diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 55b6a0c3..9bf78b7f 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -40,7 +40,7 @@ #define MIN_KEY_BITS 512 /* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */ #define MAX_KEY_BITS 8192 -#define DEFAULT_KEY_BITS 1024 +#define DEFAULT_KEY_BITS 2048 #define GEN_BREAK(e) rv=e; break; @@ -971,19 +971,19 @@ PrintSyntax(char *progName) FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName); FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name]\n" "\t\t [-f pwfile] [-0 SSO-password]\n", progName); - FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", + FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -B -i batch-file\n", progName); FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" + "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n" "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n" "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n" "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", + FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", progName); @@ -1010,14 +1010,15 @@ PrintSyntax(char *progName) progName); FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n"); FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); - FPS "\t%s -L [-n cert-name] [--email email-address] [-X] [-r] [-a]\n", + FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n", progName); - FPS "\t\t [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); + FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n"); FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName); FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" - "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile] [-g key-size]\n", + "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n" + "\t\t [-g key-size] [-Z hashAlg]\n", progName); FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-a]\n" "\t\t[-X] [-d certdir] [-P dbprefix]\n", @@ -1027,7 +1028,7 @@ PrintSyntax(char *progName) FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" + "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n" "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" "\t\t [-8 DNS-names]\n" "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" @@ -1137,6 +1138,11 @@ static void luC(enum usage_level ul, const char *command) " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s \n" "%-20s Create key usage extension. Possible keywords:\n" "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n" @@ -1336,6 +1342,8 @@ static void luL(enum usage_level ul, const char *command) "-L"); if (ul == usage_selected && !is_my_command) return; + FPS "%-20s Name of token to search (\"all\" for all tokens)\n", + " -h token-name "); FPS "%-20s Pretty print named cert (list all if unspecified)\n", " -n cert-name"); FPS "%-20s \n" @@ -1388,6 +1396,8 @@ static void luN(enum usage_level ul, const char *command) " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); + FPS "%-20s Specify the password file\n", + " -f password-file"); FPS "%-20s use empty password when creating a new database\n", " --empty-password"); FPS "\n"); @@ -1473,6 +1483,11 @@ static void luR(enum usage_level ul, const char *command) " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", " -a"); FPS "%-20s \n", @@ -1634,6 +1649,11 @@ static void luS(enum usage_level ul, const char *command) " -P dbprefix"); FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", " -p phone"); + FPS "%-20s \n" + "%-20s Specify the hash algorithm to use. Possible keywords:\n" + "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n" + "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n", + " -Z hashAlg", "", "", ""); FPS "%-20s Create key usage extension\n", " -1 "); FPS "%-20s Create basic constraint extension\n", diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 2665dd44..0cdd0343 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -494,7 +494,6 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, CK_FLAGS opFlagsOff, secuPWData *pwdata) { CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; PK11RSAGenParams rsaparams; SECKEYPQGParams * dsaparams = NULL; void * params; @@ -529,12 +528,10 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, rsaparams.keySizeInBits = size; rsaparams.pe = publicExponent; mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; params = &rsaparams; break; case dsaKey: mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; if (pqgFile) { dsaparams = getpqgfromfile(size, pqgFile); if (dsaparams == NULL) diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c index 12fcda79..4eb16f71 100644 --- a/security/nss/cmd/crlutil/crlgen.c +++ b/security/nss/cmd/crlutil/crlgen.c @@ -1169,7 +1169,7 @@ crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, switch (crlGenData->contextId) { case CRLGEN_CHANGE_RANGE_CONTEXT: - if (dtype != CRLGEN_TYPE_DIGIT || dtype != CRLGEN_TYPE_DIGIT_RANGE) { + if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) { crlgen_PrintError(crlGenData->parsedLineNum, "range value should have " "numeric or numeric range values.\n"); diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 9f69f7fb..97331c9c 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -2411,6 +2411,46 @@ loser: return rv; } +int +SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int level) +{ + PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + CERTCertificate *c; + int rv = SEC_ERROR_NO_MEMORY; + int iv; + + if (!arena) + return rv; + + /* Decode certificate */ + c = PORT_ArenaZNew(arena, CERTCertificate); + if (!c) + goto loser; + c->arena = arena; + rv = SEC_ASN1DecodeItem(arena, c, + SEC_ASN1_GET(CERT_CertificateTemplate), der); + if (rv) { + SECU_Indent(out, level); + SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); + SECU_PrintAny(out, der, "Raw", level); + goto loser; + } + /* Pretty print it out */ + SECU_Indent(out, level); fprintf(out, "%s:\n", m); + SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1); + SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1); + SECU_PrintName(out, &c->issuer, "Issuer", level+1); + if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/ + SECU_Newline(out); + secu_PrintValidity(out, &c->validity, "Validity", level+1); + SECU_PrintName(out, &c->subject, "Subject", level+1); + if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/ + SECU_Newline(out); +loser: + PORT_FreeArena(arena, PR_FALSE); + return rv; +} + int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level) { diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 2a299918..9f2744a3 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -221,6 +221,9 @@ extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, extern int SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level); +extern int SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, + int level); + extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, int level); diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 8950b1b0..7b0467f2 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -45,7 +45,7 @@ Usage(char *progName) FPS "\t\t [-c key_cipher] [-C cert_cipher]\n" "\t\t [-m | --key_len keyLen] [--cert_key_len certKeyLen] [-v]\n"); FPS "\t\t [-k slotpwfile | -K slotpw]\n" - "\t\t [-w p12filepwfile | -W p12filefilepw]\n"); + "\t\t [-w p12filepwfile | -W p12filepw]\n"); exit(PK12UERR_USAGE); } @@ -101,9 +101,6 @@ static p12uContext * p12u_InitContext(PRBool fileImport, char *filename) { p12uContext *p12cxt; - PRBool fileExist; - - fileExist = fileImport; p12cxt = PORT_ZNew(p12uContext); if(!p12cxt) { diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index 833952a5..812a27fd 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -87,8 +87,8 @@ EXTRA_LIBS += \ $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ $(PKIXLIB) \ $(DBMLIB) \ - $(DIST)/lib/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \ + $(SQLITE_LIB_DIR)/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \ + $(NSSUTIL_LIB_DIR)/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \ @@ -135,7 +135,7 @@ endif # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -l$(SQLITE_LIB_NAME) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ @@ -153,7 +153,7 @@ ifeq ($(OS_ARCH), WINNT) # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) EXTRA_LIBS += \ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ + $(NSSUTIL_LIB_DIR)/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \ $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \ diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index a739a915..31e76611 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -31,8 +31,7 @@ static void Usage(char *progName) SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); - fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "", SEC_CT_CERTIFICATE_ID, - SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME); + fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", ""); fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n", "-a"); fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n", diff --git a/security/nss/cmd/tstclnt/manifest.mn b/security/nss/cmd/tstclnt/manifest.mn index 5a4fec8c..5c1e4f61 100644 --- a/security/nss/cmd/tstclnt/manifest.mn +++ b/security/nss/cmd/tstclnt/manifest.mn @@ -17,6 +17,7 @@ REQUIRES = seccmd dbm # DIRS = CSRCS = tstclnt.c +DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" PROGRAM = tstclnt diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 664c54f7..72f53bad 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -32,6 +32,7 @@ #include "ssl.h" #include "sslproto.h" #include "pk11func.h" +#include "secmod.h" #include "plgetopt.h" #include "plstr.h" @@ -97,6 +98,7 @@ int ssl3CipherSuites[] = { unsigned long __cmp_umuls; PRBool verbose; +int dumpServerChain = 0; int renegotiationsToDo = 0; int renegotiationsDone = 0; @@ -179,7 +181,8 @@ static void PrintUsageHeader(const char *progName) { fprintf(stderr, "Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n" - "[-d certdir] [-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n" + "[-D | -d certdir] [-C] [-b | -R root-module] \n" + "[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n" "[-V [min-version]:[max-version]] [-K] [-T]\n" "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n", progName); @@ -196,6 +199,12 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Directory with cert database (default is ~/.netscape)\n", "-d certdir"); + fprintf(stderr, "%-20s Run without a cert database\n", "-D"); + fprintf(stderr, "%-20s Load the default \"builtins\" root CA module\n", "-b"); + fprintf(stderr, "%-20s Load the given root CA module\n", "-R"); + fprintf(stderr, "%-20s Print certificate chain information\n", "-C"); + fprintf(stderr, "%-20s (use -C twice to print more certificate details)\n", ""); + fprintf(stderr, "%-20s (use -C three times to include PEM format certificate dumps)\n", ""); fprintf(stderr, "%-20s Nickname of key and cert for client auth\n", "-n nickname"); fprintf(stderr, @@ -500,12 +509,114 @@ verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca) EXIT_CODE_SIDECHANNELTEST_REVOKED; } + +static void +dumpCertificatePEM(CERTCertificate *cert) +{ + SECItem data; + data.data = cert->derCert.data; + data.len = cert->derCert.len; + fprintf(stderr, "%s\n%s\n%s\n", NS_CERT_HEADER, + BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); +} + +static void +dumpServerCertificateChain(PRFileDesc *fd) +{ + CERTCertList *peerCertChain = NULL; + CERTCertListNode *node = NULL; + CERTCertificate *peerCert = NULL; + CERTCertificateList *foundChain = NULL; + SECU_PPFunc dumpFunction = NULL; + PRBool dumpCertPEM = PR_FALSE; + + if (!dumpServerChain) { + return; + } + else if (dumpServerChain == 1) { + dumpFunction = SECU_PrintCertificateBasicInfo; + } else { + dumpFunction = SECU_PrintCertificate; + if (dumpServerChain > 2) { + dumpCertPEM = PR_TRUE; + } + } + + SECU_EnableWrap(PR_FALSE); + + fprintf(stderr, "==== certificate(s) sent by server: ====\n"); + peerCertChain = SSL_PeerCertificateChain(fd); + if (peerCertChain) { + node = CERT_LIST_HEAD(peerCertChain); + while ( ! CERT_LIST_END(node, peerCertChain) ) { + CERTCertificate *cert = node->cert; + SECU_PrintSignedContent(stderr, &cert->derCert, "Certificate", 0, + dumpFunction); + if (dumpCertPEM) { + dumpCertificatePEM(cert); + } + node = CERT_LIST_NEXT(node); + } + } + + if (peerCertChain) { + peerCert = SSL_RevealCert(fd); + if (peerCert) { + foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer, + PR_TRUE); + } + if (foundChain) { + int count = 0; + fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); + for(count = 0; count < (unsigned int)foundChain->len; count++) { + CERTCertificate *c; + PRBool wasSentByServer = PR_FALSE; + c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]); + + node = CERT_LIST_HEAD(peerCertChain); + while ( ! CERT_LIST_END(node, peerCertChain) ) { + CERTCertificate *cert = node->cert; + if (CERT_CompareCerts(cert, c)) { + wasSentByServer = PR_TRUE; + break; + } + node = CERT_LIST_NEXT(node); + } + + if (!wasSentByServer) { + SECU_PrintSignedContent(stderr, &c->derCert, "Certificate", 0, + dumpFunction); + if (dumpCertPEM) { + dumpCertificatePEM(c); + } + } + CERT_DestroyCertificate(c); + } + CERT_DestroyCertificateList(foundChain); + } + if (peerCert) { + CERT_DestroyCertificate(peerCert); + } + + CERT_DestroyCertList(peerCertChain); + peerCertChain = NULL; + } + + fprintf(stderr, "==== end of certificate chain information ====\n"); + fflush(stderr); +} + static SECStatus ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) { ServerCertAuth * serverCertAuth = (ServerCertAuth *) arg; + if (dumpServerChain) { + dumpServerCertificateChain(fd); + } + + if (!serverCertAuth->shouldPause) { CERTCertificate *cert; int i; @@ -828,6 +939,9 @@ int main(int argc, char **argv) PLOptState *optstate; PLOptStatus optstatus; PRStatus prStatus; + PRBool openDB = PR_TRUE; + PRBool loadDefaultRootCAs = PR_FALSE; + char *rootModule = NULL; serverCertAuth.shouldPause = PR_TRUE; serverCertAuth.isPaused = PR_FALSE; @@ -854,7 +968,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BFKM:OSTV:W:Ya:c:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BCDFKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -865,6 +979,10 @@ int main(int argc, char **argv) case 'B': bypassPKCS11 = 1; break; + case 'C': ++dumpServerChain; break; + + case 'D': openDB = PR_FALSE; break; + case 'F': if (serverCertAuth.testFreshStatusFromSideChannel) { /* parameter given twice or more */ serverCertAuth.requireDataForIntermediates = PR_TRUE; @@ -895,6 +1013,8 @@ int main(int argc, char **argv) }; break; + case 'R': rootModule = PORT_Strdup(optstate->value); break; + case 'S': skipProtoHeader = PR_TRUE; break; case 'T': enableCertStatus = 1; break; @@ -917,6 +1037,8 @@ int main(int argc, char **argv) } break; + case 'b': loadDefaultRootCAs = PR_TRUE; break; + case 'c': cipherString = PORT_Strdup(optstate->value); break; case 'g': enableFalseStart = 1; break; @@ -972,8 +1094,10 @@ int main(int argc, char **argv) if (optstatus == PL_OPT_BAD) Usage(progName); - if (!host || !portno) + if (!host || !portno) { + fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName); Usage(progName); + } if (serverCertAuth.testFreshStatusFromSideChannel && serverCertAuth.shouldPause) { @@ -981,6 +1105,16 @@ int main(int argc, char **argv) exit(1); } + if (certDir && !openDB) { + fprintf(stderr, "%s: Cannot combine parameters -D and -d\n", progName); + exit(1); + } + + if (rootModule && loadDefaultRootCAs) { + fprintf(stderr, "%s: Cannot combine parameters -b and -R\n", progName); + exit(1); + } + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -1073,10 +1207,26 @@ int main(int argc, char **argv) certDir = SECU_ConfigDirectory(certDirTmp); PORT_Free(certDirTmp); } - rv = NSS_Init(certDir); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to open cert database"); - return 1; + + if (openDB) { + rv = NSS_Init(certDir); + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to open cert database"); + return 1; + } + } else { + rv = NSS_NoDB_Init(NULL); + if (rv != SECSuccess) { + SECU_PrintError(progName, "failed to initialize NSS"); + return 1; + } + } + + if (loadDefaultRootCAs) { + SECMOD_AddNewModule("Builtins", + DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0); + } else if (rootModule) { + SECMOD_AddNewModule("Builtins", rootModule, 0, 0); } /* set the policy bits true for all the cipher suites. */ diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index f0002c6f..18a13481 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -116,3 +116,22 @@ PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \ USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz + +# The system sqlite library in the latest version of Mac OS X often becomes +# newer than the sqlite library in NSS. This may result in certain Mac OS X +# system libraries having unresolved sqlite symbols during the shlibsign step +# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and +# the NSS libsqlite3.dylib is used instead of the system one. So just use the +# system sqlite library on Mac, if it's sufficiently new. + +SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}') +SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }') +SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }') + +ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR)) + ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR))) + # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control + else + NSS_USE_SYSTEM_SQLITE = 1 + endif +endif diff --git a/security/nss/coreconf/command.mk b/security/nss/coreconf/command.mk index 35ebe868..ec1fd4d3 100644 --- a/security/nss/coreconf/command.mk +++ b/security/nss/coreconf/command.mk @@ -11,8 +11,7 @@ AS = $(CC) ASFLAGS += $(CFLAGS) CCF = $(CC) $(CFLAGS) -LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) -LINK_EXE = $(LINK) $(OS_LFLAGS) $(LFLAGS) +LINK_DLL = $(LINK) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS) CFLAGS = $(OPTIMIZER) $(OS_CFLAGS) $(XP_DEFINE) $(DEFINES) $(INCLUDES) \ $(XCFLAGS) PERL = perl diff --git a/security/nss/coreconf/location.mk b/security/nss/coreconf/location.mk index 0eb9d914..b11558a4 100644 --- a/security/nss/coreconf/location.mk +++ b/security/nss/coreconf/location.mk @@ -67,6 +67,10 @@ ifndef SOFTOKEN_LIB_DIR SOFTOKEN_LIB_DIR = $(DIST)/lib endif +ifndef SQLITE_LIB_DIR + SQLITE_LIB_DIR = $(DIST)/lib +endif + ifndef SQLITE_LIB_NAME SQLITE_LIB_NAME = sqlite3 endif diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 937eed4e..5495b0c3 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -241,7 +241,7 @@ alltags: $(PROGRAM): $(OBJS) $(EXTRA_LIBS) @$(MAKE_OBJDIR) ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) - $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) + $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(XLDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) ifdef MT if test -f $@.manifest; then \ $(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \ @@ -332,7 +332,7 @@ $(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX) @$(MAKE_OBJDIR) ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET))) $(MKPROG) $< -Fe$@ -link \ - $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) + $(LDFLAGS) $(XLDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) ifdef MT if test -f $@.manifest; then \ $(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \ diff --git a/security/nss/doc/Makefile b/security/nss/doc/Makefile index 00c94aaf..444a81a3 100644 --- a/security/nss/doc/Makefile +++ b/security/nss/doc/Makefile @@ -39,19 +39,6 @@ version.xml: .PHONY : $(HTMLPAGES) .PHONY : $(TXTPAGES) -#------------------------------------------ -# Package a tar ball for building in fedora -# Include the makefile and .xml files only -# man pages will be created at build time -#------------------------------------------ - -tarball: - rm -rf $(name); \ - mkdir -p $(name)/nroff; \ - cp Makefile $(name); \ - cp *.xml $(name); \ - tar cvjf $(name)-$(date).tar.bz2 $(name) - #-------------------------------------------------------- # manpages #-------------------------------------------------------- diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index b89fa492..4fdb5d0d 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -247,7 +247,7 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their -g keysize - Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed. + Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed. @@ -459,6 +459,23 @@ of the attribute codes: Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes. + + -Z hashAlg + + Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords: + + MD2 + MD4 + MD5 + SHA1 + SHA224 + SHA256 + SHA384 + SHA512 + + + + -0 SSO_password Set a site security officer password on a token. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 907f90be..6f29575d 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,4 +1,4 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

@@ -14,7 +14,7 @@ If this option is not used, the validity check defaults to the current system ti Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.

  • OID (example): 1.2.3.4

  • critical-flag: critical or not-critical

  • filename: full path to a file containing an encoded extension

-f password-file

Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent - unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

+ unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

The valid key type options are rsa, dsa, ec, or all. The default value is rsa. Specifying the type of key can avoid mistakes caused by duplicate nicknames. Giving a key type generates a new key pair; @@ -61,7 +61,7 @@ of the attribute codes: the certificate or adding it to a database. Express the offset in integers, using a minus sign (-) to indicate a negative offset. If this argument is not used, the validity period begins at the current system time. The length - of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • + of the validity period is set with the -v argument.

-X

Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

-x

Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

-y exp

Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

-z noise-file

Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

-Z hashAlg

Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:

  • MD2

  • MD4

  • MD5

  • SHA1

  • SHA224

  • SHA256

  • SHA384

  • SHA512

-0 SSO_password

Set a site security officer password on a token.

-1 | --keyUsage keyword,keyword

Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

  • digitalSignature

  • nonRepudiation diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 7ae5db01..6ce08f2e 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 29 July 2014 +.\" Date: 23 February 2015 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "29 July 2014" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "23 February 2015" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -310,7 +310,7 @@ Specify a file that will automatically supply the password to include in a certi .PP \-g keysize .RS 4 -Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 1024 bits\&. Any size between the minimum and maximum is allowed\&. +Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 2048 bits\&. Any size between the minimum and maximum is allowed\&. .RE .PP \-h tokenname @@ -619,6 +619,99 @@ Set an alternate exponent value to use in generating a new RSA public key for th Read a seed value from the specified file to generate a new private and public key pair\&. This argument makes it possible to use hardware\-generated seed values or manually create a value from the keyboard\&. The minimum file size is 20 bytes\&. .RE .PP +\-Z hashAlg +.RS 4 +Specify the hash algorithm to use with the \-C, \-S or \-R command options\&. Possible keywords: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD2 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD4 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +MD5 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA1 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA224 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA256 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA384 +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +SHA512 +.RE +.RE +.PP \-0 SSO_password .RS 4 Set a site security officer password on a token\&. diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 0e9e3919..4564dc2d 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -929,15 +929,9 @@ extern SECStatus CERT_FindNSCertTypeExtension extern char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag); -extern SECStatus CERT_FindIssuerCertExtension - (CERTCertificate *cert, int tag, SECItem *value); - extern SECStatus CERT_FindCertExtensionByOID (CERTCertificate *cert, SECItem *oid, SECItem *value); -extern char *CERT_FindCertURLExtension (CERTCertificate *cert, int tag, - int catag); - /* Returns the decoded value of the authKeyID extension. ** Note that this uses passed in the arena to allocate storage for the result */ @@ -1178,6 +1172,20 @@ CERT_GetNextGeneralName(CERTGeneralName *current); extern CERTGeneralName * CERT_GetPrevGeneralName(CERTGeneralName *current); +/* + * Look up name constraints for some certs that do not include name constraints + * (Most importantly, root certificates) + * + * If a matching subject is found, |extensions| will be populated with a copy of the + * DER-encoded name constraints extension. The data in |extensions| will point to + * memory that the caller owns. + * + * There is no mechanism to configure imposed name constraints right now. All + * imposed name constraints are built into NSS. + */ +SECStatus +CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions); + CERTNameConstraint * CERT_GetNextNameConstraint(CERTNameConstraint *current); @@ -1549,6 +1557,9 @@ CERT_CheckNameSpace(PLArenaPool *arena, /* * Extract and allocate the name constraints extension from the CA cert. + * If the certificate contains no name constraints extension, but + * CERT_GetImposedNameConstraints returns a name constraints extension + * for the subject of the certificate, then that extension will be returned. */ extern SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 43304371..2581be22 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1051,6 +1051,11 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; + if (!crl) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return(secCertTimeUndetermined); + } + rv = SEC_GetCrlTimes(crl, ¬Before, ¬After); if (rv) { @@ -1063,6 +1068,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { + PORT_SetError(SEC_ERROR_CRL_EXPIRED); return(secCertTimeNotValidYet); } @@ -1074,6 +1080,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) { } if ( LL_CMP( t, >, notAfter) ) { + PORT_SetError(SEC_ERROR_CRL_EXPIRED); return(secCertTimeExpired); } @@ -1425,7 +1432,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) CERTGeneralName * current; char * cn; int cnBufLen; - unsigned int hnLen; int DNSextCount = 0; int IPextCount = 0; PRBool isIPaddr = PR_FALSE; @@ -1435,7 +1441,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn) char cnbuf[128]; subAltName.data = NULL; - hnLen = strlen(hn); cn = cnbuf; cnBufLen = sizeof cnbuf; @@ -2311,7 +2316,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) { unsigned int i; unsigned int *pflags; - + if (!trust) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -2325,7 +2330,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) } pflags = &trust->sslFlags; - + for (i=0; i < PORT_Strlen(trusts); i++) { switch (trusts[i]) { case 'p': @@ -2371,6 +2376,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) } break; default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } } diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index d0d53c30..d358dfd8 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -75,6 +75,21 @@ SECStatus SEC_DeletePermCertificate(CERTCertificate *cert); PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old); +/* +** Extract the validity times from a CRL +** "crl" is the CRL +** "notBefore" is the start of the validity period (last update) +** "notAfter" is the end of the validity period (next update) +*/ +SECStatus +SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter); + +/* +** Check the validity times of a crl vs. time 't', allowing +** some slop for broken clocks and stuff. +** "crl" is the certificate to be checked +** "t" is the time to check against +*/ SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t); diff --git a/security/nss/lib/certdb/certi.h b/security/nss/lib/certdb/certi.h index f47af1cf..ff7a7b84 100644 --- a/security/nss/lib/certdb/certi.h +++ b/security/nss/lib/certdb/certi.h @@ -116,11 +116,16 @@ struct CRLDPCacheStr { #else PRLock* lock; #endif - CERTCertificate* issuer; /* issuer cert - XXX there may be multiple issuer certs, - with different validity dates. Also - need to deal with SKID/AKID . See - bugzilla 217387, 233118 */ + SECItem *issuerDERCert; /* issuer DER cert. Don't hold a reference + to the actual cert so the trust can be + updated on the cert automatically. + XXX there may be multiple issuer certs, + with different validity dates. Also + need to deal with SKID/AKID . See + bugzilla 217387, 233118 */ + + CERTCertDBHandle *dbHandle; + SECItem* subject; /* DER of issuer subject */ SECItem* distributionPoint; /* DER of distribution point. This may be NULL when distribution points aren't @@ -165,15 +170,6 @@ struct CRLDPCacheStr { struct CRLIssuerCacheStr { SECItem* subject; /* DER of issuer subject */ CRLDPCache* dpp; -#if 0 - /* XCRL for future use. - We don't need to lock at the moment because we only have one DP, - which gets created at the same time as this object */ - NSSRWLock* lock; - CRLDPCache** dps; - PLHashTable* distributionpoints; - CERTCertificate* issuer; -#endif }; /* CRL revocation cache object diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 9ab00fde..d8b559c7 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -186,7 +186,7 @@ struct CERTSubjectListStr { struct CERTCertificateStr { /* the arena is used to allocate any data structures that have the same * lifetime as the cert. This is all stuff that hangs off of the cert - * structure, and is all freed at the same time. I is used when the + * structure, and is all freed at the same time. It is used when the * cert is decoded, destroyed, and at some times when it changes * state */ @@ -1177,7 +1177,7 @@ typedef struct { /* * How many preferred methods are specified? * This is equivalent to the size of the array that - * preferred_revocation_methods points to. + * preferred_methods points to. * It's allowed to set this value to zero, * then NSS will decide which methods to prefer. */ @@ -1186,7 +1186,7 @@ typedef struct { /* Array that may specify an optional order of preferred methods. * Each array entry shall contain a method identifier as defined * by CERTRevocationMethodIndex. - * The entry at index [0] specifies the method with highest preferrence. + * The entry at index [0] specifies the method with highest preference. * These methods will be tested first for locally available information. * Methods allowed for downloading will be attempted in the same order. */ diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c index 2509d5d5..1735b5e4 100644 --- a/security/nss/lib/certdb/certv3.c +++ b/security/nss/lib/certdb/certv3.c @@ -43,142 +43,6 @@ CERT_StartCertExtensions(CERTCertificate *cert) return (cert_StartExtensions ((void *)cert, cert->arena, SetExts)); } -/* find the given extension in the certificate of the Issuer of 'cert' */ -SECStatus -CERT_FindIssuerCertExtension(CERTCertificate *cert, int tag, SECItem *value) -{ - CERTCertificate *issuercert; - SECStatus rv; - - issuercert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer); - if ( issuercert ) { - rv = cert_FindExtension(issuercert->extensions, tag, value); - CERT_DestroyCertificate(issuercert); - } else { - rv = SECFailure; - } - - return(rv); -} - -/* find a URL extension in the cert or its CA - * apply the base URL string if it exists - */ -char * -CERT_FindCertURLExtension(CERTCertificate *cert, int tag, int catag) -{ - SECStatus rv; - SECItem urlitem = {siBuffer,0}; - SECItem baseitem = {siBuffer,0}; - SECItem urlstringitem = {siBuffer,0}; - SECItem basestringitem = {siBuffer,0}; - PLArenaPool *arena = NULL; - PRBool hasbase; - char *urlstring; - char *str; - int len; - unsigned int i; - - urlstring = NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( ! arena ) { - goto loser; - } - - hasbase = PR_FALSE; - - rv = cert_FindExtension(cert->extensions, tag, &urlitem); - if ( rv == SECSuccess ) { - rv = cert_FindExtension(cert->extensions, SEC_OID_NS_CERT_EXT_BASE_URL, - &baseitem); - if ( rv == SECSuccess ) { - hasbase = PR_TRUE; - } - - } else if ( catag ) { - /* if the cert doesn't have the extensions, see if the issuer does */ - rv = CERT_FindIssuerCertExtension(cert, catag, &urlitem); - if ( rv != SECSuccess ) { - goto loser; - } - rv = CERT_FindIssuerCertExtension(cert, SEC_OID_NS_CERT_EXT_BASE_URL, - &baseitem); - if ( rv == SECSuccess ) { - hasbase = PR_TRUE; - } - } else { - goto loser; - } - - rv = SEC_QuickDERDecodeItem(arena, &urlstringitem, - SEC_ASN1_GET(SEC_IA5StringTemplate), &urlitem); - - if ( rv != SECSuccess ) { - goto loser; - } - if ( hasbase ) { - rv = SEC_QuickDERDecodeItem(arena, &basestringitem, - SEC_ASN1_GET(SEC_IA5StringTemplate), - &baseitem); - - if ( rv != SECSuccess ) { - goto loser; - } - } - - len = urlstringitem.len + ( hasbase ? basestringitem.len : 0 ) + 1; - - str = urlstring = (char *)PORT_Alloc(len); - if ( urlstring == NULL ) { - goto loser; - } - - /* copy the URL base first */ - if ( hasbase ) { - - /* if the urlstring has a : in it, then we assume it is an absolute - * URL, and will not get the base string pre-pended - */ - for ( i = 0; i < urlstringitem.len; i++ ) { - if ( urlstringitem.data[i] == ':' ) { - goto nobase; - } - } - - PORT_Memcpy(str, basestringitem.data, basestringitem.len); - str += basestringitem.len; - - } - -nobase: - /* copy the rest (or all) of the URL */ - PORT_Memcpy(str, urlstringitem.data, urlstringitem.len); - str += urlstringitem.len; - - *str = '\0'; - goto done; - -loser: - if ( urlstring ) { - PORT_Free(urlstring); - } - - urlstring = NULL; -done: - if ( arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - if ( baseitem.data ) { - PORT_Free(baseitem.data); - } - if ( urlitem.data ) { - PORT_Free(urlitem.data); - } - - return(urlstring); -} - /* * get the value of the Netscape Certificate Type Extension */ diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 1551cd1b..9f9aa0b2 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -1123,9 +1123,9 @@ static SECStatus DPCache_Destroy(CRLDPCache* cache) PORT_Free(cache->crls); } /* destroy the cert */ - if (cache->issuer) + if (cache->issuerDERCert) { - CERT_DestroyCertificate(cache->issuer); + SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE); } /* free the subject */ if (cache->subject) @@ -1571,14 +1571,20 @@ static SECStatus CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, else { SECStatus signstatus = SECFailure; - if (cache->issuer) + if (cache->issuerDERCert) { - signstatus = CERT_VerifyCRL(crlobject->crl, cache->issuer, vfdate, + CERTCertificate *issuer = CERT_NewTempCertificate(cache->dbHandle, + cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE); + + if (issuer) { + signstatus = CERT_VerifyCRL(crlobject->crl, issuer, vfdate, wincx); + CERT_DestroyCertificate(issuer); + } } if (SECSuccess != signstatus) { - if (!cache->issuer) + if (!cache->issuerDERCert) { /* we tried to verify without an issuer cert . This is because this CRL came through a call to SEC_FindCrlByName. @@ -1925,15 +1931,16 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* } /* add issuer certificate if it was previously unavailable */ - if (issuer && (NULL == cache->issuer) && + if (issuer && (NULL == cache->issuerDERCert) && (SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN))) { /* if we didn't have a valid issuer cert yet, but we do now. add it */ DPCache_LockWrite(); - if (!cache->issuer) + if (!cache->issuerDERCert) { dirty = PR_TRUE; - cache->issuer = CERT_DupCertificate(issuer); + cache->dbHandle = issuer->dbhandle; + cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert); } DPCache_UnlockWrite(); } @@ -1944,7 +1951,7 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* SEC_FindCrlByName, or through manual insertion, rather than through a certificate verification (CERT_CheckCRL) */ - if (cache->issuer && vfdate ) + if (cache->issuerDERCert && vfdate ) { mustunlock = PR_FALSE; /* re-process all unverified CRLs */ @@ -2201,7 +2208,8 @@ static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer, } if (issuer) { - cache->issuer = CERT_DupCertificate(issuer); + cache->dbHandle = issuer->dbhandle; + cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert); } cache->distributionPoint = SECITEM_DupItem(dp); cache->subject = SECITEM_DupItem(subject); diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 1b0cc970..e3bc11d5 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -1556,76 +1556,98 @@ done: return rv; } -/* Add name constraints to certain certs that do not include name constraints - * This is the core of the implementation for bug 952572. +/* + * Here we define a list of name constraints to be imposed on + * certain certificates, most importantly root certificates. + * + * Each entry in the name constraints list is constructed with this + * macro. An entry contains two SECItems, which have names in + * specific forms to make the macro work: + * + * * ${CA}_SUBJECT_DN - The subject DN for which the constraints + * should be applied + * * ${CA}_NAME_CONSTRAINTS - The name constraints extension + * + * Entities subject to name constraints are identified by subject name + * so that we can cover all certificates for that entity, including, e.g., + * cross-certificates. We use subject rather than public key because + * calling methods often have easy access to that field (vs., say, a key ID), + * and in practice, subject names and public keys are usually in one-to-one + * correspondence anyway. + * */ -static SECStatus -getNameExtensionsBuiltIn(CERTCertificate *cert, - SECItem *extensions) +#define STRING_TO_SECITEM(str) \ +{ siBuffer, (unsigned char*) str, sizeof(str) - 1 } + +#define NAME_CONSTRAINTS_ENTRY(CA) \ + { \ + STRING_TO_SECITEM(CA ## _SUBJECT_DN), \ + STRING_TO_SECITEM(CA ## _NAME_CONSTRAINTS) \ + } + +/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */ + +#define ANSSI_SUBJECT_DN \ + "\x30\x81\x85" \ + "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR" /* C */ \ + "\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" "France" /* ST */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" "Paris" /* L */ \ + "\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" "PM/SGDN" /* O */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" "DCSSI" /* OU */ \ + "\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" "IGC/A" /* CN */ \ + "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" \ + "\x16\x14" "igca@sgdn.pm.gouv.fr" /* emailAddress */ \ + +#define ANSSI_NAME_CONSTRAINTS \ + "\x30\x5D\xA0\x5B" \ + "\x30\x05\x82\x03" ".fr" \ + "\x30\x05\x82\x03" ".gp" \ + "\x30\x05\x82\x03" ".gf" \ + "\x30\x05\x82\x03" ".mq" \ + "\x30\x05\x82\x03" ".re" \ + "\x30\x05\x82\x03" ".yt" \ + "\x30\x05\x82\x03" ".pm" \ + "\x30\x05\x82\x03" ".bl" \ + "\x30\x05\x82\x03" ".mf" \ + "\x30\x05\x82\x03" ".wf" \ + "\x30\x05\x82\x03" ".pf" \ + "\x30\x05\x82\x03" ".nc" \ + "\x30\x05\x82\x03" ".tf" \ + +static const SECItem builtInNameConstraints[][2] = { + NAME_CONSTRAINTS_ENTRY(ANSSI) +}; + +SECStatus +CERT_GetImposedNameConstraints(const SECItem *derSubject, + SECItem *extensions) { - const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/ - "\xA0\x5B" /* element len =91 */ - "\x30\x05" /* sequence len 5 */ - "\x82\x03" /* entry len 3 */ - ".fr" - "\x30\x05\x82\x03" /* sequence len5, entry len 3 */ - ".gp" - "\x30\x05\x82\x03" - ".gf" - "\x30\x05\x82\x03" - ".mq" - "\x30\x05\x82\x03" - ".re" - "\x30\x05\x82\x03" - ".yt" - "\x30\x05\x82\x03" - ".pm" - "\x30\x05\x82\x03" - ".bl" - "\x30\x05\x82\x03" - ".mf" - "\x30\x05\x82\x03" - ".wf" - "\x30\x05\x82\x03" - ".pf" - "\x30\x05\x82\x03" - ".nc" - "\x30\x05\x82\x03" - ".tf"; + size_t i; - /* The stringified value for the subject is: - E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR - */ - const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04" - "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03" - "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65" - "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" - "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03" - "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44" - "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13" - "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06" - "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41" - "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7" - "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40" - "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75" - "\x76\x2E\x66\x72"; + if (!extensions) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } - const SECItem anssi_subject = {0, (unsigned char *) rawANSSISubject, - sizeof(rawANSSISubject)-1}; - const SECItem permitFranceGovNC = {0, (unsigned char *) constraintFranceGov, - sizeof(constraintFranceGov)-1}; + for (i = 0; i < PR_ARRAY_SIZE(builtInNameConstraints); ++i) { + if (SECITEM_ItemsAreEqual(derSubject, &builtInNameConstraints[i][0])) { + return SECITEM_CopyItem(NULL, + extensions, + &builtInNameConstraints[i][1]); + } + } - if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) { - SECStatus rv; - rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC); - return rv; - } - PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); - return SECFailure; + PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); + return SECFailure; } -/* Extract the name constraints extension from the CA cert. */ +/* + * Extract the name constraints extension from the CA cert. + * If the certificate contains no name constraints extension, but + * CERT_GetImposedNameConstraints returns a name constraints extension + * for the subject of the certificate, then that extension will be returned. + */ SECStatus CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert, @@ -1643,7 +1665,8 @@ CERT_FindNameConstraintsExten(PLArenaPool *arena, if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) { return rv; } - rv = getNameExtensionsBuiltIn(cert, &constraintsExtension); + rv = CERT_GetImposedNameConstraints(&cert->derSubject, + &constraintsExtension); if (rv != SECSuccess) { if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { return SECSuccess; diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index a0ce7b20..baa75470 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION "2.1" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 4 +#define NSS_BUILTINS_LIBRARY_VERSION "2.4" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/dbm/db.c b/security/nss/lib/ckfw/dbm/db.c index 7880afbe..8d0a6cba 100644 --- a/security/nss/lib/ckfw/dbm/db.c +++ b/security/nss/lib/ckfw/dbm/db.c @@ -137,7 +137,8 @@ nss_dbm_db_set_label /* Locked region */ { - if( CKR_OK != NSSCKFWMutex_Lock(db->crustylock) ) { + rv = NSSCKFWMutex_Lock(db->crustylock); + if( CKR_OK != rv ) { return rv; } diff --git a/security/nss/lib/ckfw/nssmkey/mobject.c b/security/nss/lib/ckfw/nssmkey/mobject.c index 36867db3..2013e7e9 100644 --- a/security/nss/lib/ckfw/nssmkey/mobject.c +++ b/security/nss/lib/ckfw/nssmkey/mobject.c @@ -1880,7 +1880,7 @@ nss_ckmk_CreateObject ) { CK_OBJECT_CLASS objClass; - ckmkInternalObject *io; + ckmkInternalObject *io = NULL; CK_BBOOL isToken; /* diff --git a/security/nss/lib/freebl/ecl/README b/security/nss/lib/freebl/ecl/README index b4c92400..f086cdef 100644 --- a/security/nss/lib/freebl/ecl/README +++ b/security/nss/lib/freebl/ecl/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the elliptic curve math library. - -The Initial Developer of the Original Code is Sun Microsystems, Inc. -Portions created by Sun Microsystems, Inc. are Copyright (C) 2003 -Sun Microsystems, Inc. All Rights Reserved. - -Contributor(s): - Stephen Fung and - Douglas Stebila , Sun Microsystems Laboratories - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. The ECL exposes routines for constructing and converting curve parameters for internal use. diff --git a/security/nss/lib/freebl/mpi/README b/security/nss/lib/freebl/mpi/README index 156356bc..fc6c5e10 100644 --- a/security/nss/lib/freebl/mpi/README +++ b/security/nss/lib/freebl/mpi/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger -Portions created by the Initial Developer are Copyright (C) 1997-2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. About the MPI Library --------------------- diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c index 4b5c5498..d619360a 100644 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ b/security/nss/lib/freebl/mpi/mpmontg.c @@ -883,8 +883,8 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, int expOff; mp_int accum1, accum2, accum[WEAVE_WORD_SIZE]; mp_int tmp; - unsigned char *powersArray; - unsigned char *powers; + unsigned char *powersArray = NULL; + unsigned char *powers = NULL; MP_DIGITS(&accum1) = 0; MP_DIGITS(&accum2) = 0; @@ -894,15 +894,6 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_DIGITS(&accum[3]) = 0; MP_DIGITS(&tmp) = 0; - powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1)); - if (powersArray == NULL) { - res = MP_MEM; - goto CLEANUP; - } - - /* powers[i] = base ** (i); */ - powers = (unsigned char *)MP_ALIGN(powersArray,num_powers); - /* grab the first window value. This allows us to preload accumulator1 * and save a conversion, some squares and a multiple*/ MP_CHECKOK( mpl_get_bits(exponent, @@ -911,7 +902,6 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) ); MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) ); - MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) ); /* build the first WEAVE_WORD powers inline */ /* if WEAVE_WORD_SIZE is not 4, this code will have to change */ @@ -925,6 +915,13 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, MP_CHECKOK( mp_copy(montBase, &accum[1]) ); SQR(montBase, &accum[2]); MUL_NOWEAVE(montBase, &accum[2], &accum[3]); + powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1)); + if (!powersArray) { + res = MP_MEM; + goto CLEANUP; + } + /* powers[i] = base ** (i); */ \ + powers = (unsigned char *)MP_ALIGN(powersArray,num_powers); \ MP_CHECKOK( mpi_to_weave(accum, powers, nLen, num_powers) ); if (first_window < 4) { MP_CHECKOK( mp_copy(&accum[first_window], &accum1) ); @@ -946,7 +943,10 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, * odd powers where k is the window size in the two other mp_modexpt * implementations in this file. We will get some of that * back by not needing the first 'k' squares and one multiply for the - * first window */ + * first window. + * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if + * num_powers > 2, in which case powers will have been allocated. + */ for (i = WEAVE_WORD_SIZE; i < num_powers; i++) { int acc_index = i & (WEAVE_WORD_SIZE-1); /* i % WEAVE_WORD_SIZE */ if ( i & 1 ) { @@ -993,6 +993,11 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase, pa1 = &accum1; pa2 = &accum2; + /* tmp is not used if window_bits == 1. */ + if (window_bits != 1) { + MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) ); + } + for (expOff = bits_in_exponent - window_bits*2; expOff >= 0; expOff -= window_bits) { mp_size smallExp; MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) ); diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL index d1f78f52..41dc2327 100644 --- a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL +++ b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL @@ -1,35 +1,3 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape security libraries. - -The Initial Developer of the Original Code is Netscape -Communications Corporation. Portions created by Netscape are -Copyright (C) 1994-2000 Netscape Communications Corporation. All -Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/lib/freebl/mpi/utils/README b/security/nss/lib/freebl/mpi/utils/README index f2e926c2..61c8e2ef 100644 --- a/security/nss/lib/freebl/mpi/utils/README +++ b/security/nss/lib/freebl/mpi/utils/README @@ -1,39 +1,6 @@ -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the MPI Arbitrary Precision Integer Arithmetic -library. - -The Initial Developer of the Original Code is -Michael J. Fromberger -Portions created by the Initial Developer are Copyright (C) 1998, 2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. Additional MPI utilities ------------------------ diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index c9910e7a..d3fea945 100644 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -1093,7 +1093,6 @@ PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0), PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0), PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0), PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0), -PKIX_ERRORENTRY(X500NAMETOSTRINGHELPERFAILED,pkix_pl_X500Name_ToString_Helper failed,0), PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0), PKIX_ERRORENTRY(INVALIDOCSPHTTPMETHOD,Unsupported HTTP Method for OCSP retrieval,0), PKIX_ERRORENTRY(OCSPGETREQUESTTOOBIG,OCSP request too big for HTTP GET method,0) diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h index 9f65a844..18a10cd2 100644 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ b/security/nss/lib/libpkix/include/pkix_revchecker.h @@ -117,7 +117,7 @@ PKIX_RevocationChecker_Create( * "methodFlags" * Set of flags for the method. * "methodPriority" - * Method priority. (0 corresponds to a highest priority) + * Method priority. (0 corresponds to the highest priority) * "verificationFn" * User call back function that will perform validation of fetched * revocation information(new crl or ocsp response) @@ -143,7 +143,7 @@ PKIX_RevocationChecker_CreateAndAddMethod( PKIX_ProcessingParams *params, PKIX_RevocationMethodType methodType, PKIX_UInt32 methodFlags, - PKIX_UInt32 mathodPriority, + PKIX_UInt32 methodPriority, PKIX_PL_VerifyCallback verificationFn, PKIX_Boolean isLeafMethod, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c index d1499a7d..ebe37739 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -137,7 +137,7 @@ pkix_RevocationChecker_RegisterSelf(void *plContext) PKIX_RETURN(REVOCATIONCHECKER); } -/* Sort methods by theirs priorities */ +/* Sort methods by their priorities (lower priority = higher preference) */ static PKIX_Error * pkix_RevocationChecker_SortComparator( PKIX_PL_Object *obj1, @@ -152,7 +152,13 @@ pkix_RevocationChecker_SortComparator( method1 = (pkix_RevocationMethod *)obj1; method2 = (pkix_RevocationMethod *)obj2; - *pResult = (method1->priority > method2->priority); + if (method1->priority < method2->priority) { + *pResult = -1; + } else if (method1->priority > method2->priority) { + *pResult = 1; + } else { + *pResult = 0; + } PKIX_RETURN(BUILD); } diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 32e45255..19322373 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -48,8 +48,9 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with - * a set of flags on the method, a priority of the method, and - * method local/external checker functions. */ + * a set of flags on the method, a priority of the method (0 + * corresponds to the highest priority), and method local/external + * checker functions. */ struct pkix_RevocationMethodStruct { PKIX_RevocationMethodType methodType; PKIX_UInt32 flags; diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 0fd4fadc..9ca307e4 100644 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -660,9 +660,11 @@ pkix_ForwardBuilderState_IsIOPending( * DESCRIPTION: * * This Function takes two Certificates cast in "obj1" and "obj2", - * compares their validity NotAfter dates and returns the result at - * "pResult". The comparison key(s) can be expanded by using other - * data in the Certificate in the future. + * compares them to determine which is a more preferable certificate + * for chain building. This Function is suitable for use as a + * comparator callback for pkix_List_BubbleSort, setting "*pResult" to + * > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1" + * is more desirable than "obj2". * * PARAMETERS: * "obj1" @@ -691,14 +693,14 @@ pkix_Build_SortCertComparator( { PKIX_PL_Date *date1 = NULL; PKIX_PL_Date *date2 = NULL; - PKIX_Boolean result = PKIX_FALSE; + PKIX_Int32 result = 0; PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator"); PKIX_NULLCHECK_THREE(obj1, obj2, pResult); /* * For sorting candidate certificates, we use NotAfter date as the - * sorted key for now (can be expanded if desired in the future). + * comparison key for now (can be expanded if desired in the future). * * In PKIX_BuildChain, the List of CertStores was reordered so that * trusted CertStores are ahead of untrusted CertStores. That sort, or @@ -727,7 +729,12 @@ pkix_Build_SortCertComparator( plContext), PKIX_OBJECTCOMPARATORFAILED); - *pResult = !result; + /* + * Invert the result, so that if date1 is greater than date2, + * obj1 is sorted before obj2. This is because pkix_List_BubbleSort + * sorts in ascending order. + */ + *pResult = -result; cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index 69715154..d459a4a7 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -1132,8 +1132,6 @@ pkix_pl_HttpDefaultClient_KeepAliveSession( PRPollDesc **pPollDesc, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_KeepAliveSession"); @@ -1145,8 +1143,6 @@ pkix_pl_HttpDefaultClient_KeepAliveSession( plContext), PKIX_SESSIONNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)session; - /* XXX Not implemented */ cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h index 62199920..49cd9d2c 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h @@ -45,4 +45,9 @@ pkix_pl_CrlDp_Create(const CRLDistributionPoint *dp, const CERTName *certIssuerName, pkix_pl_CrlDp **pPkixDP, void *plContext); + +#ifdef __cplusplus +} +#endif + #endif /* _PKIX_PL_CRLDP_H */ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c index 48d810fe..2dfe9a9c 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c @@ -211,7 +211,6 @@ pkix_pl_PublicKey_Hashcode( PKIX_UInt32 algOIDHash; PKIX_UInt32 algParamsHash; PKIX_UInt32 pubKeyHash; - PKIX_UInt32 fullHash; PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Hashcode"); PKIX_NULLCHECK_TWO(object, pHashcode); @@ -239,8 +238,6 @@ pkix_pl_PublicKey_Hashcode( (nssPubKey.data, nssPubKey.len, &pubKeyHash, plContext), PKIX_HASHFAILED); - fullHash = algOIDHash + algParamsHash + pubKeyHash; - *pHashcode = pubKeyHash; cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c index e5ca4724..e37439cf 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c @@ -12,61 +12,6 @@ /* --Private-X500Name-Functions------------------------------------- */ -/* - * FUNCTION: pkix_pl_X500Name_ToString_Helper - * DESCRIPTION: - * - * Helper function that creates a string representation of the X500Name - * pointed to by "name" and stores it at "pString". - * - * PARAMETERS - * "name" - * Address of X500Name whose string representation is desired. - * Must be non-NULL. - * "pString" - * Address where object pointer will be stored. Must be non-NULL. - * "plContext" - Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a X500Name Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_pl_X500Name_ToString_Helper( - PKIX_PL_X500Name *name, - PKIX_PL_String **pString, - void *plContext) -{ - CERTName *nssDN = NULL; - char *utf8String = NULL; - PKIX_UInt32 utf8Length; - - PKIX_ENTER(X500NAME, "pkix_pl_X500Name_ToString_Helper"); - PKIX_NULLCHECK_TWO(name, pString); - nssDN = &name->nssDN; - - /* this should really be called CERT_NameToUTF8 */ - utf8String = CERT_NameToAsciiInvertible(nssDN, CERT_N2A_INVERTIBLE); - if (!utf8String){ - PKIX_ERROR(PKIX_CERTNAMETOASCIIFAILED); - } - - PKIX_X500NAME_DEBUG("\t\tCalling PL_strlen).\n"); - utf8Length = PL_strlen(utf8String); - - PKIX_CHECK(PKIX_PL_String_Create - (PKIX_UTF8, utf8String, utf8Length, pString, plContext), - PKIX_STRINGCREATEFAILED); - -cleanup: - - PR_Free(utf8String); - - PKIX_RETURN(X500NAME); -} - /* * FUNCTION: pkix_pl_X500Name_Destroy * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 48bb2f22..fdc8a8a1 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1064,7 +1064,15 @@ PK11_PrivDecrypt; ;+}; ;+NSS_3.18 { # NSS 3.18 release ;+ global: -PK11_SetCertificateNickname; +__PK11_SetCertificateNickname; +SEC_CheckCrlTimes; +SEC_GetCrlTimes; +;+ local: +;+ *; +;+}; +;+NSS_3.18.1 { # NSS 3.18.1 release +;+ global: +CERT_GetImposedNameConstraints; ;+ local: ;+ *; ;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 6121563f..6bac8320 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,10 +33,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.17.2.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.18.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 17 -#define NSS_VPATCH 2 +#define NSS_VMINOR 18 +#define NSS_VPATCH 0 #define NSS_VBUILD 1 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index c4250c64..1bf8a7f5 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -293,13 +293,11 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, char * nickname = NULL; CERTCertificate *cert = NULL; CERTCertTrust *trust; - PRBool isFortezzaRootCA = PR_FALSE; - PRBool swapNickname = PR_FALSE; cert = pk11_fastCert(slot,certID,privateLabel, &nickname); if (cert == NULL) goto loser; - + if (nickname) { if (cert->nickname != NULL) { cert->dbnickname = cert->nickname; @@ -307,7 +305,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, cert->nickname = PORT_ArenaStrdup(cert->arena,nickname); PORT_Free(nickname); nickname = NULL; - swapNickname = PR_TRUE; } /* remember where this cert came from.... If we have just looked @@ -343,7 +340,6 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot,CK_OBJECT_HANDLE certID, * full trust on explicitly */ if (PK11_DoesMechanism(slot,CKM_KEA_KEY_DERIVE)) { trust->objectSigningFlags |= CERTDB_VALID_CA; - isFortezzaRootCA = PR_TRUE; } } if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) { @@ -2687,8 +2683,20 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg) return slotList; } +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ SECStatus -PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) +__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { @@ -2696,4 +2704,3 @@ PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } - diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index e15a286b..b7a7296b 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -1378,12 +1378,13 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) SECItem iv; SECStatus rv; - mech = (SECItem *) PORT_Alloc(sizeof(SECItem)); if (mech == NULL) return NULL; rv = SECSuccess; mech->type = siBuffer; + mech->data = NULL; + mech->len = 0; switch (type) { case CKM_RC4: case CKM_SEED_ECB: @@ -1396,8 +1397,6 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) case CKM_CAST_ECB: case CKM_CAST3_ECB: case CKM_CAST5_ECB: - mech->data = NULL; - mech->len = 0; break; case CKM_RC2_ECB: rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS)); @@ -1445,8 +1444,6 @@ pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen) return PK11_ParamFromIV(type,&iv); default: if (pk11_lookup(type)->iv == 0) { - mech->data = NULL; - mech->len = 0; break; } case CKM_SEED_CBC: diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index 709ce21e..d4565eb4 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -458,7 +458,20 @@ SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname); SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname); -SECStatus PK11_SetCertificateNickname(CERTCertificate *cert, + +/* + * Using __PK11_SetCertificateNickname is *DANGEROUS*. + * + * The API will update the NSS database, but it *will NOT* update the in-memory data. + * As a result, after calling this API, there will be INCONSISTENCY between + * in-memory data and the database. + * + * Use of the API should be limited to short-lived tools, which will exit immediately + * after using this API. + * + * If you ignore this warning, your process is TAINTED and will most likely misbehave. + */ +SECStatus __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname); /* size to hold key in bytes */ diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h index e05b030a..508f0a0d 100644 --- a/security/nss/lib/pkcs12/p12.h +++ b/security/nss/lib/pkcs12/p12.h @@ -36,14 +36,49 @@ typedef void (PR_CALLBACK * SEC_PKCS12DecoderOutputCallback)( * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate, * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. * See r1.35 of p12d.c ("Patch 2" in bug 321584). + * + * This callback might be called by SEC_PKCS12DecoderValidateBags each time + * a nickname collission is detected. The callback must return a new + * nickname. The returned SECItem should be of type siAsciiString, + * it should be allocated using: + * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) + * and data must contain the new nickname as a zero terminated string. */ typedef SECItem * (PR_CALLBACK * SEC_PKCS12NicknameCollisionCallback)( SECItem *old_nickname, PRBool *cancel, void *arg); - - - +/* + * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each + * certificate found in the p12 source data. + * + * cert: A decoded certificate. + * default_nickname: The nickname as found in the source data. + * Will be NULL if source data doesn't have nickname. + * new_nickname: Output parameter that may contain the renamed nickname. + * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames. + * + * If the callback accept that NSS will use a nickname based on the + * default_nickname (potentially resolving conflicts), then the callback + * must set *new_nickname to NULL. + * + * If the callback wishes to override the nickname, it must set *new_nickname + * to a new SECItem which should be allocated using + * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) + * new_nickname->type should be set to siAsciiString, and new_nickname->data + * must contain the new nickname as a zero terminated string. + * + * A return value of SECFailure indicates that the renaming operation failed, + * and callback should release new_nickname before returning if it's already + * being allocated. + * Otherwise, the callback function must return SECSuccess, including use + * default nickname as mentioned above. + */ +typedef SECStatus (PR_CALLBACK * SEC_PKCS12NicknameRenameCallback)( + const CERTCertificate *cert, + const SECItem *default_nickname, + SECItem **new_nickname, + void *arg); typedef SECStatus (PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData); typedef SECStatus (PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile); @@ -167,6 +202,26 @@ extern SECStatus SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, SEC_PKCS12NicknameCollisionCallback nicknameCb); +/* + * SEC_PKCS12DecoderRenameCertNicknames() can be used to change + * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling + * SEC_PKCS12DecoderImportBags. + * + * arg: User-defined data that will be passed to nicknameCb. + * + * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling + * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname + * will be changed. + * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling + * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags() + * will change the nickname of the corresponding private key, too. + */ +extern SECStatus +SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, + SEC_PKCS12NicknameRenameCallback nicknameCb, + void *arg); + + extern SECStatus SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx); diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 744c95aa..6a3a38c9 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -2795,6 +2795,64 @@ SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, return rv; } +SECStatus +SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, + SEC_PKCS12NicknameRenameCallback nicknameCb, + void *arg) +{ + int i; + sec_PKCS12SafeBag *safeBag; + CERTCertificate *cert; + SECStatus srv; + + if(!p12dcx || p12dcx->error || !p12dcx->safeBags || !nicknameCb) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + SECItem *newNickname = NULL; + SECItem *defaultNickname = NULL; + SECStatus rename_rv; + + if (SECOID_FindOIDTag(&(safeBag->safeBagType)) != + SEC_OID_PKCS12_V1_CERT_BAG_ID) { + continue; + } + + cert = CERT_DecodeDERCertificate( + &safeBag->safeBagContent.certBag->value.x509Cert, + PR_FALSE, NULL); + if (!cert) { + return SECFailure; + } + + defaultNickname = sec_pkcs12_get_nickname(safeBag); + rename_rv = (*nicknameCb)(cert, defaultNickname, &newNickname, arg); + + CERT_DestroyCertificate(cert); + + if (defaultNickname) { + SECITEM_ZfreeItem(defaultNickname, PR_TRUE); + defaultNickname = NULL; + } + + if (rename_rv != SECSuccess) { + return rename_rv; + } + + if (newNickname) { + srv = sec_pkcs12_set_nickname(safeBag, newNickname); + SECITEM_ZfreeItem(newNickname, PR_TRUE); + newNickname = NULL; + if (srv != SECSuccess) { + return SECFailure; + } + } + } + + return SECSuccess; +} static SECKEYPublicKey * sec_pkcs12_get_public_key_and_usage(sec_PKCS12SafeBag *certBag, diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c index 48ac3f58..b8aba646 100644 --- a/security/nss/lib/pkcs12/p12local.c +++ b/security/nss/lib/pkcs12/p12local.c @@ -928,7 +928,8 @@ sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest, return PR_FALSE; } - if((dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) { + if ((dest->len >= 2) && + (dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) { if(dest->len + 2 > 3 * src->len) { if(arena) { dest->data = (unsigned char*)PORT_ArenaGrow(arena, diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 6364eaf3..953d7380 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -247,27 +247,28 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) } NSS_IMPLEMENT PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial) { - SECStatus secrv; - SECItem derCert; + SECItem derCert = { 0 }; SECItem derIssuer = { 0 }; SECItem derSerial = { 0 }; - SECITEM_FROM_NSSITEM(&derCert, der); - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); + SECStatus secrv; + derCert.data = (unsigned char *)der->data; + derCert.len = der->size; + secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); if (secrv != SECSuccess) { return PR_FAILURE; } - (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); + secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); if (secrv != SECSuccess) { PORT_Free(derSerial.data); return PR_FAILURE; } - (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); - PORT_Free(derSerial.data); - PORT_Free(derIssuer.data); + issuer->data = derIssuer.data; + issuer->size = derIssuer.len; + serial->data = derSerial.data; + serial->size = derSerial.len; return PR_SUCCESS; } @@ -855,6 +856,8 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) CERTCertificate *cc = NULL; CERTCertTrust certTrust; + /* make sure object does not go away until we finish */ + nssPKIObject_AddRef(&c->object); nssPKIObject_Lock(&c->object); dc = c->decoding; @@ -904,6 +907,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) loser: nssPKIObject_Unlock(&c->object); + nssPKIObject_Destroy(&c->object); return cc; } @@ -1270,6 +1274,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) int failureCount = 0; /* actual deletion failures by devices */ int index; + nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); /* Keep going even if a module fails to delete. */ for (index = 0; index < tObject->numInstances; index++) { @@ -1303,6 +1308,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) } nssPKIObject_Unlock(tObject); + nssPKIObject_Destroy(tObject); return failureCount == 0 ? PR_SUCCESS : PR_FAILURE; } @@ -1329,6 +1335,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) * loop so that once it's failed the other gets set. */ NSSRWLock_LockRead(td->tokensLock); + nssPKIObject_AddRef(cobject); nssPKIObject_Lock(cobject); for (i = 0; i < cobject->numInstances; i++) { nssCryptokiObject *cInstance = cobject->instances[i]; @@ -1343,6 +1350,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) } } nssPKIObject_Unlock(cobject); + nssPKIObject_Destroy(cobject); NSSRWLock_UnlockRead(td->tokensLock); return nssrv; } diff --git a/security/nss/lib/pki/pki3hack.h b/security/nss/lib/pki/pki3hack.h index 6c74200b..39fab75a 100644 --- a/security/nss/lib/pki/pki3hack.h +++ b/security/nss/lib/pki/pki3hack.h @@ -77,7 +77,7 @@ NSS_EXTERN PRStatus STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust); NSS_EXTERN PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial); NSS_EXTERN char * diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c index 3bdf290c..15bb6586 100644 --- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -23,6 +23,7 @@ #endif /* PKISTORE_H */ #include "cert.h" +#include "pki3hack.h" #include "prbit.h" @@ -554,33 +555,6 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber ( return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - PORT_Free(derIssuer.data); - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - NSS_IMPLEMENT NSSCertificate * nssCertificateStore_FindCertificateByEncodedCertificate ( nssCertificateStore *store, @@ -590,7 +564,7 @@ nssCertificateStore_FindCertificateByEncodedCertificate ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert = NULL; - nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 0842d8b2..7842189c 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -391,6 +391,7 @@ remove_token_certs(const void *k, void *v, void *a) nssPKIObject *object = &c->object; struct token_cert_dtor *dtor = a; PRUint32 i; + nssPKIObject_AddRef(object); nssPKIObject_Lock(object); for (i=0; inumInstances; i++) { if (object->instances[i]->token == dtor->token) { @@ -409,6 +410,7 @@ remove_token_certs(const void *k, void *v, void *a) } } nssPKIObject_Unlock(object); + nssPKIObject_Destroy(object); return; } @@ -435,17 +437,21 @@ nssTrustDomain_RemoveTokenCertsFromCache ( dtor.numCerts = 0; dtor.arrSize = arrSize; PZ_Lock(td->cache->lock); - nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, (void *)&dtor); + nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor); for (i=0; iobject.numInstances == 0) { nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); dtor.certs[i] = NULL; /* skip this cert in the second for loop */ + } else { + /* make sure it doesn't disappear on us before we finish */ + nssCertificate_AddRef(dtor.certs[i]); } } PZ_Unlock(td->cache->lock); for (i=0; idata; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - /* * Look for a specific cert in the cache */ @@ -1084,7 +1064,7 @@ nssTrustDomain_GetCertByDERFromCache ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert; - nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index ec2086f1..a3d26a88 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -831,20 +831,16 @@ nssTrustDomain_FindCertificateByEncodedCertificate ( NSSCertificate *rvCert = NULL; NSSDER issuer = { 0 }; NSSDER serial = { 0 }; - NSSArena *arena = nssArena_Create(); - if (!arena) { - return (NSSCertificate *)NULL; - } /* XXX this is not generic... will any cert crack into issuer/serial? */ - status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial); + status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial); if (status != PR_SUCCESS) { - goto finish; + return NULL; } rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, &issuer, &serial); -finish: - nssArena_Destroy(arena); + PORT_Free(issuer.data); + PORT_Free(serial.data); return rvCert; } diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index a5e1a37d..900d6df6 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -279,3 +279,9 @@ NSS_CMSSignerInfo_Verify; ;+ local: ;+ *; ;+}; +;+NSS_3.18 { # NSS 3.18 release +;+ global: +SEC_PKCS12DecoderRenameCertNicknames; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 0a7d446b..90fa0cf2 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -437,10 +437,12 @@ smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts) */ key = CERT_ExtractPublicKey(rcerts[rcount]); pklen_bits = 0; + key_type = nullKey; if (key != NULL) { pklen_bits = SECKEY_PublicKeyStrengthInBits (key); key_type = SECKEY_GetPublicKeyType(key); SECKEY_DestroyPublicKey (key); + key = NULL; } if (key_type == ecKey) { diff --git a/security/nss/lib/softoken/config.mk b/security/nss/lib/softoken/config.mk index 5b860be0..24c41679 100644 --- a/security/nss/lib/softoken/config.mk +++ b/security/nss/lib/softoken/config.mk @@ -23,7 +23,7 @@ RESNAME = $(LIBRARY_NAME).rc # -l$(SQLITE_LIB_NAME) ifdef NS_USE_GCC EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ -L$(NSPR_LIB_DIR) \ @@ -36,7 +36,7 @@ else # ! NS_USE_GCC # $(DIST)/lib/$(SQLITE_LIB_NAME).lib EXTRA_SHARED_LIBS += \ - $(DIST)/lib/sqlite3.lib \ + $(SQLITE_LIB_DIR)/$(SQLITE_LIB_NAME).lib \ $(NSSUTIL_LIB_DIR)/nssutil3.lib \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ @@ -49,7 +49,7 @@ else # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ + -L$(SQLITE_LIB_DIR) \ -l$(SQLITE_LIB_NAME) \ -L$(NSSUTIL_LIB_DIR) \ -lnssutil3 \ diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 9435e71c..3cb6b794 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -720,13 +720,22 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject) { CK_OBJECT_CLASS * classptr; + CK_RV rv = CKR_OK; - SFTK_FIPSCHECK(); CHECK_FORK(); classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS); if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; + if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) { + if (sftk_fatalError) + return CKR_DEVICE_ERROR; + } else { + rv = sftk_fipsCheck(); + if (rv != CKR_OK) + return rv; + } + /* FIPS can't create keys from raw key material */ if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) { rv = CKR_ATTRIBUTE_VALUE_INVALID; diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index d976d576..c0949fec 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -319,8 +319,8 @@ do_xor(unsigned char *dest, unsigned char *src, int len) } static SECStatus -nsspkcs5_PBKFD2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, - int iterations, unsigned int i, unsigned char *T) +nsspkcs5_PBKDF2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt, + int iterations, unsigned int i, unsigned char *T) { int j; HMACContext *cx = NULL; @@ -393,7 +393,7 @@ nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param, } for (i=1,rp=result->data; i <= nblocks ; i++, rp +=hLen) { - rv = nsspkcs5_PBKFD2_F(hashobj,pwitem,salt,iterations,i,T); + rv = nsspkcs5_PBKDF2_F(hashobj, pwitem, salt, iterations, i, T); if (rv != SECSuccess) { break; } @@ -410,7 +410,7 @@ loser: } else { result->len = dkLen; } - + return result; } #endif diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 5379c766..0bb7c8ea 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -1691,8 +1691,6 @@ void sdb_SetForkState(PRBool forked) */ static const char INIT_CMD[] = "CREATE TABLE %s (id PRIMARY KEY UNIQUE ON CONFLICT ABORT%s)"; -static const char ALTER_CMD[] = - "ALTER TABLE %s ADD COLUMN a%x"; CK_RV sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate, diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index fd8ad58d..9e7b2c14 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,10 +25,10 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.17.2.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.18.0.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 17 -#define SOFTOKEN_VPATCH 2 +#define SOFTOKEN_VMINOR 18 +#define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index c6d1e0e5..7d26568f 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -904,7 +904,7 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion, if (peerVersion < ss->vrange.min || (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) { - PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); return SECFailure; } @@ -2788,6 +2788,12 @@ ssl3_SendRecord( sslSocket * ss, PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); + if (ss->ssl3.fatalAlertSent) { + SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); if (capRecordVersion) { @@ -3233,6 +3239,9 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc) ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; } + if (level == alert_fatal) { + ss->ssl3.fatalAlertSent = PR_TRUE; + } ssl_ReleaseXmitBufLock(ss); ssl_ReleaseSSL3HandshakeLock(ss); return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ @@ -4978,23 +4987,17 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } - /* TLS 1.0 (RFC 2246) Appendix E says: - * Whenever a client already knows the highest protocol known to - * a server (for example, when resuming a session), it should - * initiate the connection in that native protocol. - * So we pass sid->version to ssl3_NegotiateVersion() here, except - * when renegotiating. - * - * Windows SChannel compares the client_version inside the RSA - * EncryptedPreMasterSecret of a renegotiation with the - * client_version of the initial ClientHello rather than the - * ClientHello in the renegotiation. To work around this bug, we - * continue to use the client_version used in the initial - * ClientHello when renegotiating. - */ if (sidOK) { + /* Set ss->version based on the session cache */ if (ss->firstHsDone) { /* + * Windows SChannel compares the client_version inside the RSA + * EncryptedPreMasterSecret of a renegotiation with the + * client_version of the initial ClientHello rather than the + * ClientHello in the renegotiation. To work around this bug, we + * continue to use the client_version used in the initial + * ClientHello when renegotiating. + * * The client_version of the initial ClientHello is still * available in ss->clientHelloVersion. Ensure that * sid->version is bounded within @@ -5008,10 +5011,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } } else { - if (ssl3_NegotiateVersion(ss, sid->version, - PR_FALSE) != SECSuccess) { + /* + * Check sid->version is OK first. + * Previously, we would cap the version based on sid->version, + * but that prevents negotiation of a higher version if the + * previous session was reduced (e.g., with version fallback) + */ + if (sid->version < ss->vrange.min || + sid->version > ss->vrange.max) { sidOK = PR_FALSE; - } + } else { + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); + if (rv != SECSuccess) { + return rv; /* error code was set */ + } + } } } @@ -6287,7 +6302,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); @@ -7699,7 +7714,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } @@ -8472,8 +8487,9 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) rv = ssl3_NegotiateVersion(ss, version, PR_TRUE); if (rv != SECSuccess) { /* send back which ever alert client will understand. */ - desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version : handshake_failure; - errCode = SSL_ERROR_NO_CYPHER_OVERLAP; + desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version + : handshake_failure; + errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } @@ -8743,11 +8759,11 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, unsigned int i, j; /* hashPreference expresses our preferences for hash algorithms, most * preferable first. */ - static const PRUint8 hashPreference[] = { - tls_hash_sha256, - tls_hash_sha384, - tls_hash_sha512, - tls_hash_sha1, + static const SECOidTag hashPreference[] = { + SEC_OID_SHA256, + SEC_OID_SHA384, + SEC_OID_SHA512, + SEC_OID_SHA1, }; switch (ss->ssl3.hs.kea_def->kea) { diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 555c89dc..aca2b74d 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -1184,8 +1185,7 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + return ssl3_DecodeError(ss); } for (i = data->len; --i > 0; ) { if (data->data[i] == 0) { @@ -1196,10 +1196,10 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, return rv; } } -loser: + /* evil client doesn't support uncompressed */ ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } @@ -1220,7 +1220,7 @@ ECName ssl3_GetSvrCertCurveName(sslSocket *ss) return ec_curve; } -/* Ensure that the curve in our server cert is one of the ones suppored +/* Ensure that the curve in our server cert is one of the ones supported * by the remote client, and disable all ECC cipher suites if not. */ SECStatus @@ -1231,26 +1231,34 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 mutualCurves = 0; PRUint16 svrCertCurveName; - if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + if (!data->data || data->len < 4) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + (void)ssl3_DecodeError(ss); + return SECFailure; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name < 0) { + return SECFailure; /* fatal alert already sent */ + } if (curve_name > ec_noName && curve_name < ec_pastLastName) { peerCurves |= (1U << curve_name); } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; - if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + if (!mutualCurves) { + /* no mutually supported EC Curves, disable ECC */ + ssl3_DisableECCSuites(ss, ecSuites); + return SECSuccess; } /* if our ECC cert doesn't use one of these supported curves, @@ -1266,12 +1274,7 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); - return SECFailure; - -loser: - /* no common curve supported */ - ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } #endif /* NSS_DISABLE_ECC */ diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 247f1f8f..6965a6df 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -64,10 +65,14 @@ static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); -static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, @@ -247,7 +252,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, @@ -263,7 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } }; @@ -290,7 +295,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, @@ -398,13 +403,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRInt32 listLenBytes = 0; if (!ss->sec.isServer) { - /* Verify extension_data is empty. */ - if (data->data || data->len || - !ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { - /* malformed or was not initiated by the client.*/ - return SECFailure; - } - return SECSuccess; + return SECSuccess; /* ignore extension */ } /* Server side - consume client data and register server sender. */ @@ -414,33 +413,38 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes == 0 || listLenBytes != data->len) { + if (listLenBytes < 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); return SECFailure; } + if (listLenBytes == 0) { + return SECSuccess; /* ignore an empty extension */ + } ldata = *data; /* Calculate the size of the array.*/ while (listLenBytes > 0) { SECItem litem; SECStatus rv; - PRInt32 type; - /* Name Type (sni_host_name) */ + PRInt32 type; + /* Skip Name Type (sni_host_name); checks are on the second pass */ type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); - if (!ldata.len) { + if (type < 0) { /* i.e., SECFailure cast to PRint32 */ return SECFailure; } rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len); if (rv != SECSuccess) { - return SECFailure; + return rv; } - /* Adjust total length for cunsumed item, item len and type.*/ + /* Adjust total length for consumed item, item len and type.*/ listLenBytes -= litem.len + 3; if (listLenBytes > 0 && !ldata.len) { + (void)ssl3_DecodeError(ss); return SECFailure; } listCount += 1; } if (!listCount) { - return SECFailure; + return SECFailure; /* nothing we can act on */ } names = PORT_ZNewArray(SECItem, listCount); if (!names) { @@ -455,6 +459,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { + /* TODO bug 998524: .type is not assigned a value */ if (names[j].type == type) { nametypePresent = PR_TRUE; break; @@ -464,7 +469,10 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2, &data->data, &data->len); if (rv != SECSuccess) { - goto loser; + PORT_Assert(0); + PORT_Free(names); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return rv; } if (nametypePresent == PR_FALSE) { namesPos += 1; @@ -479,10 +487,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn; return SECSuccess; - -loser: - PORT_Free(names); - return SECFailure; } /* Called by both clients and servers. @@ -603,17 +607,11 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) * store protocol identifiers in null-terminated strings. */ if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } offset = newOffset; } - if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - return SECSuccess; } @@ -626,34 +624,41 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem result = { siBuffer, resultBuffer, 0 }; rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) + if (rv != SECSuccess) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return rv; + } PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); - if (rv != SECSuccess) - return rv; - /* If the callback wrote more than allowed to |result| it has corrupted our - * stack. */ - if (result.len > sizeof resultBuffer) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); + result.data, &result.len, sizeof(resultBuffer)); + if (rv != SECSuccess) { + /* Expect callback to call PORT_SetError() */ + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } + /* If the callback wrote more than allowed to |result| it has corrupted our + * stack. */ + if (result.len > sizeof(resultBuffer)) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + /* TODO: crash */ + return SECFailure; + } + + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + if (ex_type == ssl_app_layer_protocol_xtn && ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { - /* The callback might say OK, but then it's picked a default. - * That's OK for NPN, but not ALPN. */ - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + /* The callback might say OK, but then it picks a default value - one + * that was not listed. That's OK for NPN, but not ALPN. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } @@ -669,17 +674,16 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } - /* unlike NPN, ALPN has extra redundant length information so that - * the extension is the same in both ClientHello and ServerHello */ + /* Unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello. */ count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (count < 0) { - return SECFailure; /* fatal alert was sent */ - } if (count != data->len) { - return ssl3_DecodeError(ss); + (void)ssl3_DecodeError(ss); + return SECFailure; } if (!ss->nextProtoCallback) { @@ -694,8 +698,13 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* prepare to send back a response, if we negotiated */ if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { - return ssl3_RegisterServerHelloExtensionSender( + rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return rv; + } } return SECSuccess; } @@ -713,7 +722,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SSL_ERROR_BAD_SERVER); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } @@ -722,7 +732,9 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * that an application erroneously cleared the callback between the time * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { + PORT_Assert(0); PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } @@ -732,8 +744,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - const unsigned char* d = data->data; - PRUint16 name_list_len; + SECStatus rv; + PRInt32 list_len; SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { @@ -743,22 +755,30 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* The extension data from the server has the following format: * uint16 name_list_len; - * uint8 len; + * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); - if (name_list_len != data->len - 2 || d[2] != data->len - 3) { + list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + /* The list has to be the entire extension. */ + if (list_len != data->len) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - protocol_name.data = data->data + 3; - protocol_name.len = data->len - 3; + rv = ssl3_ConsumeHandshakeVariable(ss, &protocol_name, 1, + &data->data, &data->len); + /* The list must have exactly one value. */ + if (rv != SECSuccess || data->len != 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + return SECFailure; + } SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; @@ -914,8 +934,9 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { /* The echoed extension must be empty. */ - if (data->len != 0) - return SECFailure; + if (data->len != 0) { + return SECSuccess; /* Ignore the extension. */ + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1365,8 +1386,9 @@ SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - if (data->len != 0) - return SECFailure; + if (data->len != 0) { + return SECSuccess; /* Ignore the extension. */ + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1384,8 +1406,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SSL3Statistics *ssl3stats; /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTickets) + if (!ss->opt.enableSessionTickets) { return SECSuccess; + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1443,8 +1466,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, extension_data.len = data->len; if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + != SECSuccess) { + return SECSuccess; /* Pretend it isn't there */ + } /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS @@ -1872,18 +1896,22 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) /* get the data for this extension, so we can pass it or skip it. */ rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); if (rv != SECSuccess) - return rv; + return rv; /* alert already sent */ /* Check whether the server sent an extension which was not advertised * in the ClientHello. */ if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + !ssl3_ClientExtensionAdvertised(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension); + return SECFailure; + } /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) + if (ssl3_ExtensionNegotiated(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; + } /* find extension_type in table of Hello Extension Handlers */ for (handler = handlers; handler->ex_type >= 0; handler++) { @@ -1891,9 +1919,13 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) if (handler->ex_type == extension_type) { rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; + if (rv != SECSuccess) { + if (!ss->ssl3.fatalAlertSent) { + /* send a generic alert if the handler didn't already */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + } + return SECFailure; + } } } } @@ -2025,13 +2057,14 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes : ss->ssl3.hs.finishedBytes * 2; } - if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + if (data->len != 1 + len || data->data[0] != len ) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len)) { PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2040,13 +2073,13 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->sec.isServer) { /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + ssl3_SendRenegotiationInfoXtn); } return rv; } static PRInt32 -ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRUint32 ext_data_len; PRInt16 i; @@ -2055,65 +2088,139 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) if (!ss) return 0; - if (!ss->sec.isServer) { - /* Client side */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } - - return 4 + ext_data_len; - } - - /* Server side */ - if (append && maxBytes >= 9) { + if (append && maxBytes >= 4 + ext_data_len) { /* Extension type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); if (rv != SECSuccess) return -1; /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); if (rv != SECSuccess) return -1; /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } /* Empty MKI value */ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; } + return 4 + ext_data_len; +} + +static PRInt32 +ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +{ + SECStatus rv; + + /* Server side */ + if (!append || maxBytes < 9) { + return 9; + } + + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + return 9; } static SECStatus -ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +{ + SECStatus rv; + SECItem ciphers = {siBuffer, NULL, 0}; + PRUint16 i; + PRUint16 cipher = 0; + PRBool found = PR_FALSE; + SECItem litem; + + if (!data->data || !data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* fatal alert already sent */ + } + /* Now check that the server has picked just 1 (i.e., len = 2) */ + if (ciphers.len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; + } + } + + if (!found) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } + + /* Get the srtp_mki value */ + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* alert already sent */ + } + + /* We didn't offer an MKI, so this must be 0 length */ + if (litem.len != 0) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } + + /* extra trailing bytes */ + if (data->len != 0) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; +} + +static SECStatus +ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; SECItem ciphers = {siBuffer, NULL, 0}; @@ -2123,74 +2230,6 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRBool found = PR_FALSE; SECItem litem; - if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { - /* malformed */ - return SECFailure; - } - - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } - - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } - - if (!found) { - return SECFailure; - } - - /* Get the srtp_mki value */ - rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } - - if (data->len != 0) { - /* malformed */ - return SECFailure; - } - - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; - } - - /* Server side */ if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP * preferences have been set. */ @@ -2198,7 +2237,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!data->data || data->len < 5) { - /* malformed */ + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2206,10 +2245,11 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; /* alert already sent */ } /* Check that the list is even length */ if (ciphers.len % 2) { + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2232,12 +2272,13 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (data->len != 0) { - return SECFailure; /* Malformed */ + (void)ssl3_DecodeError(ss); /* trailing bytes */ + return SECFailure; } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ + /* No matching ciphers, pretend we don't support use_srtp */ return SECSuccess; } @@ -2246,7 +2287,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_ServerSendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2258,16 +2299,13 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; SECItem algorithms; const unsigned char *b; - unsigned int numAlgorithms, i; + unsigned int numAlgorithms, i, j; /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return SECSuccess; } - /* Keep track of negotiated extensions. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, &data->len); if (rv != SECSuccess) { @@ -2276,6 +2314,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } @@ -2289,12 +2328,14 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; - for (i = 0; i < numAlgorithms; i++) { + for (i = j = 0; i < numAlgorithms; i++) { unsigned char tls_hash = *(b++); unsigned char tls_sig = *(b++); SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); @@ -2305,9 +2346,10 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* tls_sig support will be checked later in * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[i].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[i].sigAlg = tls_sig; - ss->ssl3.hs.numClientSigAndHash++; + ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig; + ++j; + ++ss->ssl3.hs.numClientSigAndHash; } if (!ss->ssl3.hs.numClientSigAndHash) { @@ -2317,6 +2359,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = NULL; } + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; return SECSuccess; } @@ -2480,41 +2524,32 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } - if (data->len != 2) - goto loser; + if (data->len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } /* Get the draft version out of the handshake */ draft_version = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (draft_version < 0) { - goto loser; + return SECFailure; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - /* Compare the version */ if (draft_version != TLS_1_3_DRAFT_VERSION) { + /* + * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. + * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back + * here. Need to double-check. + */ SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), " "expected %d", SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION)); - goto loser; + ss->version = SSL_LIBRARY_VERSION_TLS_1_2; } - return SECSuccess; - -loser: - /* - * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. - * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back - * here. Need to double-check. - * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions. - * because SECFailure does not cause handshake failures. See bug - * 753136. - */ - SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd)); - ss->version = SSL_LIBRARY_VERSION_TLS_1_2; - return SECSuccess; } - diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 858ae0cc..896d05a1 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -981,6 +981,7 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ + PRBool fatalAlertSent; }; #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index dfa7a2c7..90bc4572 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -90,12 +90,12 @@ static sslOptions ssl_defaults = { */ static SSLVersionRange versions_defaults_stream = { SSL_LIBRARY_VERSION_3_0, - SSL_LIBRARY_VERSION_TLS_1_0 + SSL_LIBRARY_VERSION_TLS_1_2 }; static SSLVersionRange versions_defaults_datagram = { SSL_LIBRARY_VERSION_TLS_1_1, - SSL_LIBRARY_VERSION_TLS_1_1 + SSL_LIBRARY_VERSION_TLS_1_2 }; #define VERSIONS_DEFAULTS(variant) \ diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 34efdea0..effeaacc 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.17.2.1" +#define NSSUTIL_VERSION "3.18.0.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 17 -#define NSSUTIL_VPATCH 2 +#define NSSUTIL_VMINOR 18 +#define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/pkg/solaris/common_files/copyright b/security/nss/pkg/solaris/common_files/copyright index 988939bb..c5534908 100644 --- a/security/nss/pkg/solaris/common_files/copyright +++ b/security/nss/pkg/solaris/common_files/copyright @@ -1,38 +1,6 @@ Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this package are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this package except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is the Netscape Portable Runtime (NSPR). - -The Initial Developer of the Original Code is -Netscape Communications Corporation. -Portions created by the Initial Developer are Copyright (C) 1998-2000 -the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index c0d2ba91..a92ac938 100644 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -301,7 +301,7 @@ fi # following test for modutil should check for that instead. # Exception: when building softoken only, shlibsign is the # last file created. -if [ ${NSS_BUILD_SOFTOKEN_ONLY} -eq "1" ]; then +if [ "${NSS_BUILD_SOFTOKEN_ONLY}" = "1" ]; then LAST_FILE_BUILT=shlibsign else LAST_FILE_BUILT=modutil diff --git a/security/nss/tests/chains/scenarios/realcerts.cfg b/security/nss/tests/chains/scenarios/realcerts.cfg index 38e2ae2b..d2a8c714 100644 --- a/security/nss/tests/chains/scenarios/realcerts.cfg +++ b/security/nss/tests/chains/scenarios/realcerts.cfg @@ -21,7 +21,7 @@ verify TestUser51:x result pass verify PayPalEE:x - policy OID.2.16.840.1.113733.1.7.23.6 + policy OID.2.16.840.1.114412.1.1 result pass verify BrAirWaysBadSig:x diff --git a/security/nss/tests/chains/scenarios/scenarios b/security/nss/tests/chains/scenarios/scenarios index 3a704754..d26c3f92 100644 --- a/security/nss/tests/chains/scenarios/scenarios +++ b/security/nss/tests/chains/scenarios/scenarios @@ -1,47 +1,6 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Network Security Services (NSS) -# -# The Initial Developer of the Original Code is Sun Microsystems, Inc. -# Portions created by the Initial Developer are Copyright (C) 2009 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# Slavomir Katuscak , Sun Microsystems -# Ryan Sleevi , Google -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -# -# Scenario ocspd.cfg will always be processed first, -# regardless of its presence in this list. -# -# Scenario method.cfg will always be processed, regardless of its presence -# in this list, and will be processed twice, once with httpserv -O get -# and once with -O post. Because method.cfg will be executed with both -# classic and libpkix engines, it must not contain any policy checks. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. # bridge.cfg megabridge_3_2.cfg diff --git a/security/nss/tests/cipher/cipher.sh b/security/nss/tests/cipher/cipher.sh index 12e78e18..1d2561d9 100644 --- a/security/nss/tests/cipher/cipher.sh +++ b/security/nss/tests/cipher/cipher.sh @@ -124,7 +124,7 @@ cipher_cleanup() # built and the cipher suite run as part of an nss-softoken build. if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then echo "bltest not built, skipping this test." >> ${LOGFILE} - res = 0 + res=0 html_msg $res $EXP_RET "$TESTNAME" return 0 fi diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index b3d44b03..08ac583b 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -225,7 +225,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then } html_msg() { - if [ "$1" -ne "$2" ] ; then + if [ $1 -ne $2 ] ; then html_failed "$3" "$4" else html_passed "$3" "$4" diff --git a/security/nss/tests/dbtests/dbtests.sh b/security/nss/tests/dbtests/dbtests.sh index b09a2bad..7b1ee351 100644 --- a/security/nss/tests/dbtests/dbtests.sh +++ b/security/nss/tests/dbtests/dbtests.sh @@ -168,19 +168,29 @@ dbtest_main() cat $RONLY_DIR/* > /dev/null fi - ${BINDIR}/dbtest -d $RONLY_DIR + # skipping the next two tests when user is root, + # otherwise they would fail due to rooty powers + if [ $UID -ne 0 ]; then + ${BINDIR}/dbtest -d $RONLY_DIR ret=$? if [ $ret -ne 46 ]; then - html_failed "Dbtest r/w succeeded in an readonly directory $ret" + html_failed "Dbtest r/w succeeded in a readonly directory $ret" else html_passed "Dbtest r/w didn't work in an readonly dir $ret" fi - ${BINDIR}/certutil -D -n "TestUser" -d . + else + html_passed "Skipping Dbtest r/w in a readonly dir because user is root" + fi + if [ $UID -ne 0 ]; then + ${BINDIR}/certutil -D -n "TestUser" -d . ret=$? if [ $ret -ne 255 ]; then - html_failed "Certutil succeeded in deleting a cert in an readonly directory $ret" + html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret" else - html_passed "Certutil didn't work in an readonly dir $ret" + html_passed "Certutil didn't work in an readonly dir $ret" + fi + else + html_passed "Skipping Certutil delete cert in a readonly directory test because user is root" fi Echo "test opening the database ronly in a readonly directory" diff --git a/security/nss/tests/iopr/server_scr/config b/security/nss/tests/iopr/server_scr/config index 19821c79..9e65b926 100644 --- a/security/nss/tests/iopr/server_scr/config +++ b/security/nss/tests/iopr/server_scr/config @@ -1,37 +1,6 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Network Security Services (NSS) -# -# The Initial Developer of the Original Code is Sun Microsystems, Inc. -# Portions created by the Initial Developer are Copyright (C) 2006-2009 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. certDir=/iopr caCertName=TestCA diff --git a/security/nss/tests/libpkix/certs/PayPalEE.cert b/security/nss/tests/libpkix/certs/PayPalEE.cert index 17eaa64b..a826a1da 100644 Binary files a/security/nss/tests/libpkix/certs/PayPalEE.cert and b/security/nss/tests/libpkix/certs/PayPalEE.cert differ diff --git a/security/nss/tests/libpkix/certs/PayPalICA.cert b/security/nss/tests/libpkix/certs/PayPalICA.cert index 459373be..07e025de 100644 Binary files a/security/nss/tests/libpkix/certs/PayPalICA.cert and b/security/nss/tests/libpkix/certs/PayPalICA.cert differ diff --git a/security/nss/tests/libpkix/certs/PayPalRootCA.cert b/security/nss/tests/libpkix/certs/PayPalRootCA.cert index ea640203..dae01965 100644 Binary files a/security/nss/tests/libpkix/certs/PayPalRootCA.cert and b/security/nss/tests/libpkix/certs/PayPalRootCA.cert differ diff --git a/security/nss/tests/libpkix/sample_apps/README b/security/nss/tests/libpkix/sample_apps/README index 266b2ba5..012e7bf7 100644 --- a/security/nss/tests/libpkix/sample_apps/README +++ b/security/nss/tests/libpkix/sample_apps/README @@ -1,39 +1,6 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. This directory contains both sample applications and performance evaluation applications. diff --git a/security/nss/tests/libpkix/vfychain_test.lst b/security/nss/tests/libpkix/vfychain_test.lst index ff282221..78d6185c 100644 --- a/security/nss/tests/libpkix/vfychain_test.lst +++ b/security/nss/tests/libpkix/vfychain_test.lst @@ -1,4 +1,4 @@ # Status | Leaf Cert | Policies | Others(undef) 0 TestUser50 undef 0 TestUser51 undef -0 PayPalEE OID.2.16.840.1.113733.1.7.23.6 +0 PayPalEE OID.2.16.840.1.114412.1.1 diff --git a/security/nss/tests/memleak/memleak.sh b/security/nss/tests/memleak/memleak.sh index 6cc4670d..54d2530c 100644 --- a/security/nss/tests/memleak/memleak.sh +++ b/security/nss/tests/memleak/memleak.sh @@ -206,7 +206,8 @@ set_test_mode() ${BINDIR}/modutil -dbdir ${CLIENT_DB} -list echo "${SCRIPTNAME}: FIPS is OFF" - cipher_list="A B C D E F :C001 :C002 :C003 :C004 :C005 :C006 :C007 :C008 :C009 :C00A :C010 :C011 :C012 :C013 :C014 c d e f g i j k l m n v y z" + # ciphers l and m removed, see bug 1136095 + cipher_list="A B C D E F :C001 :C002 :C003 :C004 :C005 :C006 :C007 :C008 :C009 :C00A :C010 :C011 :C012 :C013 :C014 c d e f g i j k n v y z" fi } diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index 9b94f9e1..c4fee164 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -78,8 +78,10 @@ noECC TLS12 i TLS12_RSA_WITH_NULL_MD5 noECC TLS12 j TLS12_RSA_FIPS_WITH_3DES_EDE_CBC_SHA noECC TLS12 k TLS12_RSA_FIPS_WITH_DES_CBC_SHA - noECC TLS12 l TLS12_RSA_EXPORT_WITH_DES_CBC_SHA (new) - noECC TLS12 m TLS12_RSA_EXPORT_WITH_RC4_56_SHA (new) +# disabled because of bug 1136095 +# noECC TLS12 l TLS12_RSA_EXPORT_WITH_DES_CBC_SHA (new) +# disabled because of bug 1136095 +# noECC TLS12 m TLS12_RSA_EXPORT_WITH_RC4_56_SHA (new) noECC TLS12 n TLS12_RSA_WITH_RC4_128_SHA noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA