_OK( mp_init(&qsub1) );
CHECK_MPI_OK( mp_init(&tmp) );
/* p and q must be distinct. */
if (mp_cmp(p, q) == 0) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
rv = SECFailure;
goto cleanup;
}
/* 1. Compute n = p*q */
CHECK_MPI_OK( mp_mul(p, q, &n) );
/* verify that the modulus has the desired number of bits */
@ -280,7 +286,11 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
PORT_SetError(0);
CHECK_SEC_OK( generate_prime(&p, primeLen) );
CHECK_SEC_OK( generate_prime(&q, primeLen) );
/* Assure q < p */
/* Assure p > q */
/* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
* implementation optimization that requires p > q. We can remove
* this code in the future.
*/
if (mp_cmp(&p, &q) < 0)
mp_exch(&p, &q);
/* Attempt to use these primes to generate a key */
@ -762,7 +772,11 @@ RSA_PopulatePrivateKey(RSAPrivateKey *key)
}
}
/* force p to the the larger prime */
/* Assure p > q */
/* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
* implementation optimization that requires p > q. We can remove
* this code in the future.
*/
if (mp_cmp(&p, &q) < 0)
mp_exch(&p, &q);
@ -1093,7 +1107,7 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
{
RSABlindingParams *rsabp = NULL;
blindingParams *bpUnlinked = NULL;
blindingParams *bp, *prevbp = NULL;
blindingParams *bp;
PRCList *el;
SECStatus rv = SECSuccess;
mp_err err = MP_OKAY;
@ -1183,7 +1197,6 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
}
/* We did not find a usable set of blinding params. Can we make one? */
/* Find a free bp struct. */
prevbp = NULL;
if ((bp = rsabp->free) != NULL) {
/* unlink this bp */
rsabp->free = bp->next;
@ -1400,8 +1413,8 @@ RSA_PrivateKeyCheck(const RSAPrivateKey *key)
SECITEM_TO_MPINT(key->exponent1, &d_p);
SECITEM_TO_MPINT(key->exponent2, &d_q);
SECITEM_TO_MPINT(key->coefficient, &qInv);
/* p > q */
if (mp_cmp(&p, &q) <= 0) {
/* p and q must be distinct. */
if (mp_cmp(&p, &q) == 0) {
rv = SECFailure;
goto cleanup;
}

2
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
View File

@ -122,7 +122,7 @@ pkix_pl_CrlDp_Create(
if (!rdnArena) {
PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
}
issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName*);
issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName);
if (!issuerNameCopy) {
PKIX_ERROR(PKIX_ALLOCERROR);
}

6
security/nss/lib/nss/nss.def
View File

@ -1062,3 +1062,9 @@ PK11_PrivDecrypt;
;+ local:
;+ *;
;+};
;+NSS_3.18 { # NSS 3.18 release
;+ global:
PK11_SetCertificateNickname;
;+ local:
;+ *;
;+};

4
security/nss/lib/nss/nss.h
View File

@ -33,9 +33,9 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.16.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.17.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 16
#define NSS_VMINOR 17
#define NSS_VPATCH 2
#define NSS_VBUILD 1
#define NSS_BETA PR_FALSE

6
security/nss/lib/pk11wrap/dev3hack.c
View File

@ -92,14 +92,14 @@ nssSession_Destroy
nssSession *s
)
{
CK_RV ckrv = CKR_OK;
PRStatus rv = PR_SUCCESS;
if (s) {
if (s->isRW) {
PK11_RestoreROSession(s->slot->pk11slot, s->handle);
}
nss_ZFreeIf(s);
rv = nss_ZFreeIf(s);
}
return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
return rv;
}
static NSSSlot *

16
security/nss/lib/pk11wrap/pk11cert.c
View File

@ -982,12 +982,10 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
*/
nssPKIObject_AddInstance(&c->object, certobj);
/* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
* replace 'c' by a different value. So we add a reference to 'c' to
* replace 'c' with a different value. So we add a reference to 'c' to
* prevent 'c' from being destroyed. */
nssCertificate_AddRef(c);
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
/* XXX should we pass the original value of 'c' to
* STAN_ForceCERTCertificateUpdate? */
(void)STAN_ForceCERTCertificateUpdate(c);
nssCertificate_Destroy(c);
SECITEM_FreeItem(keyID,PR_TRUE);
@ -2155,7 +2153,6 @@ PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, const SECItem *inDerCert,
{
NSSDER derCert;
NSSToken *tok;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
nssCryptokiObject *co = NULL;
SECStatus rv;
@ -2689,3 +2686,14 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg)
nssCryptokiObjectArray_Destroy(instances);
return slotList;
}
SECStatus
PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname)
{
/* Can't set nickname of temp cert. */
if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) {
return SEC_ERROR_INVALID_ARGS;
}
return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname);
}

2
security/nss/lib/pk11wrap/pk11pub.h
View File

@ -458,6 +458,8 @@ SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey,
const char *nickname);
SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey,
const char *nickname);
SECStatus PK11_SetCertificateNickname(CERTCertificate *cert,
const char *nickname);
/* size to hold key in bytes */
unsigned int PK11_GetKeyLength(PK11SymKey *key);

2
security/nss/lib/pk11wrap/pk11util.c
View File

@ -1185,7 +1185,7 @@ end_wait:
SECStatus
SECMOD_CancelWait(SECMODModule *mod)
{
unsigned long controlMask = mod->evControlMask;
unsigned long controlMask;
SECStatus rv = SECSuccess;
CK_RV crv;

2
security/nss/lib/softoken/legacydb/lowcert.c
View File

@ -447,7 +447,7 @@ nsslowcert_EmailName(SECItem *derDN, char *space, unsigned int len)
name=nsslowcert_dataStart(ava, ava_length, &name_length, PR_FALSE,
NULL);
if (oid == NULL) { return NULL; }
if (name == NULL) { return NULL; }
ava_length -= (name-ava)+name_length;
ava = name+name_length;

6
security/nss/lib/softoken/legacydb/pcertdb.c
View File

@ -4733,7 +4733,6 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue
SECItem *sn = &issuerAndSN->serialNumber;
SECItem *issuer = &issuerAndSN->derIssuer;
NSSLOWCERTCertificate *cert;
int data_left = sn->len-1;
int data_len = sn->len;
int index = 0;
@ -4743,7 +4742,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue
if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
/* remove the der encoding of the serial number before generating the
* key.. */
data_left = sn->len-2;
int data_left = sn->len-2;
data_len = sn->data[1];
index = 2;
@ -4818,7 +4817,6 @@ nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle,
SECItem *issuer = &issuerAndSN->derIssuer;
NSSLOWCERTTrust *trust;
unsigned char keyBuf[512];
int data_left = sn->len-1;
int data_len = sn->len;
int index = 0;
int len;
@ -4829,7 +4827,7 @@ nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle,
if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
/* remove the der encoding of the serial number before generating the
* key.. */
data_left = sn->len-2;
int data_left = sn->len-2;
data_len = sn->data[1];
index = 2;

11
security/nss/lib/softoken/pkcs11.c
View File

@ -969,6 +969,17 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
}
object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey;
/* Check that an imported EC key is valid */
if (key_type == CKK_EC) {
NSSLOWKEYPublicKey *pubKey = (NSSLOWKEYPublicKey*) object->objectInfo;
SECStatus rv = EC_ValidatePublicKey(&pubKey->u.ec.ecParams,
&pubKey->u.ec.publicValue);
if (rv != SECSuccess) {
return CKR_TEMPLATE_INCONSISTENT;
}
}
if (sftk_isTrue(object,CKA_TOKEN)) {
SFTKSlot *slot = session->slot;
SFTKDBHandle *certHandle = sftk_getCertDB(slot);

74
security/nss/lib/softoken/pkcs11c.c
View File

@ -23,6 +23,7 @@
#include "blapi.h"
#include "pkcs11.h"
#include "pkcs11i.h"
#include "pkcs1sig.h"
#include "lowkeyi.h"
#include "secder.h"
#include "secdig.h"
@ -2856,65 +2857,42 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, const unsigned char *sig,
}
SECStatus
RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
RSA_HashCheckSign(SECOidTag digestOid, NSSLOWKEYPublicKey *key,
const unsigned char *sig, unsigned int sigLen,
const unsigned char *hash, unsigned int hashLen)
const unsigned char *digestData, unsigned int digestLen)
{
SECItem it;
SGNDigestInfo *di = NULL;
SECStatus rv = SECSuccess;
unsigned char *pkcs1DigestInfoData;
SECItem pkcs1DigestInfo;
SECItem digest;
unsigned int bufferSize;
SECStatus rv;
it.data = NULL;
it.len = nsslowkey_PublicModulusLen(key);
if (!it.len) {
goto loser;
/* pkcs1DigestInfo.data must be less than key->u.rsa.modulus.len */
bufferSize = key->u.rsa.modulus.len;
pkcs1DigestInfoData = PORT_ZAlloc(bufferSize);
if (!pkcs1DigestInfoData) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
}
it.data = (unsigned char *)PORT_Alloc(it.len);
if (it.data == NULL) {
goto loser;
}
pkcs1DigestInfo.data = pkcs1DigestInfoData;
pkcs1DigestInfo.len = bufferSize;
/* decrypt the block */
rv = RSA_CheckSignRecover(&key->u.rsa, it.data, &it.len, it.len, sig,
sigLen);
rv = RSA_CheckSignRecover(&key->u.rsa, pkcs1DigestInfo.data,
&pkcs1DigestInfo.len, pkcs1DigestInfo.len,
sig, sigLen);
if (rv != SECSuccess) {
goto loser;
}
di = SGN_DecodeDigestInfo(&it);
if (di == NULL) {
goto loser;
}
if (di->digest.len != hashLen) {
goto loser;
}
/* make sure the tag is OK */
if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) {
goto loser;
}
/* make sure the "parameters" are not too bogus. */
if (di->digestAlgorithm.parameters.len > 2) {
goto loser;
}
/* Now check the signature */
if (PORT_Memcmp(hash, di->digest.data, di->digest.len) == 0) {
goto done;
}
loser:
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
done:
if (it.data != NULL) {
PORT_Free(it.data);
}
if (di != NULL) {
SGN_DestroyDigestInfo(di);
} else {
digest.data = (PRUint8*) digestData;
digest.len = digestLen;
rv = _SGN_VerifyPKCS1DigestInfo(
digestOid, &digest, &pkcs1DigestInfo,
PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
}
PORT_Free(pkcs1DigestInfoData);
return rv;
}

4
security/nss/lib/softoken/softkver.h
View File

@ -25,9 +25,9 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.16.2.1" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.17.2.1" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 16
#define SOFTOKEN_VMINOR 17
#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 1
#define SOFTOKEN_BETA PR_FALSE

4
security/nss/lib/ssl/SSLerrs.h
View File

@ -418,3 +418,7 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
"The server supports no protocols that the client advertises in the ALPN extension.")
ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
"The server rejected the handshake because the client downgraded to a lower "
"TLS version than the server supports.")

5
security/nss/lib/ssl/config.mk
View File

@ -7,6 +7,11 @@ ifdef NISCC_TEST
DEFINES += -DNISCC_TEST
endif
# Allow build-time configuration of TLS 1.3 (Experimental)
ifdef NSS_ENABLE_TLS_1_3
DEFINES += -DNSS_ENABLE_TLS_1_3
endif
ifdef NSS_NO_PKCS11_BYPASS
DEFINES += -DNO_PKCS11_BYPASS
else

7
security/nss/lib/ssl/dtlscon.c
View File

@ -52,6 +52,7 @@ static const ssl3CipherSuite nonDTLSSuites[] = {
* TLS DTLS
* 1.1 (0302) 1.0 (feff)
* 1.2 (0303) 1.2 (fefd)
* 1.3 (0304) 1.3 (fefc)
*/
SSL3ProtocolVersion
dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
@ -62,6 +63,9 @@ dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
}
if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
}
/* Anything other than TLS 1.1 or 1.2 is an error, so return
* the invalid version 0xffff. */
@ -85,6 +89,9 @@ dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
return SSL_LIBRARY_VERSION_TLS_1_2;
}
if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
return SSL_LIBRARY_VERSION_TLS_1_3;
}
/* Return a fictional higher version than we know of */
return SSL_LIBRARY_VERSION_TLS_1_2 + 1;

9
security/nss/lib/ssl/ssl.h
View File

@ -182,6 +182,15 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
*/
#define SSL_ENABLE_ALPN 26
/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
* reused for multiple handshakes or generated each time.
* SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
*/
#define SSL_REUSE_SERVER_ECDHE_KEY 27
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
* handshakes. */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);

63
security/nss/lib/ssl/ssl3con.c
View File

@ -215,7 +215,10 @@ compressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
return PR_TRUE; /* Always enabled */
#ifdef NSS_ENABLE_ZLIB
case ssl_compression_deflate:
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return ss->opt.enableDeflate;
}
return PR_FALSE;
#endif
default:
return PR_FALSE;
@ -637,14 +640,16 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_AES_256_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_GCM_SHA256:
case TLS_RSA_WITH_NULL_SHA256:
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
@ -669,10 +674,11 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0;
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
default:
return PR_TRUE;
return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
}
}
@ -3352,6 +3358,9 @@ ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
case certificate_unknown: error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
break;
case illegal_parameter: error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;break;
case inappropriate_fallback:
error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
break;
/* All alerts below are TLS only. */
case unknown_ca: error = SSL_ERROR_UNKNOWN_CA_ALERT; break;
@ -4873,6 +4882,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
int num_suites;
int actual_count = 0;
PRBool isTLS = PR_FALSE;
PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
PRInt32 total_exten_len = 0;
unsigned paddingExtensionLen;
unsigned numCompressionMethods;
@ -5015,6 +5025,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
if (sid) {
requestingResume = PR_TRUE;
SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
@ -5105,7 +5116,6 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
return SECFailure;
}
maxBytes -= extLen;
total_exten_len += extLen;
if (total_exten_len > 0)
@ -5129,8 +5139,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
return SECFailure; /* count_cipher_suites has set error code. */
}
fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
ss->version < sid->version);
/* make room for SCSV */
if (ss->ssl3.hs.sendingSCSV) {
++num_suites; /* make room for SCSV */
++num_suites;
}
if (fallbackSCSV) {
++num_suites;
}
/* count compression methods */
@ -5236,6 +5253,15 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
actual_count++;
}
if (fallbackSCSV) {
rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
@ -7711,12 +7737,31 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto loser; /* malformed */
}
/* If the ClientHello version is less than our maximum version, check for a
* TLS_FALLBACK_SCSV and reject the connection if found. */
if (ss->vrange.max > ss->clientHelloVersion) {
for (i = 0; i + 1 < suites.len; i += 2) {
PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
if (suite_i != TLS_FALLBACK_SCSV)
continue;
desc = inappropriate_fallback;
errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
goto alert_loser;
}
}
/* grab the list of compression methods. */
rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed */
}
/* TLS 1.3 requires that compression be empty */
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
goto loser;
}
}
desc = handshake_failure;
/* Handle TLS hello extensions for SSL3 & TLS. We do not know if
@ -9379,6 +9424,10 @@ skip:
}
rv = ssl3_HandleECDHClientKeyExchange(ss, b, length,
serverPubKey, serverKey);
if (ss->ephemeralECDHKeyPair) {
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
}
if (rv != SECSuccess) {
return SECFailure; /* error code set */
}

46
security/nss/lib/ssl/ssl3ecc.c
View File

@ -505,28 +505,21 @@ ssl3_ECRegister(void)
return (PRStatus)rv;
}
/* CallOnce function, called once for each named curve. */
static PRStatus
ssl3_CreateECDHEphemeralKeyPair(void * arg)
/* Create an ECDHE key pair for a given curve */
static SECStatus
ssl3_CreateECDHEphemeralKeyPair(ECName ec_curve, ssl3KeyPair** keyPair)
{
SECKEYPrivateKey * privKey = NULL;
SECKEYPublicKey * pubKey = NULL;
ssl3KeyPair * keyPair = NULL;
ECName ec_curve = (ECName)arg;
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
/* ok, no one has generated a global key for this curve yet, do so */
if (ssl3_ECName2Params(NULL, ec_curve, &ecParams) != SECSuccess) {
gECDHEKeyPairs[ec_curve].error = PORT_GetError();
return PR_FAILURE;
return SECFailure;
}
privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, NULL);
SECITEM_FreeItem(&ecParams, PR_FALSE);
if (!privKey || !pubKey || !(keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
if (!privKey || !pubKey || !(*keyPair = ssl3_NewKeyPair(privKey, pubKey))) {
if (privKey) {
SECKEY_DestroyPrivateKey(privKey);
}
@ -534,6 +527,23 @@ ssl3_CreateECDHEphemeralKeyPair(void * arg)
SECKEY_DestroyPublicKey(pubKey);
}
ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
return SECFailure;
}
return SECSuccess;
}
/* CallOnce function, called once for each named curve. */
static PRStatus
ssl3_CreateECDHEphemeralKeyPairOnce(void * arg)
{
ECName ec_curve = (ECName)arg;
ssl3KeyPair * keyPair = NULL;
PORT_Assert(gECDHEKeyPairs[ec_curve].pair == NULL);
/* ok, no one has generated a global key for this curve yet, do so */
if (ssl3_CreateECDHEphemeralKeyPair(ec_curve, &keyPair) != SECSuccess) {
gECDHEKeyPairs[ec_curve].error = PORT_GetError();
return PR_FAILURE;
}
@ -566,7 +576,7 @@ ssl3_CreateECDHEphemeralKeys(sslSocket *ss, ECName ec_curve)
return SECFailure;
}
status = PR_CallOnceWithArg(&gECDHEKeyPairs[ec_curve].once,
ssl3_CreateECDHEphemeralKeyPair,
ssl3_CreateECDHEphemeralKeyPairOnce,
(void *)ec_curve);
if (status != PR_SUCCESS) {
PORT_SetError(gECDHEKeyPairs[ec_curve].error);
@ -759,10 +769,16 @@ ssl3_SendECDHServerKeyExchange(
if (curve == ec_noName) {
goto loser;
}
if (ss->opt.reuseServerECDHEKey) {
rv = ssl3_CreateECDHEphemeralKeys(ss, curve);
if (rv != SECSuccess) {
goto loser; /* err set by AppendHandshake. */
} else {
rv = ssl3_CreateECDHEphemeralKeyPair(curve, &ss->ephemeralECDHKeyPair);
}
if (rv != SECSuccess) {
goto loser;
}
ecdhePub = ss->ephemeralECDHKeyPair->pubKey;
PORT_Assert(ecdhePub != NULL);
if (!ecdhePub) {

99
security/nss/lib/ssl/ssl3ext.c
View File

@ -82,6 +82,11 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
/*
* Write bytes. Using this function means the SECItem structure
* cannot be freed. The caller is expected to call this function
@ -245,6 +250,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
{ -1, NULL }
};
@ -286,7 +292,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
/* any extra entries will appear as { 0, NULL } */
};
@ -2421,3 +2428,93 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
return extensionLen;
}
/* ssl3_ClientSendDraftVersionXtn sends the TLS 1.3 temporary draft
* version extension.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
static PRInt32
ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
{
PRInt32 extension_length;
if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
return 0;
}
extension_length = 6; /* Type + length + number */
if (append && maxBytes >= extension_length) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
if (rv != SECSuccess)
goto loser;
rv = ssl3_AppendHandshakeNumber(ss, TLS_1_3_DRAFT_VERSION, 2);
if (rv != SECSuccess)
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_tls13_draft_version_xtn;
} else if (maxBytes < extension_length) {
PORT_Assert(0);
return 0;
}
return extension_length;
loser:
return -1;
}
/* ssl3_ServerHandleDraftVersionXtn handles the TLS 1.3 temporary draft
* version extension.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
static SECStatus
ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
SECItem *data)
{
PRInt32 draft_version;
/* Ignore this extension if we aren't doing TLS 1.3 */
if (ss->version != SSL_LIBRARY_VERSION_TLS_1_3) {
return SECSuccess;
}
if (data->len != 2)
goto loser;
/* Get the draft version out of the handshake */
draft_version = ssl3_ConsumeHandshakeNumber(ss, 2,
&data->data, &data->len);
if (draft_version < 0) {
goto loser;
}
/* Keep track of negotiated extensions. */
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
/* Compare the version */
if (draft_version != TLS_1_3_DRAFT_VERSION) {
SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), "
"expected %d",
SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION));
goto loser;
}
return SECSuccess;
loser:
/*
* Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2.
* TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back
* here. Need to double-check.
* TODO(ekr@rtfm.com): Currently we fall back even on broken extensions.
* because SECFailure does not cause handshake failures. See bug
* 753136.
*/
SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd));
ss->version = SSL_LIBRARY_VERSION_TLS_1_2;
return SECSuccess;
}

6
security/nss/lib/ssl/ssl3prot.h
View File

@ -14,6 +14,11 @@ typedef PRUint8 SSL3Opaque;
typedef PRUint16 SSL3ProtocolVersion;
/* version numbers are defined in sslproto.h */
/* The TLS 1.3 draft version. Used to avoid negotiating
* between incompatible pre-standard TLS 1.3 drafts.
* TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
#define TLS_1_3_DRAFT_VERSION 3
typedef PRUint16 ssl3CipherSuite;
/* The cipher suites are defined in sslproto.h */
@ -98,6 +103,7 @@ typedef enum {
protocol_version = 70,
insufficient_security = 71,
internal_error = 80,
inappropriate_fallback = 86, /* could also be sent for SSLv3 */
user_canceled = 90,
no_renegotiation = 100,

7
security/nss/lib/ssl/sslcon.c
View File

@ -428,7 +428,6 @@ ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey,
int cipherChoice)
{
switch (cipherChoice) {
case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
case SSL_CK_RC2_128_CBC_WITH_MD5:
case SSL_CK_RC4_128_EXPORT40_WITH_MD5:
@ -436,8 +435,10 @@ ssl2_CreateMAC(sslSecurityInfo *sec, SECItem *readKey, SECItem *writeKey,
case SSL_CK_DES_64_CBC_WITH_MD5:
case SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
sec->hash = HASH_GetHashObject(HASH_AlgMD5);
SECITEM_CopyItem(0, &sec->sendSecret, writeKey);
SECITEM_CopyItem(0, &sec->rcvSecret, readKey);
if (SECITEM_CopyItem(0, &sec->sendSecret, writeKey) ||
SECITEM_CopyItem(0, &sec->rcvSecret, readKey)) {
return SECFailure;
}
break;
default:

2
security/nss/lib/ssl/sslerr.h
View File

@ -196,6 +196,8 @@ SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK = (SSL_ERROR_BASE + 129),
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */

6
security/nss/lib/ssl/sslimpl.h
View File

@ -326,6 +326,8 @@ typedef struct sslOptionsStr {
unsigned int enableOCSPStapling : 1; /* 25 */
unsigned int enableNPN : 1; /* 26 */
unsigned int enableALPN : 1; /* 27 */
unsigned int reuseServerECDHEKey : 1; /* 28 */
unsigned int enableFallbackSCSV : 1; /* 29 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@ -1534,7 +1536,11 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch,
* runtime to determine which versions are supported by the version of libssl
* in use.
*/
#ifdef NSS_ENABLE_TLS_1_3
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
#else
#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
#endif
/* Rename this macro SSL_ALL_VERSIONS_DISABLED when SSL 2.0 is removed. */
#define SSL3_ALL_VERSIONS_DISABLED(vrange) \

9
security/nss/lib/ssl/sslproto.h
View File

@ -16,9 +16,12 @@
#define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
#define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
#define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
#define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
/* Note: this is the internal format, not the wire format */
#define SSL_LIBRARY_VERSION_DTLS_1_0 0x0302
#define SSL_LIBRARY_VERSION_DTLS_1_2 0x0303
#define SSL_LIBRARY_VERSION_DTLS_1_3 0x0304
/* deprecated old name */
#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
@ -26,6 +29,7 @@
/* The DTLS versions used in the spec */
#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE ((~0x0100) & 0xffff)
#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE ((~0x0102) & 0xffff)
#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE ((~0x0103) & 0xffff)
/* Header lengths of some of the messages */
#define SSL_HL_ERROR_HBYTES 3
@ -208,6 +212,11 @@
*/
#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0x00FF
/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
* handshake is the result of TLS version fallback.
*/
#define TLS_FALLBACK_SCSV 0x5600
/* Cipher Suite Values starting with 0xC000 are defined in informational
* RFCs.
*/

6
security/nss/lib/ssl/sslsecur.c
View File

@ -968,11 +968,9 @@ ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
ss->sec.hashcx = NULL;
}
SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret);
if (os->sec.sendSecret.data && !ss->sec.sendSecret.data)
if (SECITEM_CopyItem(0, &ss->sec.sendSecret, &os->sec.sendSecret))
goto loser;
SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret);
if (os->sec.rcvSecret.data && !ss->sec.rcvSecret.data)
if (SECITEM_CopyItem(0, &ss->sec.rcvSecret, &os->sec.rcvSecret))
goto loser;
/* XXX following code is wrong if either cx != 0 */

29
security/nss/lib/ssl/sslsock.c
View File

@ -80,7 +80,9 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* cbcRandomIV */
PR_FALSE, /* enableOCSPStapling */
PR_TRUE, /* enableNPN */
PR_FALSE /* enableALPN */
PR_FALSE, /* enableALPN */
PR_TRUE, /* reuseServerECDHEKey */
PR_FALSE /* enableFallbackSCSV */
};
/*
@ -784,6 +786,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.enableALPN = on;
break;
case SSL_REUSE_SERVER_ECDHE_KEY:
ss->opt.reuseServerECDHEKey = on;
break;
case SSL_ENABLE_FALLBACK_SCSV:
ss->opt.enableFallbackSCSV = on;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@ -856,6 +866,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;
case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ss->opt.reuseServerECDHEKey; break;
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -919,6 +932,12 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
break;
case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;
case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ssl_defaults.reuseServerECDHEKey;
break;
case SSL_ENABLE_FALLBACK_SCSV:
on = ssl_defaults.enableFallbackSCSV;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -1094,6 +1113,14 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.enableALPN = on;
break;
case SSL_REUSE_SERVER_ECDHE_KEY:
ssl_defaults.reuseServerECDHEKey = on;
break;
case SSL_ENABLE_FALLBACK_SCSV:
ssl_defaults.enableFallbackSCSV = on;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;

5
security/nss/lib/ssl/sslt.h
View File

@ -191,9 +191,10 @@ typedef enum {
ssl_padding_xtn = 21,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
ssl_renegotiation_info_xtn = 0xff01,
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
#define SSL_MAX_EXTENSIONS 10 /* doesn't include ssl_padding_xtn. */
#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
#endif /* __sslt_h_ */

2
security/nss/lib/util/manifest.mn
View File

@ -22,6 +22,7 @@ EXPORTS = \
pkcs11t.h \
pkcs11n.h \
pkcs11u.h \
pkcs1sig.h \
portreg.h \
secasn1.h \
secasn1t.h \
@ -58,6 +59,7 @@ CSRCS = \
nssrwlk.c \
nssilock.c \
oidstring.c \
pkcs1sig.c \
portreg.c \
secalgid.c \
secasn1d.c \

6
security/nss/lib/util/nssutil.def
View File

@ -271,3 +271,9 @@ SECITEM_ZfreeArray;
;+ local:
;+ *;
;+};
;+NSSUTIL_3.17.1 { # NSS Utilities 3.17.1 release
;+ global:
_SGN_VerifyPKCS1DigestInfo;
;+ local:
;+ *;
;+};

4
security/nss/lib/util/nssutil.h
View File

@ -19,9 +19,9 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.16.2.1"
#define NSSUTIL_VERSION "3.17.2.1"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 16
#define NSSUTIL_VMINOR 17
#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 1
#define NSSUTIL_BETA PR_FALSE

169
security/nss/lib/util/pkcs1sig.c Normal file
View File

@ -0,0 +1,169 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include "pkcs1sig.h"
#include "hasht.h"
#include "secerr.h"
#include "secasn1t.h"
#include "secoid.h"
typedef struct pkcs1PrefixStr pkcs1Prefix;
struct pkcs1PrefixStr {
unsigned int len;
PRUint8 *data;
};
typedef struct pkcs1PrefixesStr pkcs1Prefixes;
struct pkcs1PrefixesStr {
unsigned int digestLen;
pkcs1Prefix prefixWithParams;
pkcs1Prefix prefixWithoutParams;
};
/* The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on
* the possible prefix encodings as explained below.
*/
#define MAX_PREFIX_LEN_EXCLUDING_OID 10
static SECStatus
encodePrefix(const SECOidData *hashOid, unsigned int digestLen,
pkcs1Prefix *prefix, PRBool withParams)
{
/* with params coding is:
* Sequence (2 bytes) {
* Sequence (2 bytes) {
* Oid (2 bytes) {
* Oid value (derOid->oid.len)
* }
* NULL (2 bytes)
* }
* OCTECT (2 bytes);
*
* without params coding is:
* Sequence (2 bytes) {
* Sequence (2 bytes) {
* Oid (2 bytes) {
* Oid value (derOid->oid.len)
* }
* }
* OCTECT (2 bytes);
*/
unsigned int innerSeqLen = 2 + hashOid->oid.len;
unsigned int outerSeqLen = 2 + innerSeqLen + 2 + digestLen;
unsigned int extra = 0;
if (withParams) {
innerSeqLen += 2;
outerSeqLen += 2;
extra = 2;
}
if (innerSeqLen >= 128 ||
outerSeqLen >= 128 ||
(outerSeqLen + 2 - digestLen) >
(MAX_PREFIX_LEN_EXCLUDING_OID + hashOid->oid.len)) {
/* this is actually a library failure, It shouldn't happen */
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
prefix->len = 6 + hashOid->oid.len + extra + 2;
prefix->data = PORT_Alloc(prefix->len);
if (!prefix->data) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
}
prefix->data[0] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED;
prefix->data[1] = outerSeqLen;
prefix->data[2] = SEC_ASN1_SEQUENCE|SEC_ASN1_CONSTRUCTED;
prefix->data[3] = innerSeqLen;
prefix->data[4] = SEC_ASN1_OBJECT_ID;
prefix->data[5] = hashOid->oid.len;
PORT_Memcpy(&prefix->data[6], hashOid->oid.data, hashOid->oid.len);
if (withParams) {
prefix->data[6 + hashOid->oid.len] = SEC_ASN1_NULL;
prefix->data[6 + hashOid->oid.len + 1] = 0;
}
prefix->data[6 + hashOid->oid.len + extra] = SEC_ASN1_OCTET_STRING;
prefix->data[6 + hashOid->oid.len + extra + 1] = digestLen;
return SECSuccess;
}
SECStatus
_SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg,
const SECItem* digest,
const SECItem* dataRecoveredFromSignature,
PRBool unsafeAllowMissingParameters)
{
SECOidData *hashOid;
pkcs1Prefixes pp;
const pkcs1Prefix* expectedPrefix;
SECStatus rv, rv2, rv3;
if (!digest || !digest->data ||
!dataRecoveredFromSignature || !dataRecoveredFromSignature->data) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
hashOid = SECOID_FindOIDByTag(digestAlg);
if (hashOid == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
pp.digestLen = digest->len;
pp.prefixWithParams.data = NULL;
pp.prefixWithoutParams.data = NULL;
rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE);
rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE);
rv = SECSuccess;
if (rv2 != SECSuccess || rv3 != SECSuccess) {
rv = SECFailure;
}
if (rv == SECSuccess) {
/* We don't attempt to avoid timing attacks on these comparisons because
* signature verification is a public key operation, not a private key
* operation.
*/
if (dataRecoveredFromSignature->len ==
pp.prefixWithParams.len + pp.digestLen) {
expectedPrefix = &pp.prefixWithParams;
} else if (unsafeAllowMissingParameters &&
dataRecoveredFromSignature->len ==
pp.prefixWithoutParams.len + pp.digestLen) {
expectedPrefix = &pp.prefixWithoutParams;
} else {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
}
}
if (rv == SECSuccess) {
if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data,
expectedPrefix->len) ||
memcmp(dataRecoveredFromSignature->data + expectedPrefix->len,
digest->data, digest->len)) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
}
}
if (pp.prefixWithParams.data) {
PORT_Free(pp.prefixWithParams.data);
}
if (pp.prefixWithoutParams.data) {
PORT_Free(pp.prefixWithoutParams.data);
}
return rv;
}

30
security/nss/lib/util/pkcs1sig.h Normal file
View File

@ -0,0 +1,30 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#ifndef _PKCS1SIG_H_
#define _PKCS1SIG_H_
#include "hasht.h"
#include "seccomon.h"
#include "secoidt.h"
/* SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct
* for the given algorithm, then verifies that the recovered data from the
* PKCS#1 signature is a properly-formatted DigestInfo that identifies the
* given digest algorithm, then verifies that the digest in the DigestInfo
* matches the given digest.
*
* dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover
* or equivalent.
*
* If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo
* without the mandatory ASN.1 NULL parameter will also be accepted.
*/
SECStatus _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg,
const SECItem* digest,
const SECItem* dataRecoveredFromSignature,
PRBool unsafeAllowMissingParameters);
#endif /* _PKCS1SIG_H_ */

101
security/nss/lib/util/quickder.c
View File

@ -16,55 +16,110 @@
*/
static unsigned char* definite_length_decoder(const unsigned char *buf,
const unsigned int length,
unsigned int *data_length,
const unsigned int buf_length,
unsigned int *out_data_length,
PRBool includeTag)
{
unsigned char tag;
unsigned int used_length= 0;
unsigned int data_len;
unsigned int used_length = 0;
unsigned int data_length = 0;
unsigned char length_field_len = 0;
unsigned char byte;
unsigned int i;
if (used_length >= length)
if (used_length >= buf_length)
{
/* Tag field was not found! */
return NULL;
}
tag = buf[used_length++];
/* blow out when we come to the end */
if (tag == 0)
{
/* End-of-contents octects should not be present in DER because
DER doesn't use the indefinite length form. */
return NULL;
}
if (used_length >= length)
if ((tag & 0x1F) == 0x1F)
{
/* High tag number (a tag number > 30) is not supported */
return NULL;
}
data_len = buf[used_length++];
if (data_len&0x80)
{
int len_count = data_len & 0x7f;
data_len = 0;
while (len_count-- > 0)
{
if (used_length >= length)
if (used_length >= buf_length)
{
/* Length field was not found! */
return NULL;
}
data_len = (data_len << 8) | buf[used_length++];
}
}
byte = buf[used_length++];
if (data_len > (length-used_length) )
if (!(byte & 0x80))
{
/* Short form: The high bit is not set. */
data_length = byte; /* clarity; we're returning a 32-bit int. */
}
else
{
/* Long form. Extract the field length */
length_field_len = byte & 0x7F;
if (length_field_len == 0)
{
/* DER doesn't use the indefinite length form. */
return NULL;
}
if (includeTag) data_len += used_length;
*data_length = data_len;
if (length_field_len > sizeof(data_length))
{
/* We don't support an extended length field longer than
4 bytes (2^32) */
return NULL;
}
if (length_field_len > (buf_length - used_length))
{
/* Extended length field was not found */
return NULL;
}
/* Iterate across the extended length field */
for (i = 0; i < length_field_len; i++)
{
byte = buf[used_length++];
data_length = (data_length << 8) | byte;
if (i == 0)
{
PRBool too_long = PR_FALSE;
if (length_field_len == 1)
{
too_long = ((byte & 0x80) == 0); /* Short form suffices */
}
else
{
too_long = (byte == 0); /* This zero byte can be omitted */
}
if (too_long)
{
/* The length is longer than needed. */
return NULL;
}
}
}
}
if (data_length > (buf_length - used_length))
{
/* The decoded length exceeds the available buffer */
return NULL;
}
if (includeTag)
{
data_length += used_length;
}
*out_data_length = data_length;
return ((unsigned char*)buf + (includeTag ? 0 : used_length));
}

2
security/nss/tests/chains/scenarios/nameconstraints.cfg
View File

@ -7,8 +7,8 @@ scenario TrustAnchors
db trustanchors
import NameConstraints.ca:x:CT,C,C
import NameConstraints.ncca:x:CT,C,C
# Name Constrained CA: Name constrained to permited DNSName ".example"
import NameConstraints.ncca:x:CT,C,C
import NameConstraints.dcisscopy:x:CT,C,C
# Intermediate 1: Name constrained to permited DNSName ".example"

2
security/nss/tests/libpkix/certs/make-nc
View File

@ -456,7 +456,7 @@ y
n
CERTSCRIPT
#the following cert MUST not pass
#the following cert MUST pass
certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
0
2

6
security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.c
View File

@ -2,8 +2,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#define VERION_MAJOR 1
#define VERION_MINOR 0
#define VERSION_MAJOR 1
#define VERSION_MINOR 0
#define VERSION_POINT 7
/* NSPR header files */
#include <prinit.h>
@ -174,7 +174,7 @@ PRIntn main(PRIntn ac, char **av, char **ev) {
"\nSSL Test Suite Version %d.%d.%d\n\
All Rights Reserved\n\
Usage: sslt [-c client_nickname] [-n server_nickname] [-p passwd] [-d] testid\n",
VERION_MAJOR, VERION_MINOR, VERSION_POINT);
VERSION_MAJOR, VERSION_MINOR, VERSION_POINT);
exit(0);
}