qt5-qtwebengine/qtwebengine-opensource-src-5.6.0-beta-nss321.patch
2016-01-13 14:43:47 +01:00

8380 lines
322 KiB
Diff

diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/build/secondary/third_party/nss/BUILD.gn 2016-01-13 14:18:55.587954670 +0100
@@ -695,6 +695,8 @@
"nss/lib/freebl/win_rand.c",
"nss/lib/nss/nss.h",
"nss/lib/nss/nssinit.c",
+ "nss/lib/nss/nssoptions.c",
+ "nss/lib/nss/nssoptions.h",
"nss/lib/nss/nssrenam.h",
"nss/lib/nss/utilwrap.c",
"nss/lib/pk11wrap/debug_module.c",
@@ -859,6 +861,7 @@
"nss/lib/util/utilpars.h",
"nss/lib/util/utilparst.h",
"nss/lib/util/utilrename.h",
+ "nss/lib/util/verref.h",
]
sources -= [
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/aesgcmchromium.patch 2016-01-13 14:18:55.588954676 +0100
@@ -1,7 +1,7 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 1167d6d..dabe333 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index c5cb1eb..299e414 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
@@ -8,6 +8,7 @@
/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
@@ -10,7 +10,7 @@
#include "cert.h"
#include "ssl.h"
#include "cryptohi.h" /* for DSAU_ stuff */
-@@ -44,6 +45,9 @@
+@@ -46,6 +47,9 @@
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
#endif
@@ -20,7 +20,7 @@
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
-@@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
+@@ -1897,6 +1901,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
return 13;
}
@@ -84,7 +84,7 @@
static SECStatus
ssl3_AESGCM(ssl3KeyMaterial *keys,
PRBool doDecrypt,
-@@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
+@@ -1948,10 +2009,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
gcmParams.ulTagBits = tagSize * 8;
if (doDecrypt) {
@@ -97,7 +97,7 @@
maxout, in, inlen);
}
*outlen += (int) uOutLen;
-@@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5337,6 +5398,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
ssl3_DisableNonDTLSSuites(ss);
}
@@ -108,7 +108,7 @@
/* how many suites are permitted by policy and user preference? */
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
if (!num_suites) {
-@@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -8400,6 +8465,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ssl3_DisableNonDTLSSuites(ss);
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/applypatches.sh 2016-01-13 14:18:55.588954676 +0100
@@ -46,9 +46,3 @@
patch -p2 < $patches_dir/nssrwlock.patch
patch -p2 < $patches_dir/reorderextensions.patch
-
-patch -p2 < $patches_dir/removebuildmetadata.patch
-
-patch -p2 < $patches_dir/norenegotiatelock.patch
-
-patch -p2 < $patches_dir/dh1024.patch
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachecerts.patch 2016-01-13 14:18:55.589954682 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 163572c..60af5b0 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -43,6 +43,7 @@
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 8f1c547..9aaf601 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -45,6 +45,7 @@
static SECStatus ssl3_AuthCertificate(sslSocket *ss);
static void ssl3_CleanupPeerCerts(sslSocket *ss);
@@ -10,15 +10,15 @@
static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
PK11SlotInfo * serverKeySlot);
static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -6549,6 +6550,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -6751,6 +6752,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
/* copy the peer cert from the SID */
if (sid->peerCert != NULL) {
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
+ ssl3_CopyPeerCertsFromSID(ss, sid);
}
- /* NULL value for PMS signifies re-use of the old MS */
-@@ -8140,6 +8142,7 @@ compression_found:
+ /* NULL value for PMS because we are reusing the old MS */
+@@ -8405,6 +8407,7 @@ compression_found:
ss->sec.ci.sid = sid;
if (sid->peerCert != NULL) {
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -26,7 +26,7 @@
}
/*
-@@ -9763,6 +9766,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
+@@ -10389,6 +10392,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
ss->ssl3.peerCertChain = NULL;
}
@@ -71,7 +71,7 @@
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 CertificateStatus message.
* Caller must hold Handshake and RecvBuf locks.
-@@ -10041,6 +10082,7 @@ ssl3_AuthCertificate(sslSocket *ss)
+@@ -10669,6 +10710,7 @@ ssl3_AuthCertificate(sslSocket *ss)
}
ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -79,11 +79,11 @@
if (!ss->sec.isServer) {
CERTCertificate *cert = ss->sec.peerCert;
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 1b38a52..086f6d2 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -597,6 +597,8 @@ typedef enum { never_cached,
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index ad31aae..9dcc29e 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -608,6 +608,8 @@ typedef enum { never_cached,
invalid_cache /* no longer in any cache. */
} Cached;
@@ -92,7 +92,7 @@
struct sslSessionIDStr {
/* The global cache lock must be held when accessing these members when the
* sid is in any cache.
-@@ -611,6 +613,7 @@ struct sslSessionIDStr {
+@@ -622,6 +624,7 @@ struct sslSessionIDStr {
*/
CERTCertificate * peerCert;
@@ -100,10 +100,10 @@
SECItemArray peerCertStatus; /* client only */
const char * peerID; /* client only */
const char * urlSvrName; /* client only */
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index 2e861f1..be11008 100644
---- a/ssl/sslnonce.c
-+++ b/ssl/sslnonce.c
+--- a/lib/ssl/sslnonce.c
++++ b/lib/ssl/sslnonce.c
@@ -164,6 +164,7 @@ lock_cache(void)
static void
ssl_DestroySID(sslSessionID *sid)
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cachelocks.patch 2016-01-13 14:18:55.589954682 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 6819b03..6a4a443 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -5748,7 +5748,6 @@ SSL3_ShutdownServerCache(void)
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 2533679..ba3d012 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -5921,7 +5921,6 @@ SSL3_ShutdownServerCache(void)
}
PZ_Unlock(symWrapKeysLock);
@@ -10,7 +10,7 @@
return SECSuccess;
}
-@@ -5800,7 +5799,7 @@ getWrappingKey( sslSocket * ss,
+@@ -5973,7 +5972,7 @@ getWrappingKey( sslSocket * ss,
pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType];
@@ -19,11 +19,11 @@
PZ_Lock(symWrapKeysLock);
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 88b2eba..c4c87b4 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1924,9 +1924,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index d5f326f..d53c446 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1957,9 +1957,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void);
extern SECStatus ssl_FreeSymWrapKeysLock(void);
@@ -34,10 +34,10 @@
/***************** platform client auth ****************/
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index 1326a8b..c45849d 100644
---- a/ssl/sslnonce.c
-+++ b/ssl/sslnonce.c
+--- a/lib/ssl/sslnonce.c
++++ b/lib/ssl/sslnonce.c
@@ -35,91 +35,55 @@ static PZLock * cacheLock = NULL;
#define LOCK_CACHE lock_cache()
#define UNLOCK_CACHE PZ_Unlock(cacheLock)
@@ -204,11 +204,11 @@
PZ_Lock(cacheLock);
}
-diff --git a/ssl/sslsnce.c b/ssl/sslsnce.c
-index 4d9ef38..3279200 100644
---- a/ssl/sslsnce.c
-+++ b/ssl/sslsnce.c
-@@ -1352,7 +1352,7 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
+diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
+index f31b2e9..3856c13 100644
+--- a/lib/ssl/sslsnce.c
++++ b/lib/ssl/sslsnce.c
+@@ -1363,7 +1363,7 @@ SSL_ConfigServerSessionIDCache( int maxCacheEntries,
PRUint32 ssl3_timeout,
const char * directory)
{
@@ -217,7 +217,7 @@
return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
}
-@@ -1466,7 +1466,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
+@@ -1477,7 +1477,7 @@ SSL_ConfigServerSessionIDCacheWithOpt(
PRBool enableMPCache)
{
if (!enableMPCache) {
@@ -226,7 +226,7 @@
return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
ssl2_timeout, ssl3_timeout, directory, PR_FALSE,
maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
-@@ -1511,7 +1511,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
+@@ -1521,7 +1521,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString)
return SECSuccess; /* already done. */
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/chacha20poly1305.patch 2016-01-13 14:18:55.590954688 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index dabe333..6819b03 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -41,6 +41,21 @@
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 299e414..2533679 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -43,6 +43,21 @@
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
#endif
@@ -24,16 +24,16 @@
#include <stdio.h>
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
-@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
+@@ -110,6 +125,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
#ifndef NSS_DISABLE_ECC
+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
-@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
+@@ -307,6 +324,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
@@ -41,16 +41,16 @@
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
};
-@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
+@@ -433,6 +451,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
- #ifndef NSS_DISABLE_ECC
- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
-@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = {
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
+@@ -502,6 +522,7 @@ static const SSLCipher2Mech alg2Mech[] = {
{ calg_camellia , CKM_CAMELLIA_CBC },
{ calg_seed , CKM_SEED_CBC },
{ calg_aes_gcm , CKM_AES_GCM },
@@ -58,7 +58,7 @@
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
};
-@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
+@@ -679,6 +700,8 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_RSA_WITH_NULL_SHA256:
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
@@ -67,7 +67,7 @@
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
-@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
+@@ -2093,6 +2116,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,
}
#endif
@@ -114,7 +114,7 @@
/* Initialize encryption and MAC contexts for pending spec.
* Master Secret already is derived.
* Caller holds Spec write lock.
-@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
+@@ -2126,13 +2189,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)
pwSpec->client.write_mac_context = NULL;
pwSpec->server.write_mac_context = NULL;
@@ -134,11 +134,11 @@
return SECSuccess;
}
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
-index 9b91270..31e0774 100644
---- a/ssl/ssl3ecc.c
-+++ b/ssl/ssl3ecc.c
-@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
+index cf8e741..ab5ab14 100644
+--- a/lib/ssl/ssl3ecc.c
++++ b/lib/ssl/ssl3ecc.c
+@@ -926,6 +926,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -146,7 +146,7 @@
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
0 /* end of list marker */
-@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
+@@ -937,6 +938,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -154,7 +154,7 @@
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
0 /* end of list marker */
-@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = {
+@@ -949,6 +951,7 @@ static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
@@ -162,7 +162,7 @@
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = {
+@@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = {
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
@@ -170,10 +170,10 @@
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-diff --git a/ssl/sslenum.c b/ssl/sslenum.c
-index 09ce43f..a036627 100644
---- a/ssl/sslenum.c
-+++ b/ssl/sslenum.c
+diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c
+index f69aed2..b4a8844 100644
+--- a/lib/ssl/sslenum.c
++++ b/lib/ssl/sslenum.c
@@ -37,17 +37,21 @@
*
* Exception: Because some servers ignore the high-order byte of the cipher
@@ -199,11 +199,11 @@
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index ea71975..88b2eba 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType;
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 60dd243..d5f326f 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -66,6 +66,7 @@ typedef SSLSignType SSL3SignType;
#define calg_camellia ssl_calg_camellia
#define calg_seed ssl_calg_seed
#define calg_aes_gcm ssl_calg_aes_gcm
@@ -211,16 +211,16 @@
#define mac_null ssl_mac_null
#define mac_md5 ssl_mac_md5
-@@ -299,7 +300,7 @@ typedef struct {
+@@ -301,7 +302,7 @@ typedef struct {
} ssl3CipherSuiteCfg;
#ifndef NSS_DISABLE_ECC
--#define ssl_V3_SUITES_IMPLEMENTED 61
-+#define ssl_V3_SUITES_IMPLEMENTED 63
+-#define ssl_V3_SUITES_IMPLEMENTED 64
++#define ssl_V3_SUITES_IMPLEMENTED 66
#else
- #define ssl_V3_SUITES_IMPLEMENTED 37
+ #define ssl_V3_SUITES_IMPLEMENTED 40
#endif /* NSS_DISABLE_ECC */
-@@ -485,6 +486,7 @@ typedef enum {
+@@ -495,6 +496,7 @@ typedef enum {
cipher_camellia_256,
cipher_seed,
cipher_aes_128_gcm,
@@ -228,11 +228,11 @@
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;
-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
-index ba230d2..845d9f0 100644
---- a/ssl/sslinfo.c
-+++ b/ssl/sslinfo.c
-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
+index 7048eb8..bef3190 100644
+--- a/lib/ssl/sslinfo.c
++++ b/lib/ssl/sslinfo.c
+@@ -148,6 +148,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
#define C_NULL "NULL", calg_null
#define C_SJ "SKIPJACK", calg_sj
#define C_AESGCM "AES-GCM", calg_aes_gcm
@@ -240,7 +240,7 @@
#define B_256 256, 256, 256
#define B_128 128, 128, 128
-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
+@@ -229,12 +230,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -255,11 +255,11 @@
{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
-diff --git a/ssl/sslproto.h b/ssl/sslproto.h
-index e02442c..dc653c9 100644
---- a/ssl/sslproto.h
-+++ b/ssl/sslproto.h
-@@ -258,6 +258,9 @@
+diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h
+index 2db47a5..36ae6c9 100644
+--- a/lib/ssl/sslproto.h
++++ b/lib/ssl/sslproto.h
+@@ -260,6 +260,9 @@
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
@@ -269,11 +269,11 @@
/* Netscape "experimental" cipher suites. */
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1
-diff --git a/ssl/sslt.h b/ssl/sslt.h
-index 430d216..fe0ad07 100644
---- a/ssl/sslt.h
-+++ b/ssl/sslt.h
-@@ -94,7 +94,8 @@ typedef enum {
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
+index 5593579..a2eff62 100644
+--- a/lib/ssl/sslt.h
++++ b/lib/ssl/sslt.h
+@@ -117,7 +117,8 @@ typedef enum {
ssl_calg_aes = 7,
ssl_calg_camellia = 8,
ssl_calg_seed = 9,
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/channelid.patch 2016-01-13 14:18:55.591954693 +0100
@@ -1,25 +1,25 @@
-diff --git a/ssl/SSLerrs.h b/ssl/SSLerrs.h
-index 174037b..81da41c 100644
---- a/ssl/SSLerrs.h
-+++ b/ssl/SSLerrs.h
-@@ -422,3 +422,12 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
- ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
- "The server rejected the handshake because the client downgraded to a lower "
- "TLS version than the server supports.")
+diff --git a/lib/ssl/SSLerrs.h b/lib/ssl/SSLerrs.h
+index 6028396..3d21ab8 100644
+--- a/lib/ssl/SSLerrs.h
++++ b/lib/ssl/SSLerrs.h
+@@ -440,3 +440,12 @@ ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
+
+ ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
+ "The peer tried to resume with an unexpected extended_master_secret extension")
+
-+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
++ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 138),
+"SSL received a malformed TLS Channel ID extension.")
+
-+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
++ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 139),
+"The application provided an invalid TLS Channel ID key.")
+
-+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
++ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 140),
+"The application could not get a TLS Channel ID.")
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 593dd00..716537d 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -1025,6 +1025,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 85ced8a..120c257 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -1135,6 +1135,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
PRBool *last_handshake_resumed);
@@ -54,11 +54,11 @@
/*
** How long should we wait before retransmitting the next flight of
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 29e8f1c..c0e8e79 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 304e03b..2ae8ce9 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -57,6 +57,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
static SECStatus ssl3_SendNextProto( sslSocket *ss);
@@ -66,7 +66,7 @@
static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
static SECStatus ssl3_SendServerHello( sslSocket *ss);
static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-@@ -6296,6 +6297,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -6470,6 +6471,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -82,7 +82,7 @@
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
goto loser; /* alert has been sent */
-@@ -6578,7 +6588,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -6780,7 +6790,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess) {
goto alert_loser; /* err code was set */
}
@@ -91,9 +91,9 @@
} while (0);
if (sid_match)
-@@ -6613,6 +6623,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
- } else {
- ss->ssl3.hs.ws = wait_cert_request;
+@@ -6819,6 +6829,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
+ ss->ssl3.hs.ws = wait_server_key;
}
+
+winner:
@@ -119,7 +119,7 @@
return SECSuccess;
alert_loser:
-@@ -7565,7 +7596,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
+@@ -7774,7 +7805,14 @@ ssl3_SendClientSecondRound(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* err code was set. */
}
@@ -134,7 +134,7 @@
if (ss->opt.enableFalseStart) {
if (!ss->ssl3.hs.authCertificatePending) {
/* When we fix bug 589047, we will need to know whether we are
-@@ -7602,6 +7640,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
+@@ -7811,6 +7849,33 @@ ssl3_SendClientSecondRound(sslSocket *ss)
ssl_ReleaseXmitBufLock(ss); /*******************************/
@@ -168,7 +168,7 @@
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
ss->ssl3.hs.ws = wait_new_session_ticket;
else
-@@ -10590,6 +10655,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
+@@ -11264,6 +11329,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
}
/* called from ssl3_SendClientSecondRound
@@ -353,7 +353,7 @@
* ssl3_HandleClientHello
* ssl3_HandleFinished
*/
-@@ -10849,11 +11092,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+@@ -11531,11 +11774,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
@@ -374,7 +374,7 @@
}
if (IS_DTLS(ss)) {
-@@ -12333,6 +12581,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -13095,6 +13343,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ssl_FreePlatformKey(ss->ssl3.platformClientKey);
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -386,10 +386,10 @@
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
-index 0a2288a..4d17587 100644
---- a/ssl/ssl3ext.c
-+++ b/ssl/ssl3ext.c
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
+index 5661a5c..78825cb 100644
+--- a/lib/ssl/ssl3ext.c
++++ b/lib/ssl/ssl3ext.c
@@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
SECItem *data);
static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
@@ -401,15 +401,15 @@
static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
PRBool append, PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
-@@ -269,6 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
+@@ -276,6 +280,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
+ { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
{ -1, NULL }
- };
-@@ -296,6 +301,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+@@ -304,6 +309,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
{ ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
{ ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
@@ -417,7 +417,7 @@
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
-@@ -930,6 +936,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+@@ -945,6 +951,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
}
static SECStatus
@@ -479,10 +479,10 @@
ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
{
-diff --git a/ssl/ssl3prot.h b/ssl/ssl3prot.h
-index 485d7dd..78fbcaa 100644
---- a/ssl/ssl3prot.h
-+++ b/ssl/ssl3prot.h
+diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h
+index a93bef1..848bdee 100644
+--- a/lib/ssl/ssl3prot.h
++++ b/lib/ssl/ssl3prot.h
@@ -136,7 +136,8 @@ typedef enum {
client_key_exchange = 16,
finished = 20,
@@ -493,10 +493,10 @@
} SSL3HandshakeType;
typedef struct {
-diff --git a/ssl/sslauth.c b/ssl/sslauth.c
-index 7f9c43b..c2d9201 100644
---- a/ssl/sslauth.c
-+++ b/ssl/sslauth.c
+diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
+index e6981f0..03b23b4 100644
+--- a/lib/ssl/sslauth.c
++++ b/lib/ssl/sslauth.c
@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
return SECSuccess;
}
@@ -522,26 +522,26 @@
#ifdef NSS_PLATFORM_CLIENT_AUTH
/* NEED LOCKS IN HERE. */
SECStatus
-diff --git a/ssl/sslerr.h b/ssl/sslerr.h
-index 12dbb1d..24bf893 100644
---- a/ssl/sslerr.h
-+++ b/ssl/sslerr.h
-@@ -198,6 +198,10 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130),
-
- SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
-
-+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
+diff --git a/lib/ssl/sslerr.h b/lib/ssl/sslerr.h
+index 192a107..835b812 100644
+--- a/lib/ssl/sslerr.h
++++ b/lib/ssl/sslerr.h
+@@ -208,6 +208,10 @@ SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
+ SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
+ SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
+
++SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 138),
++SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 139),
++SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 140),
+
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 2cf0b3a..e11860e 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -711,6 +711,14 @@ struct sslSessionIDStr {
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index c089889..c286518 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -722,6 +722,14 @@ struct sslSessionIDStr {
SECItem srvName;
@@ -556,7 +556,7 @@
/* This lock is lazily initialized by CacheSID when a sid is first
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
-@@ -986,6 +994,9 @@ struct ssl3StateStr {
+@@ -999,6 +1007,9 @@ struct ssl3StateStr {
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
@@ -566,7 +566,7 @@
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
-@@ -1264,6 +1275,8 @@ const unsigned char * preferredCipher;
+@@ -1294,6 +1305,8 @@ const unsigned char * preferredCipher;
void *pkcs11PinArg;
SSLNextProtoCallback nextProtoCallback;
void *nextProtoArg;
@@ -575,7 +575,7 @@
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-@@ -1610,6 +1623,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
+@@ -1640,6 +1653,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
SECKEYPrivateKey * key,
CERTCertificateList *certChain);
@@ -587,10 +587,10 @@
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index be11008..1326a8b 100644
---- a/ssl/sslnonce.c
-+++ b/ssl/sslnonce.c
+--- a/lib/ssl/sslnonce.c
++++ b/lib/ssl/sslnonce.c
@@ -180,6 +180,9 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->u.ssl3.srvName.data) {
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
@@ -601,11 +601,11 @@
if (sid->u.ssl3.lock) {
PR_DestroyRWLock(sid->u.ssl3.lock);
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
-index d44336e..5c6751a 100644
---- a/ssl/sslsecur.c
-+++ b/ssl/sslsecur.c
-@@ -1582,6 +1582,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
+index f77d6fa..cca55bb 100644
+--- a/lib/ssl/sslsecur.c
++++ b/lib/ssl/sslsecur.c
+@@ -1598,6 +1598,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
return ret;
}
@@ -648,11 +648,11 @@
/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
* this implementation exists to maintain link-time compatibility.
*/
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 9431fe4..042f24f 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index 11e66f2..efba686 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -313,6 +313,8 @@ ssl_DupSocket(sslSocket *os)
ss->canFalseStartCallback = os->canFalseStartCallback;
ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
ss->pkcs11PinArg = os->pkcs11PinArg;
@@ -661,7 +661,7 @@
/* Create security data */
rv = ssl_CopySecurityInfo(ss, os);
-@@ -1733,6 +1735,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
+@@ -1987,6 +1989,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
ss->handshakeCallbackData = sm->handshakeCallbackData;
if (sm->pkcs11PinArg)
ss->pkcs11PinArg = sm->pkcs11PinArg;
@@ -672,7 +672,7 @@
return fd;
loser:
return NULL;
-@@ -3021,6 +3027,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+@@ -3279,6 +3285,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
ss->badCertArg = NULL;
ss->pkcs11PinArg = NULL;
ss->ephemeralECDHKeyPair = NULL;
@@ -681,12 +681,12 @@
ssl_ChooseOps(ss);
ssl2_InitSocketPolicy(ss);
-diff --git a/ssl/sslt.h b/ssl/sslt.h
-index 1d28feb..0900f28 100644
---- a/ssl/sslt.h
-+++ b/ssl/sslt.h
-@@ -191,10 +191,11 @@ typedef enum {
- ssl_padding_xtn = 21,
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
+index cd742bb..b6616e2 100644
+--- a/lib/ssl/sslt.h
++++ b/lib/ssl/sslt.h
+@@ -238,11 +238,12 @@ typedef enum {
+ ssl_extended_master_secret_xtn = 23,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
+ ssl_channel_id_xtn = 30032,
@@ -694,7 +694,8 @@
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
--#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
- #endif /* __sslt_h_ */
+ typedef enum {
+ ssl_dhe_group_none = 0,
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/cipherorder.patch 2016-01-13 14:18:55.591954693 +0100
@@ -1,10 +1,10 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index e9f5fb0..be6d88e 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -295,6 +295,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index db09425..437a822 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ */
+ SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
+/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
+ * which must be an array of cipher suite ids of length |len|. All the given
@@ -16,12 +16,12 @@
/* SSLChannelBindingType enumerates the types of supported channel binding
* values. See RFC 5929. */
typedef enum SSLChannelBindingType {
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 54c5b80..26b87c6 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -12631,6 +12631,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
- return rv;
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 5c09f25..572bba9 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -13390,6 +13390,46 @@ SSL_SignatureMaxCount() {
+ return MAX_SIGNATURE_ALGORITHMS;
}
+SECStatus
@@ -67,11 +67,11 @@
/* copy global default policy into socket. */
void
ssl3_InitSocketPolicy(sslSocket *ss)
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 0fd0a89..d12228e 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1754,6 +1754,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 080debe..3403091 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1786,6 +1786,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
@@ -80,11 +80,11 @@
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 72058f5..09a0fb5 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index 28e3543..8ad1517 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -1369,6 +1369,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
}
SECStatus
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/clientauth.patch 2016-01-13 14:18:55.609954798 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 91a47a6..4e7d52e 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -543,6 +543,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 2a52769..48fa018 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -636,6 +636,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
SSLGetClientAuthData f, void *a);
@@ -51,11 +51,11 @@
/*
** SNI extension processing callback function.
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 60af5b0..b9014ef 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 9aaf601..cc193cd 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -2530,6 +2530,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
PRBool isPresent = PR_TRUE;
/* we only care if we are doing client auth */
@@ -65,7 +65,7 @@
if (!sid || !sid->u.ssl3.clAuthValid) {
return PR_TRUE;
}
-@@ -6178,25 +6181,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
+@@ -6352,25 +6355,36 @@ ssl3_SendCertificateVerify(sslSocket *ss)
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
@@ -119,7 +119,7 @@
if (rv != SECSuccess) {
goto done; /* err code was set by ssl3_SignHashes */
}
-@@ -6275,6 +6289,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -6449,6 +6463,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
ss->ssl3.clientPrivateKey = NULL;
}
@@ -132,7 +132,7 @@
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
-@@ -6904,6 +6924,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
+@@ -7109,6 +7129,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss,
goto done;
}
@@ -151,7 +151,7 @@
/* If the key is a 1024-bit RSA or DSA key, assume conservatively that
* it may be unable to sign SHA-256 hashes. This is the case for older
* Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
-@@ -7002,6 +7034,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7207,6 +7239,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECItem cert_types = {siBuffer, NULL, 0};
SECItem algorithms = {siBuffer, NULL, 0};
CERTDistNames ca_list;
@@ -162,7 +162,7 @@
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
SSL_GETPID(), ss->fd));
-@@ -7017,6 +7053,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7222,6 +7258,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PORT_Assert(ss->ssl3.clientCertChain == NULL);
PORT_Assert(ss->ssl3.clientCertificate == NULL);
PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
@@ -170,7 +170,7 @@
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
-@@ -7096,6 +7133,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7301,6 +7338,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
desc = no_certificate;
ss->ssl3.hs.ws = wait_hello_done;
@@ -187,9 +187,9 @@
+ } else
+#endif
if (ss->getClientAuthData != NULL) {
- /* XXX Should pass cert_types and algorithms in this call!! */
- rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
-@@ -7105,12 +7154,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
+@@ -7312,12 +7361,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
} else {
rv = SECFailure; /* force it to send a no_certificate alert */
}
@@ -245,7 +245,7 @@
/* check what the callback function returned */
if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
/* we are missing either the key or cert */
-@@ -7172,6 +7264,10 @@ loser:
+@@ -7379,6 +7471,10 @@ loser:
done:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
@@ -256,7 +256,7 @@
return rv;
}
-@@ -7288,7 +7384,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
+@@ -7497,7 +7593,8 @@ ssl3_SendClientSecondRound(sslSocket *ss)
sendClientCert = !ss->ssl3.sendEmptyCert &&
ss->ssl3.clientCertChain != NULL &&
@@ -266,7 +266,7 @@
if (!sendClientCert &&
ss->ssl3.hs.hashType == handshake_hash_single &&
-@@ -12148,6 +12245,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12910,6 +13007,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
if (ss->ssl3.clientPrivateKey != NULL)
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
@@ -277,10 +277,10 @@
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
-index 28d21c4..0a2288a 100644
---- a/ssl/ssl3ext.c
-+++ b/ssl/ssl3ext.c
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
+index cf04aba..5661a5c 100644
+--- a/lib/ssl/ssl3ext.c
++++ b/lib/ssl/ssl3ext.c
@@ -11,8 +11,8 @@
#include "nssrenam.h"
#include "nss.h"
@@ -291,10 +291,10 @@
#include "pk11pub.h"
#ifdef NO_PKCS11_BYPASS
#include "blapit.h"
-diff --git a/ssl/sslauth.c b/ssl/sslauth.c
-index ed74d94..7f9c43b 100644
---- a/ssl/sslauth.c
-+++ b/ssl/sslauth.c
+diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
+index b144336..e6981f0 100644
+--- a/lib/ssl/sslauth.c
++++ b/lib/ssl/sslauth.c
@@ -216,6 +216,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
return SECSuccess;
}
@@ -324,11 +324,11 @@
/* NEED LOCKS IN HERE. */
SECStatus
SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 086f6d2..bbc9bd2 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -20,6 +20,7 @@
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 9dcc29e..94bb9f4 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -21,6 +21,7 @@
#include "sslerr.h"
#include "ssl3prot.h"
#include "hasht.h"
@@ -336,7 +336,7 @@
#include "nssilock.h"
#include "pkcs11t.h"
#if defined(XP_UNIX) || defined(XP_BEOS)
-@@ -31,6 +32,15 @@
+@@ -32,6 +33,15 @@
#include "sslt.h" /* for some formerly private types, now public */
@@ -352,7 +352,7 @@
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
-@@ -443,6 +453,14 @@ struct sslGatherStr {
+@@ -453,6 +463,14 @@ struct sslGatherStr {
#define GS_DATA 3
#define GS_PAD 4
@@ -367,7 +367,7 @@
/*
-@@ -961,6 +979,10 @@ struct ssl3StateStr {
+@@ -974,6 +992,10 @@ struct ssl3StateStr {
CERTCertificate * clientCertificate; /* used by client */
SECKEYPrivateKey * clientPrivateKey; /* used by client */
@@ -378,7 +378,7 @@
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
-@@ -1223,6 +1245,10 @@ const unsigned char * preferredCipher;
+@@ -1253,6 +1275,10 @@ const unsigned char * preferredCipher;
void *authCertificateArg;
SSLGetClientAuthData getClientAuthData;
void *getClientAuthDataArg;
@@ -389,7 +389,7 @@
SSLSNISocketConfig sniSocketConfig;
void *sniSocketConfigArg;
SSLBadCertHandler handleBadCert;
-@@ -1863,6 +1889,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
+@@ -1896,6 +1922,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
extern SECStatus ssl_FreeSessionCacheLocks(void);
@@ -416,11 +416,11 @@
/**************** DTLS-specific functions **************/
extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 282bb85..6c09992 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index f735009..21754d6 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -300,6 +300,10 @@ ssl_DupSocket(sslSocket *os)
ss->authCertificateArg = os->authCertificateArg;
ss->getClientAuthData = os->getClientAuthData;
ss->getClientAuthDataArg = os->getClientAuthDataArg;
@@ -431,7 +431,7 @@
ss->sniSocketConfig = os->sniSocketConfig;
ss->sniSocketConfigArg = os->sniSocketConfigArg;
ss->handleBadCert = os->handleBadCert;
-@@ -1709,6 +1713,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
+@@ -1963,6 +1967,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
ss->getClientAuthData = sm->getClientAuthData;
if (sm->getClientAuthDataArg)
ss->getClientAuthDataArg = sm->getClientAuthDataArg;
@@ -444,7 +444,7 @@
if (sm->sniSocketConfig)
ss->sniSocketConfig = sm->sniSocketConfig;
if (sm->sniSocketConfigArg)
-@@ -2974,6 +2984,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+@@ -3232,6 +3242,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
ss->sniSocketConfig = NULL;
ss->sniSocketConfigArg = NULL;
ss->getClientAuthData = NULL;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/dh1024.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/dh1024.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/dh1024.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/dh1024.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index a67a9d1..02b0dda 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -6964,7 +6964,8 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
- if (rv != SECSuccess) {
- goto loser; /* malformed. */
- }
-- if (dh_p.len < 512/8) {
-+ if (dh_p.len < 1024/8 ||
-+ (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
- errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
- goto alert_loser;
- }
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/didhandshakeresume.patch 2016-01-13 14:18:55.609954798 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 4e7d52e..34142fc 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -1007,6 +1007,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 48fa018..0983b5f 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -1117,6 +1117,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
SSLExtensionType extId,
PRBool *yes);
@@ -12,11 +12,11 @@
/*
** How long should we wait before retransmitting the next flight of
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 6c09992..1a9c584 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index 21754d6..b73f8f6 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -2151,6 +2151,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
return &ss->sec.ci.sid->peerCertStatus;
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch 2016-01-13 14:18:55.609954798 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 34142fc..e2d1b09 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -803,6 +803,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 0983b5f..cf9f6db 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -896,6 +896,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
PRBool flushCache,
PRIntervalTime timeout);
@@ -19,11 +19,11 @@
#ifdef SSL_DEPRECATED_FUNCTION
/* deprecated!
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index b9014ef..800c28e 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index cc193cd..27038f3 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -7266,6 +7266,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (rv != SECSuccess)
goto loser; /* malformed, alert has been sent */
@@ -33,7 +33,7 @@
if (isTLS12) {
rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length);
if (rv != SECSuccess)
-@@ -7262,6 +7265,7 @@ loser:
+@@ -7469,6 +7472,7 @@ loser:
PORT_SetError(errCode);
rv = SECFailure;
done:
@@ -41,11 +41,11 @@
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
#ifdef NSS_PLATFORM_CLIENT_AUTH
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index bbc9bd2..46e618a 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1238,6 +1238,10 @@ struct sslSocketStr {
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 94bb9f4..c7231a7 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1265,6 +1265,10 @@ struct sslSocketStr {
unsigned int sizeCipherSpecs;
const unsigned char * preferredCipher;
@@ -55,12 +55,12 @@
+
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
- /* Callbacks */
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 1a9c584..9431fe4 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
+ const ssl3DHParams *dheParams; /* DHE param */
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index b73f8f6..11e66f2 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -2165,6 +2165,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
return SECSuccess;
}
@@ -81,11 +81,11 @@
/************************************************************************/
/* The following functions are the TOP LEVEL SSL functions.
** They all get called through the NSPRIOMethods table below.
-@@ -2989,6 +3003,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+@@ -3243,6 +3257,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
sc->serverKeyBits = 0;
ss->certStatusArray[i] = NULL;
}
+ ss->requestedCertTypes = NULL;
ss->stepDownKeyPair = NULL;
- ss->dbHandle = CERT_GetDefaultCertDB();
+ ss->dheParams = NULL;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/norenegotiatelock.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/norenegotiatelock.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/norenegotiatelock.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/norenegotiatelock.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,15 +0,0 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index f5afab7..a67a9d1 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -5547,9 +5547,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
- return SECFailure;
- }
- if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
-- ssl_GetXmitBufLock(ss);
-- rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
-- ssl_ReleaseXmitBufLock(ss);
-+ (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
- PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
- return SECFailure;
- }
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/nssrwlock.patch 2016-01-13 14:18:55.610954804 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 0ac85da..f5afab7 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -5261,7 +5261,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index afab931..e5e620f 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
* the lock across the calls to ssl3_CallHelloExtensionSenders.
*/
if (sid->u.ssl3.lock) {
@@ -11,7 +11,7 @@
}
if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
-@@ -5270,7 +5270,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5445,7 +5445,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
if (extLen < 0) {
@@ -20,7 +20,7 @@
return SECFailure;
}
total_exten_len += extLen;
-@@ -5297,7 +5297,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5472,7 +5472,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
/* how many suites are permitted by policy and user preference? */
num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
if (!num_suites) {
@@ -29,7 +29,7 @@
return SECFailure; /* count_cipher_suites has set error code. */
}
-@@ -5342,7 +5342,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5517,7 +5517,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
if (rv != SECSuccess) {
@@ -38,7 +38,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5361,21 +5361,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5536,21 +5536,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
}
if (rv != SECSuccess) {
@@ -63,7 +63,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5385,7 +5385,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5560,7 +5560,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
else
rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
if (rv != SECSuccess) {
@@ -72,7 +72,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5393,14 +5393,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5568,14 +5568,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeVariable(
ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1);
if (rv != SECSuccess) {
@@ -89,7 +89,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
-@@ -5409,7 +5409,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5584,7 +5584,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -98,7 +98,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
-@@ -5418,7 +5418,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5593,7 +5593,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -107,8 +107,8 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
actual_count++;
-@@ -5428,7 +5428,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
+@@ -5603,7 +5603,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
actual_count++;
if (actual_count > num_suites) {
- if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
@@ -116,7 +116,7 @@
/* set error card removal/insertion error */
PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
return SECFailure;
-@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5611,7 +5611,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
sizeof(ssl3CipherSuite));
if (rv != SECSuccess) {
@@ -125,7 +125,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
}
-@@ -5447,14 +5447,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5622,14 +5622,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
* the server.. */
if (actual_count != num_suites) {
/* Card removal/insertion error */
@@ -142,7 +142,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
for (i = 0; i < compressionMethodsCount; i++) {
-@@ -5462,7 +5462,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5637,7 +5637,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
continue;
rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1);
if (rv != SECSuccess) {
@@ -151,7 +151,7 @@
return rv; /* err set by ssl3_AppendHandshake* */
}
}
-@@ -5473,20 +5473,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5648,20 +5648,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
if (rv != SECSuccess) {
@@ -175,7 +175,7 @@
return SECFailure;
}
maxBytes -= extLen;
-@@ -5495,7 +5495,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5670,7 +5670,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
}
if (sid->u.ssl3.lock) {
@@ -184,11 +184,11 @@
}
if (ss->xtnData.sentSessionTicketInClientHello) {
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index d12228e..efcbf9f 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -731,7 +731,7 @@ struct sslSessionIDStr {
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 3403091..874e59c 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -742,7 +742,7 @@ struct sslSessionIDStr {
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
*/
@@ -197,10 +197,10 @@
/* The lock must be held while reading or writing these members
* because they change while the sid is cached.
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index cefdda6..28ad364 100644
---- a/ssl/sslnonce.c
-+++ b/ssl/sslnonce.c
+--- a/lib/ssl/sslnonce.c
++++ b/lib/ssl/sslnonce.c
@@ -136,7 +136,7 @@ ssl_DestroySID(sslSessionID *sid)
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/removebuildmetadata.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/removebuildmetadata.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/removebuildmetadata.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/removebuildmetadata.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,27 +0,0 @@
-diff --git a/ssl/sslver.c b/ssl/sslver.c
-index 35e0317..ea60888 100644
---- a/ssl/sslver.c
-+++ b/ssl/sslver.c
-@@ -12,6 +12,13 @@
- #define _DEBUG_STRING ""
- #endif
-
-+#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
-+#define _DATE_AND_TIME "Sep 02 2008 08:00:00"
-+#else
-+#define _DATE_AND_TIME __DATE__ " " __TIME__
-+#endif
-+
-+
- /*
- * Version information for the 'ident' and 'what commands
- *
-@@ -19,6 +26,6 @@
- * must not end in a '$' to prevent rcs keyword substitution.
- */
- const char __nss_ssl_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING
-- " " __DATE__ " " __TIME__ " $";
-+ " " _DATE_AND_TIME " $";
- const char __nss_ssl_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING
-- " " __DATE__ " " __TIME__;
-+ " " _DATE_AND_TIME;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/reorderextensions.patch 2016-01-13 14:18:55.610954804 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
-index c18d6f6..9214a2e 100644
---- a/ssl/ssl3ext.c
-+++ b/ssl/ssl3ext.c
-@@ -313,6 +313,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
+index 9cfd541..eb3fb70 100644
+--- a/lib/ssl/ssl3ext.c
++++ b/lib/ssl/ssl3ext.c
+@@ -321,6 +321,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signed_certificate_timestamp_xtn,
&ssl3_ClientSendSignedCertTimestampXtn },
@@ -12,8 +12,8 @@
+ * extension. */
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
- /* any extra entries will appear as { 0, NULL } */
-@@ -2507,9 +2511,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
+@@ -2546,9 +2550,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
}
extensionLength = 512 - recordLength;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/restartclientauth.patch 2016-01-13 14:18:55.610954804 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index e2d1b09..593dd00 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -409,6 +409,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index cf9f6db..85ced8a 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -502,6 +502,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
PRIntervalTime timeout);
@@ -14,11 +14,11 @@
/*
** Query security status of socket. *on is set to one if security is
** enabled. *keySize will contain the stream key size used. *issuer will
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 800c28e..29e8f1c 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -7275,6 +7275,85 @@ done:
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 27038f3..304e03b 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -7482,6 +7482,85 @@ done:
return rv;
}
@@ -104,11 +104,11 @@
static SECStatus
ssl3_CheckFalseStart(sslSocket *ss)
{
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 46e618a..2cf0b3a 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1599,16 +1599,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index c7231a7..c089889 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1629,16 +1629,17 @@ extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec,
/* These functions are called from secnav, even though they're "private". */
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
@@ -130,11 +130,11 @@
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
-index ea2d408..d44336e 100644
---- a/ssl/sslsecur.c
-+++ b/ssl/sslsecur.c
-@@ -1516,17 +1516,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
+index 53b4885..f77d6fa 100644
+--- a/lib/ssl/sslsecur.c
++++ b/lib/ssl/sslsecur.c
+@@ -1532,17 +1532,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
return SECSuccess;
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secitemarray.patch 2016-01-13 14:18:55.610954804 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index 0ece0ed..ea71975 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1373,6 +1373,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 976330e..60dd243 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1403,6 +1403,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
SEC_BEGIN_PROTOS
@@ -18,11 +18,11 @@
/* Internal initialization and installation of the SSL error tables */
extern SECStatus ssl_Init(void);
extern SECStatus ssl_InitializePRErrorTable(void);
-diff --git a/ssl/sslt.h b/ssl/sslt.h
-index 0900f28..430d216 100644
---- a/ssl/sslt.h
-+++ b/ssl/sslt.h
-@@ -10,6 +10,19 @@
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
+index b6616e2..5593579 100644
+--- a/lib/ssl/sslt.h
++++ b/lib/ssl/sslt.h
+@@ -11,6 +11,19 @@
#include "prtypes.h"
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/secretexporterlocks.patch 2016-01-13 14:18:55.611954809 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c
-index 00f2f38..ba230d2 100644
---- a/ssl/sslinfo.c
-+++ b/ssl/sslinfo.c
-@@ -350,8 +350,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
+index 216ab0f..7048eb8 100644
+--- a/lib/ssl/sslinfo.c
++++ b/lib/ssl/sslinfo.c
+@@ -387,8 +387,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
return SECFailure;
}
@@ -16,7 +16,7 @@
return SECFailure;
}
-@@ -362,13 +367,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
+@@ -399,13 +404,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
}
val = PORT_Alloc(valLen);
if (!val) {
@@ -34,7 +34,7 @@
if (hasContext) {
val[i++] = contextLen >> 8;
val[i++] = contextLen;
-@@ -389,6 +398,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
+@@ -426,6 +435,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
valLen, out, outLen);
}
ssl_ReleaseSpecReadLock(ss);
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/sessioncache.patch 2016-01-13 14:18:55.611954809 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index be6d88e..57771cd 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -900,6 +900,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 437a822..bc417a5 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -992,6 +992,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
/*
@@ -21,11 +21,11 @@
** Return a SECItem containing the SSL session ID associated with the fd.
*/
SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 26b87c6..0ac85da 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -11375,7 +11375,7 @@ ssl3_FinishHandshake(sslSocket * ss)
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 572bba9..afab931 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -12058,7 +12058,7 @@ ssl3_FinishHandshake(sslSocket * ss)
ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
}
@@ -34,11 +34,11 @@
PORT_Assert(ss->sec.ci.sid->cached == never_cached);
(*ss->sec.cache)(ss->sec.ci.sid);
ss->ssl3.hs.cacheSID = PR_FALSE;
-diff --git a/ssl/sslsecur.c b/ssl/sslsecur.c
-index 5c6751a..00ab455 100644
---- a/ssl/sslsecur.c
-+++ b/ssl/sslsecur.c
-@@ -1467,6 +1467,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
+diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
+index cca55bb..b4b8e95 100644
+--- a/lib/ssl/sslsecur.c
++++ b/lib/ssl/sslsecur.c
+@@ -1483,6 +1483,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
return rv;
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch 2016-01-13 14:18:55.612954815 +0100
@@ -1,18 +1,17 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 80717db..e9f5fb0 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -191,6 +191,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
- #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
- * handshakes. */
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index eb7f7ec..db09425 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -203,6 +203,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
+ */
+ #define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
+/* Request Signed Certificate Timestamps via TLS extension (client) */
-+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
-+
++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
+
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
- SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
-@@ -493,6 +496,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
+@@ -586,6 +588,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
*/
SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
@@ -36,13 +35,13 @@
/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
* in the fd's data, which may be sent as part of a server side cert_status
* handshake message. Parameter |responses| is for the server certificate of
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 6a4a443..54c5b80 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -6752,6 +6752,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
- sid->u.ssl3.sessionIDLength = sidBytes.len;
- PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index ba3d012..5c09f25 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -6957,6 +6957,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
+ /* Copy Signed Certificate Timestamps, if any. */
+ if (ss->xtnData.signedCertTimestamps.data) {
@@ -55,7 +54,7 @@
ss->ssl3.hs.isResuming = PR_FALSE;
if (ss->ssl3.hs.kea_def->signKeyType != sign_null) {
/* All current cipher suites other than those with sign_null (i.e.,
-@@ -6765,6 +6773,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -6971,6 +6979,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
winner:
@@ -66,7 +65,7 @@
/* If we will need a ChannelID key then we make the callback now. This
* allows the handshake to be restarted cleanly if the callback returns
* SECWouldBlock. */
-@@ -6790,6 +6802,9 @@ alert_loser:
+@@ -6996,6 +7008,9 @@ alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
@@ -76,10 +75,10 @@
errCode = ssl_MapLowLevelError(errCode);
return SECFailure;
}
-diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c
-index 4d17587..c18d6f6 100644
---- a/ssl/ssl3ext.c
-+++ b/ssl/ssl3ext.c
+diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
+index 78825cb..9cfd541 100644
+--- a/lib/ssl/ssl3ext.c
++++ b/lib/ssl/ssl3ext.c
@@ -90,6 +90,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,
@@ -93,16 +92,16 @@
static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
-@@ -275,6 +281,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
- { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
+@@ -283,6 +289,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
{ ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
+ { ssl_signed_certificate_timestamp_xtn,
+ &ssl3_ClientHandleSignedCertTimestampXtn },
{ -1, NULL }
};
-@@ -303,6 +311,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
+@@ -311,6 +319,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
{ ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
{ ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
@@ -110,12 +109,16 @@
+ &ssl3_ClientSendSignedCertTimestampXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
- /* any extra entries will appear as { 0, NULL } */
-@@ -2616,3 +2626,65 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type,
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
+@@ -2698,11 +2708,48 @@ ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append,
+ }
- return SECSuccess;
+ return extension_length;
+-
+ loser:
+ return -1;
}
-+
+
+/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
+ * extension for TLS ClientHellos. */
+static PRInt32
@@ -129,7 +132,12 @@
+ if (!ss->opt.enableSignedCertTimestamps)
+ return 0;
+
-+ if (append && maxBytes >= extension_length) {
++ if (maxBytes < extension_length) {
++ PORT_Assert(0);
++ return 0;
++ }
++
++ if (append) {
+ SECStatus rv;
+ /* extension_type */
+ rv = ssl3_AppendHandshakeNumber(ss,
@@ -143,15 +151,19 @@
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_signed_certificate_timestamp_xtn;
-+ } else if (maxBytes < extension_length) {
-+ PORT_Assert(0);
-+ return 0;
+ }
+
+ return extension_length;
+loser:
+ return -1;
+}
+
+ static SECStatus
+ ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
+@@ -2743,3 +2790,28 @@ ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
+ }
+ return SECSuccess;
+ }
+
+static SECStatus
+ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
@@ -177,19 +189,19 @@
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+ return SECSuccess;
+}
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index c4c87b4..0fd0a89 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -339,6 +339,7 @@ typedef struct sslOptionsStr {
- unsigned int enableALPN : 1; /* 27 */
- unsigned int reuseServerECDHEKey : 1; /* 28 */
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index d53c446..080debe 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -349,6 +349,7 @@ typedef struct sslOptionsStr {
unsigned int enableFallbackSCSV : 1; /* 29 */
-+ unsigned int enableSignedCertTimestamps : 1; /* 30 */
+ unsigned int enableServerDhe : 1; /* 30 */
+ unsigned int enableExtendedMS : 1; /* 31 */
++ unsigned int enableSignedCertTimestamps : 1; /* 32 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -721,6 +722,11 @@ struct sslSessionIDStr {
+@@ -732,6 +733,11 @@ struct sslSessionIDStr {
* resumption handshake to the original handshake. */
SECItem originalHandshakeHash;
@@ -201,7 +213,7 @@
/* This lock is lazily initialized by CacheSID when a sid is first
* cached. Before then, there is no need to lock anything because
* the sid isn't being shared by anything.
-@@ -835,6 +841,18 @@ struct TLSExtensionDataStr {
+@@ -846,6 +852,18 @@ struct TLSExtensionDataStr {
* is beyond ssl3_HandleClientHello function. */
SECItem *sniNameArr;
PRUint32 sniNameArrSize;
@@ -220,10 +232,10 @@
};
typedef SECStatus (*sslRestartTarget)(sslSocket *);
-diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c
+diff --git a/lib/ssl/sslnonce.c b/lib/ssl/sslnonce.c
index c45849d..cefdda6 100644
---- a/ssl/sslnonce.c
-+++ b/ssl/sslnonce.c
+--- a/lib/ssl/sslnonce.c
++++ b/lib/ssl/sslnonce.c
@@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)
if (sid->u.ssl3.originalHandshakeHash.data) {
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
@@ -234,22 +246,22 @@
if (sid->u.ssl3.lock) {
PR_DestroyRWLock(sid->u.ssl3.lock);
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 6a6c8d1..72058f5 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -89,7 +89,8 @@ static sslOptions ssl_defaults = {
- PR_TRUE, /* enableNPN */
- PR_FALSE, /* enableALPN */
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index 6d700a7..28e3543 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -92,7 +92,8 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* reuseServerECDHEKey */
-- PR_FALSE /* enableFallbackSCSV */
-+ PR_FALSE, /* enableFallbackSCSV */
+ PR_FALSE, /* enableFallbackSCSV */
+ PR_TRUE, /* enableServerDhe */
+- PR_FALSE /* enableExtendedMS */
++ PR_FALSE, /* enableExtendedMS */
+ PR_FALSE, /* enableSignedCertTimestamps */
};
/*
-@@ -807,6 +808,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
- ss->opt.enableFallbackSCSV = on;
+@@ -843,6 +844,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+ ss->opt.enableExtendedMS = on;
break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
@@ -259,19 +271,19 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -882,6 +887,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
- case SSL_REUSE_SERVER_ECDHE_KEY:
- on = ss->opt.reuseServerECDHEKey; break;
- case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+@@ -921,6 +926,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ on = ss->opt.enableExtendedMS; break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ on = ss->opt.enableSignedCertTimestamps;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -951,6 +959,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
- case SSL_ENABLE_FALLBACK_SCSV:
- on = ssl_defaults.enableFallbackSCSV;
+@@ -996,6 +1004,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ on = ssl_defaults.enableExtendedMS;
break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+ on = ssl_defaults.enableSignedCertTimestamps;
@@ -279,8 +291,8 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1134,6 +1145,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
- ssl_defaults.enableFallbackSCSV = on;
+@@ -1187,6 +1198,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
+ ssl_defaults.enableExtendedMS = on;
break;
+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
@@ -290,7 +302,7 @@
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
-@@ -1963,6 +1978,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
+@@ -2218,6 +2233,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
return &ss->sec.ci.sid->peerCertStatus;
}
@@ -320,23 +332,24 @@
SECStatus
SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
sslSocket *ss = ssl_FindSocket(fd);
-diff --git a/ssl/sslt.h b/ssl/sslt.h
-index fe0ad07..c36b8c7 100644
---- a/ssl/sslt.h
-+++ b/ssl/sslt.h
-@@ -202,6 +202,7 @@ typedef enum {
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h
+index a2eff62..36e34df 100644
+--- a/lib/ssl/sslt.h
++++ b/lib/ssl/sslt.h
+@@ -248,6 +248,7 @@ typedef enum {
ssl_signature_algorithms_xtn = 13,
ssl_use_srtp_xtn = 14,
ssl_app_layer_protocol_xtn = 16,
+ ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
ssl_padding_xtn = 21,
+ ssl_extended_master_secret_xtn = 23,
ssl_session_ticket_xtn = 35,
- ssl_next_proto_nego_xtn = 13172,
-@@ -210,6 +211,6 @@ typedef enum {
+@@ -257,7 +258,7 @@ typedef enum {
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
--#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */
-+#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
+-#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
++#define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */
- #endif /* __sslt_h_ */
+ typedef enum {
+ ssl_dhe_group_none = 0,
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/suitebonly.patch 2016-01-13 14:18:55.612954815 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
-index aca2b74..dac7a9e 100644
---- a/ssl/ssl3ecc.c
-+++ b/ssl/ssl3ecc.c
-@@ -1090,6 +1090,7 @@ static const PRUint8 ecPtFmt[6] = {
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
+index 94008a0..6d89bbe 100644
+--- a/lib/ssl/ssl3ecc.c
++++ b/lib/ssl/ssl3ecc.c
+@@ -1093,6 +1093,7 @@ static const PRUint8 ecPtFmt[6] = {
static PRBool
ssl3_SuiteBOnly(sslSocket *ss)
{
@@ -10,7 +10,7 @@
/* See if we can support small curves (like 163). If not, assume we can
* only support Suite-B curves (P-256, P-384, P-521). */
PK11SlotInfo *slot =
-@@ -1103,6 +1104,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
+@@ -1106,6 +1107,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
/* we can, presume we can do all curves */
PK11_FreeSlot(slot);
return PR_FALSE;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tls12chromium.patch 2016-01-13 14:18:55.612954815 +0100
@@ -1,8 +1,8 @@
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index 7c06815..1167d6d 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -31,6 +31,15 @@
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index ce92cf1..c5cb1eb 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -33,6 +33,15 @@
#include "blapi.h"
#endif
@@ -18,10 +18,10 @@
#include <stdio.h>
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c
-index dac7a9e..9b91270 100644
---- a/ssl/ssl3ecc.c
-+++ b/ssl/ssl3ecc.c
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
+index 6d89bbe..cf8e741 100644
+--- a/lib/ssl/ssl3ecc.c
++++ b/lib/ssl/ssl3ecc.c
@@ -31,6 +31,12 @@
#include <stdio.h>
@@ -35,16 +35,17 @@
#ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 14ff328..6a6c8d1 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -17,8 +17,15 @@
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index c9a4493..6d700a7 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -17,9 +17,16 @@
#ifndef NO_PKCS11_BYPASS
#include "blapi.h"
#endif
+#include "pk11pub.h"
#include "nss.h"
+ #include "pk11pqg.h"
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
@@ -55,7 +56,7 @@
#define SET_ERROR_CODE /* reminder */
static const sslSocketOps ssl_default_ops = { /* No SSL. */
-@@ -1878,6 +1885,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
+@@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
return SECSuccess;
}
@@ -80,7 +81,7 @@
SECStatus
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
{
-@@ -1898,6 +1923,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
+@@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
ssl_GetSSL3HandshakeLock(ss);
ss->vrange = *vrange;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/patches/tlsunique.patch 2016-01-13 14:18:55.612954815 +0100
@@ -1,10 +1,10 @@
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 716537d..80717db 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
- SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
- SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
+index 120c257..eb7f7ec 100644
+--- a/lib/ssl/ssl.h
++++ b/lib/ssl/ssl.h
+@@ -385,6 +385,27 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ */
+ SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
+/* SSLChannelBindingType enumerates the types of supported channel binding
+ * values. See RFC 5929. */
@@ -30,12 +30,12 @@
/* SSL Version Range API
**
** This API should be used to control SSL 3.0 & TLS support instead of the
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
-index c0e8e79..7c06815 100644
---- a/ssl/ssl3con.c
-+++ b/ssl/ssl3con.c
-@@ -12479,6 +12479,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
- PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 2ae8ce9..ce92cf1 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -13241,6 +13241,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
+ ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
}
+SECStatus
@@ -103,11 +103,11 @@
/* ssl3_config_match_init must have already been called by
* the caller of this function.
*/
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h
-index e11860e..0ece0ed 100644
---- a/ssl/sslimpl.h
-+++ b/ssl/sslimpl.h
-@@ -1864,6 +1864,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index c286518..976330e 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -1897,6 +1897,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey,
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
unsigned int length);
@@ -119,12 +119,12 @@
/* Construct a new NSPR socket for the app to use */
extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
extern void ssl_FreePRSocket(PRFileDesc *fd);
-diff --git a/ssl/sslsock.c b/ssl/sslsock.c
-index 042f24f..14ff328 100644
---- a/ssl/sslsock.c
-+++ b/ssl/sslsock.c
-@@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void)
- return NSS_SetDomesticPolicy();
+diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
+index efba686..c9a4493 100644
+--- a/lib/ssl/sslsock.c
++++ b/lib/ssl/sslsock.c
+@@ -1540,6 +1540,28 @@ SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
+ return SECSuccess;
}
+SECStatus
@@ -148,6 +148,7 @@
+
+ return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
+}
++
+ #include "dhe-param.c"
-
- /* LOCKS ??? XXX */
+ static const SSLDHEGroupType ssl_default_dhe_groups[] = {
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/README.chromium qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/README.chromium
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/README.chromium 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/README.chromium 2016-01-13 14:18:55.588954676 +0100
@@ -1,6 +1,6 @@
Name: Network Security Services (NSS)
URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.19 RTM
+Version: 3.21 RTM
Security Critical: Yes
License: MPL 2
License File: NOT_SHIPPED
@@ -11,7 +11,7 @@
The same module appears in crypto/third_party/nss (and third_party/nss on some
platforms), so we don't repeat the license file here.
-The snapshot was updated to the hg tag: NSS_3_19_RTM
+The snapshot was updated to the hg tag: NSS_3_21_RTM
Patches:
@@ -100,16 +100,6 @@
length.
patches/reorderextensions.patch
- * Make the build metadata deterministic
- patches/removebuildmetadata.patch
-
- * Fix locking bug in ssl3_HandleHelloRequest when rejecting a renegotiation.
- patches/norenegotiatelock.patch
- https://bugzilla.mozilla.org/show_bug.cgi?id=1162521
-
- * Increase the minimum DH group size to 1024
- patches/dh1024.patch
-
Apply the patches to NSS by running the patches/applypatches.sh script. Read
the comments at the top of patches/applypatches.sh for instructions.
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/derive.c 2016-01-13 14:18:55.613954821 +0100
@@ -431,7 +431,7 @@
* so isRSA is always true.
*/
SECStatus
-ssl3_MasterKeyDeriveBypass(
+ssl3_MasterSecretDeriveBypass(
ssl3CipherSpec * pwSpec,
const unsigned char * cr,
const unsigned char * sr,
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dhe-param.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dhe-param.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dhe-param.c 1970-01-01 01:00:00.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dhe-param.c 2016-01-13 14:18:55.613954821 +0100
@@ -0,0 +1,413 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+static const unsigned char ff_dhe_g2[] = { 2 };
+
+static const unsigned char ff_dhe_2048_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_2048 = {
+ { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_3072_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_3072 = {
+ { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_4096_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_4096 = {
+ { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_6144_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+ 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_6144 = {
+ { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_8192_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+ 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
+ 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
+ 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
+ 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
+ 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
+ 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
+ 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
+ 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
+ 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
+ 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
+ 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
+ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
+ 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
+ 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
+ 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
+ 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
+ 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
+ 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
+ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
+ 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
+ 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
+ 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_8192 = {
+ { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/dtlscon.c 2016-01-13 14:18:55.614954827 +0100
@@ -104,9 +104,7 @@
const ssl3CipherSuite * suite;
for (suite = nonDTLSSuites; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
-
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
}
return SECSuccess;
}
@@ -229,7 +227,7 @@
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
if (message_length > MAX_HANDSHAKE_MSG_LEN) {
(void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
#undef MAX_HANDSHAKE_MSG_LEN
@@ -396,7 +394,7 @@
* This avoids having to fill in the bitmask in the common
* case of adjacent fragments received in sequence
*/
- if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
+ if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
/* Either this is the adjacent fragment or an overlapping
* fragment */
ss->ssl3.hs.recvdHighWater = fragment_offset +
@@ -676,7 +674,7 @@
/* The reason we use 8 here is that that's the length of
* the new DTLS data that we add to the header */
- fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
+ fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
content_len - fragment_offset);
PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
/* Make totally sure that we are within the buffer.
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3con.c 2016-01-13 14:18:55.620954862 +0100
@@ -25,6 +25,8 @@
#include "prerror.h"
#include "pratom.h"
#include "prthread.h"
+#include "nss.h"
+#include "nssoptions.h"
#include "pk11func.h"
#include "secmod.h"
@@ -91,8 +93,11 @@
static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss,
const unsigned char *b,
unsigned int l);
+static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
+ ssl3CipherSpec *spec,
+ SSL3Hashes *hashes,
+ PRUint32 sender);
static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
-static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid);
static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
int maxOutputLen, const unsigned char *input,
@@ -122,17 +127,17 @@
#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
* bug 946147.
*/
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -140,14 +145,17 @@
#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -205,6 +213,23 @@
{ TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE},
};
+static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = {
+ {ssl_hash_sha256, ssl_sign_rsa},
+ {ssl_hash_sha384, ssl_sign_rsa},
+ {ssl_hash_sha512, ssl_sign_rsa},
+ {ssl_hash_sha1, ssl_sign_rsa},
+#ifndef NSS_DISABLE_ECC
+ {ssl_hash_sha256, ssl_sign_ecdsa},
+ {ssl_hash_sha384, ssl_sign_ecdsa},
+ {ssl_hash_sha512, ssl_sign_ecdsa},
+ {ssl_hash_sha1, ssl_sign_ecdsa},
+#endif
+ {ssl_hash_sha256, ssl_sign_dsa},
+ {ssl_hash_sha1, ssl_sign_dsa}
+};
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <=
+ MAX_SIGNATURE_ALGORITHMS);
+
/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
*/
#ifdef DEBUG
@@ -265,20 +290,6 @@
ct_DSS_sign,
};
-/* This block is the contents of the supported_signature_algorithms field of
- * our TLS 1.2 CertificateRequest message, in wire format. See
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
- *
- * This block contains only sha256 entries because we only support TLS 1.2
- * CertificateVerify messages that use the handshake hash. */
-static const PRUint8 supported_signature_algorithms[] = {
- tls_hash_sha256, tls_sig_rsa,
-#ifndef NSS_DISABLE_ECC
- tls_hash_sha256, tls_sig_ecdsa,
-#endif
- tls_hash_sha256, tls_sig_dsa,
-};
-
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
@@ -322,8 +333,8 @@
/* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */
{kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE},
{kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
- {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE},
- {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE},
+ {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
+ {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE},
{kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
{kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
{kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
@@ -443,6 +454,10 @@
{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss},
+
#ifndef NSS_DISABLE_ECC
{TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
{TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
@@ -680,6 +695,8 @@
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+ case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_NULL_SHA256:
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
@@ -688,6 +705,7 @@
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
@@ -810,16 +828,11 @@
* that the server uses an RSA cert for (EC)DHE-RSA.
*/
switch (cipher_def->key_exchange_alg) {
+ case kea_dhe_dss:
+ svrAuth = ss->serverCerts + ssl_kea_dh;
+ break;
case kea_ecdhe_rsa:
-#if NSS_SERVER_DHE_IMPLEMENTED
- /* XXX NSS does not yet implement the server side of _DHE_
- * cipher suites. Correcting the computation for svrAuth,
- * as the case below does, causes NSS SSL servers to begin to
- * negotiate cipher suites they do not implement. So, until
- * server side _DHE_ is implemented, keep this disabled.
- */
case kea_dhe_rsa:
-#endif
svrAuth = ss->serverCerts + kt_rsa;
break;
case kea_ecdh_ecdsa:
@@ -831,6 +844,8 @@
* simultaneously. For now, both of them use
* whatever is in the certificate slot for kt_ecdh
*/
+ case kea_dhe_dss_export:
+ case kea_dhe_rsa_export:
default:
svrAuth = ss->serverCerts + exchKeyType;
break;
@@ -867,11 +882,22 @@
* cipher suite. */
static PRBool
config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
- const SSLVersionRange *vrange)
+ const SSLVersionRange *vrange, const sslSocket *ss)
{
+ const ssl3CipherSuiteDef *cipher_def;
+
PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
if (policy == SSL_NOT_ALLOWED || !enabled)
- return PR_FALSE;
+ return PR_FALSE;
+
+ cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
+ PORT_Assert(cipher_def != NULL);
+
+ PORT_Assert(ss != NULL);
+ if (ss->sec.isServer && !ss->opt.enableServerDhe &&
+ kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh)
+ return PR_FALSE;
+
return (PRBool)(suite->enabled &&
suite->isPresent &&
suite->policy != SSL_NOT_ALLOWED &&
@@ -892,7 +918,7 @@
return 0;
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
+ if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss))
count++;
}
if (count <= 0) {
@@ -984,9 +1010,9 @@
break;
case dsaKey:
doDerEncode = isTLS;
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part. */
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
@@ -997,9 +1023,9 @@
#ifndef NSS_DISABLE_ECC
case ecKey:
doDerEncode = PR_TRUE;
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part. */
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
@@ -1014,7 +1040,7 @@
}
PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ if (hash->hashAlg == ssl_hash_none) {
signatureLen = PK11_SignatureLen(key);
if (signatureLen <= 0) {
PORT_SetError(SEC_ERROR_INVALID_KEY);
@@ -1028,7 +1054,8 @@
rv = PK11_Sign(key, buf, &hashItem);
} else {
- rv = SGN_Digest(key, hash->hashAlg, buf, &hashItem);
+ SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
+ rv = SGN_Digest(key, hashOID, buf, &hashItem);
}
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
@@ -1076,7 +1103,7 @@
return SECFailure;
}
- hashAlg = hash->hashAlg;
+ hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg);
switch (key->keyType) {
case rsaKey:
encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
@@ -1085,9 +1112,9 @@
break;
case dsaKey:
encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part. */
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ if (hash->hashAlg == ssl_hash_none) {
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
} else {
@@ -1108,13 +1135,13 @@
#ifndef NSS_DISABLE_ECC
case ecKey:
encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
- /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash.
+ /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
* In that case, we use just the SHA1 part.
* ECDSA signatures always encode the integers r and s using ASN.1
* (unlike DSA where ASN.1 encoding is used with TLS but not with
* SSL3). So we can use VFY_VerifyDigestDirect for ECDSA.
*/
- if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ if (hash->hashAlg == ssl_hash_none) {
hashAlg = SEC_OID_SHA1;
hashItem.data = hash->u.s.sha;
hashItem.len = sizeof(hash->u.s.sha);
@@ -1142,8 +1169,8 @@
*/
rv = PK11_Verify(key, buf, &hashItem, pwArg);
} else {
- rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
- pwArg);
+ rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
+ pwArg);
}
SECKEY_DestroyPublicKey(key);
if (signature) {
@@ -1159,75 +1186,71 @@
/* Caller must set hiLevel error code. */
/* Called from ssl3_ComputeExportRSAKeyHash
* ssl3_ComputeDHKeyHash
- * which are called from ssl3_HandleServerKeyExchange.
+ * which are called from ssl3_HandleServerKeyExchange.
*
- * hashAlg: either the OID for a hash algorithm or SEC_OID_UNKNOWN to specify
- * the pre-1.2, MD5/SHA1 combination hash.
+ * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash.
*/
SECStatus
-ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
- PRUint8 * hashBuf, unsigned int bufLen,
- SSL3Hashes *hashes, PRBool bypassPKCS11)
+ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
+ PRUint8 * hashBuf, unsigned int bufLen,
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
{
- SECStatus rv = SECSuccess;
+ SECStatus rv;
+ SECOidTag hashOID;
#ifndef NO_PKCS11_BYPASS
if (bypassPKCS11) {
- if (hashAlg == SEC_OID_UNKNOWN) {
- MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen);
- SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
- hashes->len = MD5_LENGTH + SHA1_LENGTH;
- } else if (hashAlg == SEC_OID_SHA1) {
- SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
- hashes->len = SHA1_LENGTH;
- } else if (hashAlg == SEC_OID_SHA256) {
- SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
- hashes->len = SHA256_LENGTH;
- } else if (hashAlg == SEC_OID_SHA384) {
- SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
- hashes->len = SHA384_LENGTH;
- } else if (hashAlg == SEC_OID_SHA512) {
- SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
- hashes->len = SHA512_LENGTH;
- } else {
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
- return SECFailure;
- }
- } else
+ if (hashAlg == ssl_hash_none) {
+ MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen);
+ SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen);
+ hashes->len = MD5_LENGTH + SHA1_LENGTH;
+ } else if (hashAlg == ssl_hash_sha1) {
+ SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen);
+ hashes->len = SHA1_LENGTH;
+ } else if (hashAlg == ssl_hash_sha256) {
+ SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen);
+ hashes->len = SHA256_LENGTH;
+ } else if (hashAlg == ssl_hash_sha384) {
+ SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen);
+ hashes->len = SHA384_LENGTH;
+ } else if (hashAlg == ssl_hash_sha512) {
+ SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen);
+ hashes->len = SHA512_LENGTH;
+ } else {
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ return SECFailure;
+ }
+ } else
#endif
{
- if (hashAlg == SEC_OID_UNKNOWN) {
- rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
- rv = SECFailure;
- goto done;
- }
-
- rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
- rv = SECFailure;
- }
- hashes->len = MD5_LENGTH + SHA1_LENGTH;
- } else {
- hashes->len = HASH_ResultLenByOidTag(hashAlg);
- if (hashes->len > sizeof(hashes->u.raw)) {
- ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
- rv = SECFailure;
- goto done;
- }
- rv = PK11_HashBuf(hashAlg, hashes->u.raw, hashBuf, bufLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
- rv = SECFailure;
- }
- }
+ if (hashAlg == ssl_hash_none) {
+ rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+ return rv;
+ }
+ rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+ return rv;
+ }
+ hashes->len = MD5_LENGTH + SHA1_LENGTH;
+ } else {
+ hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg);
+ hashes->len = HASH_ResultLenByOidTag(hashOID);
+ if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) {
+ ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ return SECFailure;
+ }
+ rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+ return rv;
+ }
+ }
}
hashes->hashAlg = hashAlg;
-
-done:
- return rv;
+ return SECSuccess;
}
/* Caller must set hiLevel error code.
@@ -1235,10 +1258,10 @@
** ssl3_HandleServerKeyExchange.
*/
static SECStatus
-ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg,
- SECItem modulus, SECItem publicExponent,
- SSL3Random *client_rand, SSL3Random *server_rand,
- SSL3Hashes *hashes, PRBool bypassPKCS11)
+ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg,
+ SECItem modulus, SECItem publicExponent,
+ SSL3Random *client_rand, SSL3Random *server_rand,
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
{
PRUint8 * hashBuf;
PRUint8 * pBuf;
@@ -1276,7 +1299,7 @@
bypassPKCS11);
PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen));
- if (hashAlg == SEC_OID_UNKNOWN) {
+ if (hashAlg == ssl_hash_none) {
PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result",
hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result",
@@ -1294,10 +1317,10 @@
/* Caller must set hiLevel error code. */
/* Called from ssl3_HandleServerKeyExchange. */
static SECStatus
-ssl3_ComputeDHKeyHash(SECOidTag hashAlg,
- SECItem dh_p, SECItem dh_g, SECItem dh_Ys,
- SSL3Random *client_rand, SSL3Random *server_rand,
- SSL3Hashes *hashes, PRBool bypassPKCS11)
+ssl3_ComputeDHKeyHash(SSLHashType hashAlg,
+ SECItem dh_p, SECItem dh_g, SECItem dh_Ys,
+ SSL3Random *client_rand, SSL3Random *server_rand,
+ SSL3Hashes *hashes, PRBool bypassPKCS11)
{
PRUint8 * hashBuf;
PRUint8 * pBuf;
@@ -1340,7 +1363,7 @@
bypassPKCS11);
PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen));
- if (hashAlg == SEC_OID_UNKNOWN) {
+ if (hashAlg == ssl_hash_none) {
PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
hashes->u.s.md5, MD5_LENGTH));
PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
@@ -2298,7 +2321,11 @@
* Sets error code, but caller probably should override to disambiguate.
* NULL pms means re-use old master_secret.
*
- * This code is common to the bypass and PKCS11 execution paths.
+ * This code is common to the bypass and PKCS11 execution paths. For
+ * the bypass case, pms is NULL. If the old master secret is reused,
+ * pms is NULL and the master secret is already in either
+ * pwSpec->msItem.len (the bypass case) or pwSpec->master_secret.
+ *
* For the bypass case, pms is NULL.
*/
SECStatus
@@ -2682,7 +2709,7 @@
PRUint32 fragLen;
PRUint32 p1Len, p2Len, oddLen = 0;
PRUint16 headerLen;
- int ivLen = 0;
+ unsigned int ivLen = 0;
int cipherBytes = 0;
unsigned char pseudoHeader[13];
unsigned int pseudoHeaderLen;
@@ -3244,7 +3271,8 @@
{
static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
ssl_SEND_FLAG_CAP_RECORD_VERSION;
- PRInt32 rv = SECSuccess;
+ PRInt32 count = -1;
+ SECStatus rv = SECSuccess;
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -3258,18 +3286,19 @@
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
} else {
- rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
+ count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
ss->sec.ci.sendBuf.len, flags);
}
- if (rv < 0) {
+ if (count < 0) {
int err = PORT_GetError();
PORT_Assert(err != PR_WOULD_BLOCK_ERROR);
if (err == PR_WOULD_BLOCK_ERROR) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
- } else if (rv < ss->sec.ci.sendBuf.len) {
+ rv = SECFailure;
+ } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
/* short write should never happen */
- PORT_Assert(rv >= ss->sec.ci.sendBuf.len);
+ PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
} else {
@@ -3705,13 +3734,70 @@
return SECSuccess;
}
-/* This method uses PKCS11 to derive the MS from the PMS, where PMS
-** is a PKCS11 symkey. This is used in all cases except the
-** "triple bypass" with RSA key exchange.
-** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec.
+/* This method completes the derivation of the MS from the PMS.
+**
+** 1. Derive the MS, if possible, else return an error.
+**
+** 2. Check the version if |pms_version| is non-zero and if wrong,
+** return an error.
+**
+** 3. If |msp| is nonzero, return MS in |*msp|.
+
+** Called from:
+** ssl3_ComputeMasterSecretInt
+** tls_ComputeExtendedMasterSecretInt
*/
static SECStatus
-ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
+ssl3_ComputeMasterSecretFinish(sslSocket *ss,
+ CK_MECHANISM_TYPE master_derive,
+ CK_MECHANISM_TYPE key_derive,
+ CK_VERSION *pms_version,
+ SECItem *params, CK_FLAGS keyFlags,
+ PK11SymKey *pms, PK11SymKey **msp)
+{
+ PK11SymKey *ms = NULL;
+
+ ms = PK11_DeriveWithFlags(pms, master_derive,
+ params, key_derive,
+ CKA_DERIVE, 0, keyFlags);
+ if (!ms) {
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+ return SECFailure;
+ }
+
+ if (pms_version && ss->opt.detectRollBack) {
+ SSL3ProtocolVersion client_version;
+ client_version = pms_version->major << 8 | pms_version->minor;
+
+ if (IS_DTLS(ss)) {
+ client_version = dtls_DTLSVersionToTLSVersion(client_version);
+ }
+
+ if (client_version != ss->clientHelloVersion) {
+ /* Destroy MS. Version roll-back detected. */
+ PK11_FreeSymKey(ms);
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+ return SECFailure;
+ }
+ }
+
+ if (msp) {
+ *msp = ms;
+ } else {
+ PK11_FreeSymKey(ms);
+ }
+
+ return SECSuccess;
+}
+
+/* Compute the ordinary (pre draft-ietf-tls-session-hash) master
+ ** secret and return it in |*msp|.
+ **
+ ** Called from: ssl3_ComputeMasterSecret
+ */
+static SECStatus
+ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
+ PK11SymKey **msp)
{
ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec;
const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def;
@@ -3721,28 +3807,27 @@
(pwSpec->version > SSL_LIBRARY_VERSION_3_0));
PRBool isTLS12=
(PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
- /*
+ /*
* Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH
* which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size
- * data into a 48-byte value.
+ * data into a 48-byte value, and does not expect to return the version.
*/
PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
(ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
- SECStatus rv = SECFailure;
CK_MECHANISM_TYPE master_derive;
CK_MECHANISM_TYPE key_derive;
SECItem params;
CK_FLAGS keyFlags;
CK_VERSION pms_version;
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
+ CK_VERSION *pms_version_ptr = NULL;
+ /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+ unsigned int master_params_len;
- PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
- PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
- PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
if (isTLS12) {
- if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
- else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+ else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
} else if (isTLS) {
if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
@@ -3756,87 +3841,142 @@
keyFlags = 0;
}
- if (pms || !pwSpec->master_secret) {
- if (isDH) {
- master_params.pVersion = NULL;
- } else {
- master_params.pVersion = &pms_version;
- }
- master_params.RandomInfo.pClientRandom = cr;
- master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
- master_params.RandomInfo.pServerRandom = sr;
- master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+ if (!isDH) {
+ pms_version_ptr = &pms_version;
+ }
- params.data = (unsigned char *) &master_params;
- params.len = sizeof master_params;
+ master_params.pVersion = pms_version_ptr;
+ master_params.RandomInfo.pClientRandom = cr;
+ master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
+ master_params.RandomInfo.pServerRandom = sr;
+ master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+ if (isTLS12) {
+ master_params.prfHashMechanism = CKM_SHA256;
+ master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
+ } else {
+ /* prfHashMechanism is not relevant with this PRF */
+ master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
}
- if (pms != NULL) {
-#if defined(TRACE)
- if (ssl_trace >= 100) {
- SECStatus extractRV = PK11_ExtractKeyValue(pms);
- if (extractRV == SECSuccess) {
- SECItem * keyData = PK11_GetKeyData(pms);
- if (keyData && keyData->data && keyData->len) {
- ssl_PrintBuf(ss, "Pre-Master Secret",
- keyData->data, keyData->len);
- }
- }
- }
-#endif
- pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive,
- &params, key_derive, CKA_DERIVE, 0, keyFlags);
- if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) {
- SSL3ProtocolVersion client_version;
- client_version = pms_version.major << 8 | pms_version.minor;
+ params.data = (unsigned char *) &master_params;
+ params.len = master_params_len;
- if (IS_DTLS(ss)) {
- client_version = dtls_DTLSVersionToTLSVersion(client_version);
- }
+ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
+ pms_version_ptr, &params,
+ keyFlags, pms, msp);
+}
- if (client_version != ss->clientHelloVersion) {
- /* Destroy it. Version roll-back detected. */
- PK11_FreeSymKey(pwSpec->master_secret);
- pwSpec->master_secret = NULL;
- }
- }
- if (pwSpec->master_secret == NULL) {
- /* Generate a faux master secret in the same slot as the old one. */
- PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms);
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
+/* Compute the draft-ietf-tls-session-hash master
+** secret and return it in |*msp|.
+**
+** Called from: ssl3_ComputeMasterSecret
+*/
+static SECStatus
+tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
+ PK11SymKey **msp)
+{
+ ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+ CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params;
+ SSL3Hashes hashes;
+ /*
+ * Determine whether to use the DH/ECDH or RSA derivation modes.
+ */
+ /*
+ * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion
+ * mode. Bug 1198298 */
+ PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) ||
+ (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh));
+ CK_MECHANISM_TYPE master_derive;
+ CK_MECHANISM_TYPE key_derive;
+ SECItem params;
+ const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY;
+ CK_VERSION pms_version;
+ CK_VERSION *pms_version_ptr = NULL;
+ SECStatus rv;
- PK11_FreeSlot(slot);
- if (fpms != NULL) {
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
- master_derive, &params, key_derive,
- CKA_DERIVE, 0, keyFlags);
- PK11_FreeSymKey(fpms);
- }
- }
+ rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0);
+ if (rv != SECSuccess) {
+ PORT_Assert(0); /* Should never fail */
+ ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+ return SECFailure;
}
- if (pwSpec->master_secret == NULL) {
- /* Generate a faux master secret from the internal slot. */
- PK11SlotInfo * slot = PK11_GetInternalSlot();
- PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot);
- PK11_FreeSlot(slot);
- if (fpms != NULL) {
- pwSpec->master_secret = PK11_DeriveWithFlags(fpms,
- master_derive, &params, key_derive,
- CKA_DERIVE, 0, keyFlags);
- if (pwSpec->master_secret == NULL) {
- pwSpec->master_secret = fpms; /* use the fpms as the master. */
- fpms = NULL;
- }
- }
- if (fpms) {
- PK11_FreeSymKey(fpms);
- }
+ if (isDH) {
+ master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
+ } else {
+ master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE;
+ pms_version_ptr = &pms_version;
}
- if (pwSpec->master_secret == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
- return rv;
+
+ if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ /* TLS 1.2 */
+ extended_master_params.prfHashMechanism = CKM_SHA256;
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+ } else {
+ /* TLS < 1.2 */
+ extended_master_params.prfHashMechanism = CKM_TLS_PRF;
+ key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+ }
+
+ extended_master_params.pVersion = pms_version_ptr;
+ extended_master_params.pSessionHash = hashes.u.raw;
+ extended_master_params.ulSessionHashLen = hashes.len;
+
+ params.data = (unsigned char *) &extended_master_params;
+ params.len = sizeof extended_master_params;
+
+ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
+ pms_version_ptr, &params,
+ keyFlags, pms, msp);
+}
+
+
+/* Wrapper method to compute the master secret and return it in |*msp|.
+**
+** Called from ssl3_ComputeMasterSecret
+*/
+static SECStatus
+ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
+ PK11SymKey **msp)
+{
+ PORT_Assert(pms != NULL);
+ PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+ if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+ return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
+ } else {
+ return ssl3_ComputeMasterSecretInt(ss, pms, msp);
+ }
+}
+
+/* This method uses PKCS11 to derive the MS from the PMS, where PMS
+** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the
+** computations and then modify the pwSpec->state as a side effect.
+**
+** This is used in all cases except the "triple bypass" with RSA key
+** exchange.
+**
+** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec.
+*/
+static SECStatus
+ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
+{
+ SECStatus rv;
+ PK11SymKey* ms = NULL;
+ ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+ if (pms) {
+ rv = ssl3_ComputeMasterSecret(ss, pms, &ms);
+ pwSpec->master_secret = ms;
+ if (rv != SECSuccess)
+ return rv;
}
+
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
SECItem * keydata;
@@ -3847,7 +3987,7 @@
rv = PK11_ExtractKeyValue(pwSpec->master_secret);
if (rv != SECSuccess) {
return rv;
- }
+ }
/* This returns the address of the secItem inside the key struct,
* not a copy or a reference. So, there's no need to free it.
*/
@@ -3862,10 +4002,10 @@
}
}
#endif
+
return SECSuccess;
}
-
/*
* Derive encryption and MAC Keys (and IVs) from master secret
* Sets a useful error code when returning SECFailure.
@@ -3898,7 +4038,9 @@
PK11SymKey * symKey = NULL;
void * pwArg = ss->pkcs11PinArg;
int keySize;
- CK_SSL3_KEY_MAT_PARAMS key_material_params;
+ CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
+ * CK_SSL3_KEY_MAT_PARAMS */
+ unsigned int key_material_params_len;
CK_SSL3_KEY_MAT_OUT returnedKeys;
CK_MECHANISM_TYPE key_derive;
CK_MECHANISM_TYPE bulk_mechanism;
@@ -3952,17 +4094,21 @@
PORT_Assert( alg2Mech[calg].calg == calg);
bulk_mechanism = alg2Mech[calg].cmech;
- params.data = (unsigned char *)&key_material_params;
- params.len = sizeof(key_material_params);
-
if (isTLS12) {
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+ key_material_params.prfHashMechanism = CKM_SHA256;
+ key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
} else if (isTLS) {
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
} else {
key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
}
+ params.data = (unsigned char *)&key_material_params;
+ params.len = key_material_params_len;
+
/* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
* DERIVE by DEFAULT */
symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
@@ -4273,6 +4419,12 @@
PRUint8 b[4];
PRUint8 * p = b;
+ PORT_Assert(lenSize <= 4 && lenSize > 0);
+ if (lenSize < 4 && num >= (1L << (lenSize * 8))) {
+ PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
+ return SECFailure;
+ }
+
switch (lenSize) {
case 4:
*p++ = (num >> 24) & 0xff;
@@ -4365,17 +4517,12 @@
* |sigAndHash| to the current handshake message. */
SECStatus
ssl3_AppendSignatureAndHashAlgorithm(
- sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash)
+ sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
{
- unsigned char serialized[2];
+ PRUint8 serialized[2];
- serialized[0] = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg);
- if (serialized[0] == 0) {
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
- return SECFailure;
- }
-
- serialized[1] = sigAndHash->sigAlg;
+ serialized[0] = (PRUint8)sigAndHash->hashAlg;
+ serialized[1] = (PRUint8)sigAndHash->sigAlg;
return ssl3_AppendHandshake(ss, serialized, sizeof(serialized));
}
@@ -4470,6 +4617,7 @@
PORT_Assert(bytes <= 3);
i->len = 0;
i->data = NULL;
+ i->type = siBuffer;
count = ssl3_ConsumeHandshakeNumber(ss, bytes, b, length);
if (count < 0) { /* Can't test for SECSuccess here. */
return SECFailure;
@@ -4489,15 +4637,13 @@
/* tlsHashOIDMap contains the mapping between TLS hash identifiers and the
* SECOidTag used internally by NSS. */
static const struct {
- int tlsHash;
+ SSLHashType tlsHash;
SECOidTag oid;
} tlsHashOIDMap[] = {
- { tls_hash_md5, SEC_OID_MD5 },
- { tls_hash_sha1, SEC_OID_SHA1 },
- { tls_hash_sha224, SEC_OID_SHA224 },
- { tls_hash_sha256, SEC_OID_SHA256 },
- { tls_hash_sha384, SEC_OID_SHA384 },
- { tls_hash_sha512, SEC_OID_SHA512 }
+ { ssl_hash_sha1, SEC_OID_SHA1 },
+ { ssl_hash_sha256, SEC_OID_SHA256 },
+ { ssl_hash_sha384, SEC_OID_SHA384 },
+ { ssl_hash_sha512, SEC_OID_SHA512 }
};
/* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
@@ -4505,7 +4651,7 @@
*
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
SECOidTag
-ssl3_TLSHashAlgorithmToOID(int hashFunc)
+ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc)
{
unsigned int i;
@@ -4517,42 +4663,24 @@
return SEC_OID_UNKNOWN;
}
-/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm
- * identifier. If the hash is not recognised, zero is returned.
- *
- * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-static int
-ssl3_OIDToTLSHashAlgorithm(SECOidTag oid)
-{
- unsigned int i;
-
- for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) {
- if (oid == tlsHashOIDMap[i].oid) {
- return tlsHashOIDMap[i].tlsHash;
- }
- }
- return 0;
-}
-
/* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm
* identifier for a given KeyType. */
static SECStatus
-ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType,
- TLSSignatureAlgorithm *out)
+ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out)
{
switch (keyType) {
case rsaKey:
- *out = tls_sig_rsa;
- return SECSuccess;
+ *out = ssl_sign_rsa;
+ return SECSuccess;
case dsaKey:
- *out = tls_sig_dsa;
- return SECSuccess;
+ *out = ssl_sign_dsa;
+ return SECSuccess;
case ecKey:
- *out = tls_sig_ecdsa;
- return SECSuccess;
+ *out = ssl_sign_ecdsa;
+ return SECSuccess;
default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ return SECFailure;
}
}
@@ -4560,15 +4688,15 @@
* algorithm identifier for the given certificate. */
static SECStatus
ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert,
- TLSSignatureAlgorithm *out)
+ SSLSignType *out)
{
SECKEYPublicKey *key;
KeyType keyType;
key = CERT_ExtractPublicKey(cert);
if (key == NULL) {
- ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
- return SECFailure;
+ ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+ return SECFailure;
}
keyType = key->keyType;
@@ -4578,24 +4706,75 @@
/* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature
* algorithm identifier in |sigAndHash| is consistent with the public key in
- * |cert|. If so, SECSuccess is returned. Otherwise, PORT_SetError is called
- * and SECFailure is returned. */
+ * |cert|. It also checks the hash algorithm against the configured signature
+ * algorithms. If all the tests pass, SECSuccess is returned. Otherwise,
+ * PORT_SetError is called and SECFailure is returned. */
SECStatus
ssl3_CheckSignatureAndHashAlgorithmConsistency(
- const SSL3SignatureAndHashAlgorithm *sigAndHash, CERTCertificate* cert)
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
+ CERTCertificate* cert)
{
SECStatus rv;
- TLSSignatureAlgorithm sigAlg;
+ SSLSignType sigAlg;
+ unsigned int i;
rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
if (sigAlg != sigAndHash->sigAlg) {
- PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
- return SECFailure;
+ PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+ return SECFailure;
}
- return SECSuccess;
+
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
+ const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
+ if (sigAndHash->sigAlg == alg->sigAlg &&
+ sigAndHash->hashAlg == alg->hashAlg) {
+ return SECSuccess;
+ }
+ }
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+ return SECFailure;
+}
+
+PRBool
+ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg)
+{
+ static const SSLHashType supportedHashes[] = {
+ ssl_hash_sha1,
+ ssl_hash_sha256,
+ ssl_hash_sha384,
+ ssl_hash_sha512
+ };
+
+ static const SSLSignType supportedSigAlgs[] = {
+ ssl_sign_rsa,
+#ifndef NSS_DISABLE_ECC
+ ssl_sign_ecdsa,
+#endif
+ ssl_sign_dsa
+ };
+
+ unsigned int i;
+ PRBool hashOK = PR_FALSE;
+ PRBool signOK = PR_FALSE;
+
+ for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) {
+ if (alg->hashAlg == supportedHashes[i]) {
+ hashOK = PR_TRUE;
+ break;
+ }
+ }
+
+ for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) {
+ if (alg->sigAlg == supportedSigAlgs[i]) {
+ signOK = PR_TRUE;
+ break;
+ }
+ }
+
+ return hashOK && signOK;
}
/* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm
@@ -4605,25 +4784,24 @@
* See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
SECStatus
ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
- SSL3Opaque **b,
- PRUint32 *length,
- SSL3SignatureAndHashAlgorithm *out)
+ SSL3Opaque **b,
+ PRUint32 *length,
+ SSLSignatureAndHashAlg *out)
{
- unsigned char bytes[2];
+ PRUint8 bytes[2];
SECStatus rv;
rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
- out->hashAlg = ssl3_TLSHashAlgorithmToOID(bytes[0]);
- if (out->hashAlg == SEC_OID_UNKNOWN) {
- PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
- return SECFailure;
+ out->hashAlg = (SSLHashType)bytes[0];
+ out->sigAlg = (SSLSignType)bytes[1];
+ if (!ssl3_IsSupportedSignatureAlgorithm(out)) {
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+ return SECFailure;
}
-
- out->sigAlg = bytes[1];
return SECSuccess;
}
@@ -4653,7 +4831,12 @@
SSL3Opaque sha_inner[MAX_MAC_LENGTH];
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
- hashes->hashAlg = SEC_OID_UNKNOWN;
+ if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
+ hashes->hashAlg = ssl_hash_none;
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11 &&
@@ -4661,11 +4844,6 @@
/* compute them without PKCS11 */
PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS];
- if (!spec->msItem.data) {
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
- return SECFailure;
- }
-
ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx);
ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len,
sizeof(hashes->u.raw));
@@ -4674,7 +4852,7 @@
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
* then this will need to be updated. */
- hashes->hashAlg = SEC_OID_SHA256;
+ hashes->hashAlg = ssl_hash_sha256;
rv = SECSuccess;
} else if (ss->opt.bypassPKCS11) {
/* compute them without PKCS11 */
@@ -4684,11 +4862,6 @@
#define md5cx ((MD5Context *)md5_cx)
#define shacx ((SHA1Context *)sha_cx)
- if (!spec->msItem.data) {
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
- return SECFailure;
- }
-
MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx);
SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx);
@@ -4696,6 +4869,11 @@
/* compute hashes for SSL3. */
unsigned char s[4];
+ if (!spec->msItem.data) {
+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+ return SECFailure;
+ }
+
s[0] = (unsigned char)(sender >> 24);
s[1] = (unsigned char)(sender >> 16);
s[2] = (unsigned char)(sender >> 8);
@@ -4768,11 +4946,6 @@
unsigned char stackBuf[1024];
unsigned char *stateBuf = NULL;
- if (!spec->master_secret) {
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
- return SECFailure;
- }
-
h = ss->ssl3.hs.sha;
stateBuf = PK11_SaveContextAlloc(h, stackBuf,
sizeof(stackBuf), &stateLen);
@@ -4789,7 +4962,7 @@
}
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
* then this will need to be updated. */
- hashes->hashAlg = SEC_OID_SHA256;
+ hashes->hashAlg = ssl_hash_sha256;
rv = SECSuccess;
tls12_loser:
@@ -4812,11 +4985,6 @@
unsigned char md5StackBuf[256];
unsigned char shaStackBuf[512];
- if (!spec->master_secret) {
- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
- return SECFailure;
- }
-
md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
sizeof md5StackBuf, &md5StateLen);
if (md5StateBuf == NULL) {
@@ -4837,6 +5005,11 @@
/* compute hashes for SSL3. */
unsigned char s[4];
+ if (!spec->master_secret) {
+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+ return SECFailure;
+ }
+
s[0] = (unsigned char)(sender >> 24);
s[1] = (unsigned char)(sender >> 16);
s[2] = (unsigned char)(sender >> 8);
@@ -4968,7 +5141,7 @@
rv = SECFailure;
goto loser;
}
- hashes->hashAlg = SEC_OID_SHA1;
+ hashes->hashAlg = ssl_hash_sha1;
loser:
PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE);
@@ -5049,7 +5222,9 @@
if (rv != SECSuccess) {
return rv; /* ssl3_InitState has set the error code. */
}
- ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */
+ /* These must be reset every handshake. */
+ ss->ssl3.hs.sendingSCSV = PR_FALSE;
+ ss->ssl3.hs.preliminaryInfo = 0;
PORT_Assert(IS_DTLS(ss) || !resending);
SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
@@ -5425,7 +5600,7 @@
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
actual_count++;
if (actual_count > num_suites) {
if (sid->u.ssl3.lock) { NSSRWLock_UnlockRead(sid->u.ssl3.lock); }
@@ -6083,14 +6258,6 @@
}
}
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms); pms = NULL;
-
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
isTLS ? enc_pms.len + 2 : enc_pms.len);
if (rv != SECSuccess) {
@@ -6105,6 +6272,15 @@
goto loser; /* err set by ssl3_AppendHandshake* */
}
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
+ PK11_FreeSymKey(pms);
+ pms = NULL;
+
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
rv = SECSuccess;
loser:
@@ -6174,14 +6350,6 @@
SECKEY_DestroyPrivateKey(privKey);
privKey = NULL;
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms); pms = NULL;
-
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
pubKey->u.dh.publicValue.len + 2);
if (rv != SECSuccess) {
@@ -6197,8 +6365,16 @@
goto loser; /* err set by ssl3_AppendHandshake* */
}
- rv = SECSuccess;
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
+ PK11_FreeSymKey(pms);
+ pms = NULL;
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
+ rv = SECSuccess;
loser:
@@ -6240,9 +6416,9 @@
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
/* enforce limits on kea key sizes. */
if (ss->ssl3.hs.kea_def->is_limited) {
- int keyLen = SECKEY_PublicKeyStrength(serverKey); /* bytes */
+ unsigned int keyLen = SECKEY_PublicKeyStrengthInBits(serverKey);
- if (keyLen * BPB > ss->ssl3.hs.kea_def->key_size_limit) {
+ if (keyLen > ss->ssl3.hs.kea_def->key_size_limit) {
if (isTLS)
(void)SSL3_SendAlert(ss, alert_fatal, export_restriction);
else
@@ -6297,7 +6473,7 @@
SSL3Hashes hashes;
KeyType keyType;
unsigned int len;
- SSL3SignatureAndHashAlgorithm sigAndHash;
+ SSLSignatureAndHashAlg sigAndHash;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -6362,11 +6538,11 @@
}
if (isTLS12) {
rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType,
- &sigAndHash.sigAlg);
+ &sigAndHash.sigAlg);
if (rv != SECSuccess) {
goto done;
}
- sigAndHash.hashAlg = hashes.hashAlg;
+ sigAndHash.hashAlg = hashes.hashAlg;
rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
if (rv != SECSuccess) {
@@ -6474,6 +6650,7 @@
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
rv = ssl3_InitHandshakeHashes(ss);
@@ -6509,7 +6686,7 @@
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
if (temp == suite->cipher_suite) {
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
/* config_match already checks whether the cipher suite is
* acceptable for the version, but the check is repeated here
* in order to give a more precise error code. */
@@ -6533,6 +6710,7 @@
}
ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp;
ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp);
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
PORT_Assert(ss->ssl3.hs.suite_def);
if (!ss->ssl3.hs.suite_def) {
PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE);
@@ -6619,6 +6797,32 @@
SECItem wrappedMS; /* wrapped master secret. */
+ /* [draft-ietf-tls-session-hash-06; Section 5.3]
+ *
+ * o If the original session did not use the "extended_master_secret"
+ * extension but the new ServerHello contains the extension, the
+ * client MUST abort the handshake.
+ */
+ if (!sid->u.ssl3.keys.extendedMasterSecretUsed &&
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+ errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET;
+ goto alert_loser;
+ }
+
+ /*
+ * o If the original session used an extended master secret but the new
+ * ServerHello does not contain the "extended_master_secret"
+ * extension, the client SHOULD abort the handshake.
+ *
+ * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not
+ * used at all (bug 1176526).
+ */
+ if (sid->u.ssl3.keys.extendedMasterSecretUsed &&
+ !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+ errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
+ goto alert_loser;
+ }
+
ss->sec.authAlgorithm = sid->authAlgorithm;
ss->sec.authKeyBits = sid->authKeyBits;
ss->sec.keaType = sid->keaType;
@@ -6721,7 +6925,7 @@
ssl3_CopyPeerCertsFromSID(ss, sid);
}
- /* NULL value for PMS signifies re-use of the old MS */
+ /* NULL value for PMS because we are reusing the old MS */
rv = ssl3_InitPendingCipherSpec(ss, NULL);
if (rv != SECSuccess) {
goto alert_loser; /* err code was set */
@@ -6750,6 +6954,9 @@
sid->u.ssl3.sessionIDLength = sidBytes.len;
PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
+
/* Copy Signed Certificate Timestamps, if any. */
if (ss->xtnData.signedCertTimestamps.data) {
rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
@@ -6761,13 +6968,14 @@
ss->ssl3.hs.isResuming = PR_FALSE;
if (ss->ssl3.hs.kea_def->signKeyType != sign_null) {
/* All current cipher suites other than those with sign_null (i.e.,
- * DH_anon_* suites) require a certificate, so use that signal. */
+ * (EC)DH_anon_* suites) require a certificate, so use that signal. */
ss->ssl3.hs.ws = wait_server_cert;
- } else if (ss->ssl3.hs.kea_def->ephemeral) {
- /* Only ephemeral cipher suites use ServerKeyExchange. */
- ss->ssl3.hs.ws = wait_server_key;
} else {
- ss->ssl3.hs.ws = wait_cert_request;
+ /* All the remaining cipher suites must be (EC)DH_anon_* and so
+ * must be ephemeral. Note, if we ever add PSK this might
+ * change. */
+ PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
+ ss->ssl3.hs.ws = wait_server_key;
}
winner:
@@ -6807,29 +7015,6 @@
return SECFailure;
}
-/* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned,
- * big-endian integer is > 1 */
-static PRBool
-ssl3_BigIntGreaterThanOne(const SECItem* mpint) {
- unsigned char firstNonZeroByte = 0;
- unsigned int i;
-
- for (i = 0; i < mpint->len; i++) {
- if (mpint->data[i]) {
- firstNonZeroByte = mpint->data[i];
- break;
- }
- }
-
- if (firstNonZeroByte == 0)
- return PR_FALSE;
- if (firstNonZeroByte > 1)
- return PR_TRUE;
-
- /* firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte
- * is followed by another byte. */
- return (i < mpint->len - 1);
-}
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 ServerKeyExchange message.
@@ -6846,9 +7031,9 @@
SSL3AlertDescription desc = illegal_parameter;
SSL3Hashes hashes;
SECItem signature = {siBuffer, NULL, 0};
- SSL3SignatureAndHashAlgorithm sigAndHash;
+ SSLSignatureAndHashAlg sigAndHash;
- sigAndHash.hashAlg = SEC_OID_UNKNOWN;
+ sigAndHash.hashAlg = ssl_hash_none;
SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake",
SSL_GETPID(), ss->fd));
@@ -6874,6 +7059,12 @@
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
+ /* This exchange method is only used by export cipher suites.
+ * Those are broken and so this code will eventually be removed. */
+ if (SECKEY_BigIntegerBitLength(&modulus) < 512) {
+ desc = isTLS ? insufficient_security : illegal_parameter;
+ goto alert_loser;
+ }
rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
@@ -6884,7 +7075,7 @@
if (rv != SECSuccess) {
goto loser; /* malformed or unsupported. */
}
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
&sigAndHash, ss->sec.peerCert);
if (rv != SECSuccess) {
goto loser;
@@ -6907,10 +7098,10 @@
/*
* check to make sure the hash is signed by right guy
*/
- rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
errCode =
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
@@ -6936,7 +7127,6 @@
peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
- PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
@@ -6947,7 +7137,6 @@
if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) ||
SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent))
{
- PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
ss->sec.peerKey = peerKey;
@@ -6959,13 +7148,22 @@
SECItem dh_p = {siBuffer, NULL, 0};
SECItem dh_g = {siBuffer, NULL, 0};
SECItem dh_Ys = {siBuffer, NULL, 0};
+ unsigned dh_p_bits;
+ unsigned dh_g_bits;
+ unsigned dh_Ys_bits;
+ PRInt32 minDH;
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
- if (dh_p.len < 1024/8 ||
- (dh_p.len == 1024/8 && (dh_p.data[0] & 0x80) == 0)) {
+
+ rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
+ if (rv != SECSuccess) {
+ minDH = SSL_DH_MIN_P_BITS;
+ }
+ dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
+ if (dh_p_bits < minDH) {
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
goto alert_loser;
}
@@ -6973,13 +7171,16 @@
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
- if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g))
+ /* Abort if dh_g is 0, 1, or obviously too big. */
+ dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g);
+ if (dh_g_bits > dh_p_bits || dh_g_bits <= 1)
goto alert_loser;
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
- if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_Ys))
+ dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys);
+ if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1)
goto alert_loser;
if (isTLS12) {
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
@@ -6987,7 +7188,7 @@
if (rv != SECSuccess) {
goto loser; /* malformed or unsupported. */
}
- rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
+ rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss,
&sigAndHash, ss->sec.peerCert);
if (rv != SECSuccess) {
goto loser;
@@ -7014,10 +7215,10 @@
/*
* check to make sure the hash is signed by right guy
*/
- rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys,
- &ss->ssl3.hs.client_random,
- &ss->ssl3.hs.server_random,
- &hashes, ss->opt.bypassPKCS11);
+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
if (rv != SECSuccess) {
errCode =
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
@@ -7041,7 +7242,7 @@
goto no_memory;
}
- ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
+ peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
goto no_memory;
}
@@ -7055,7 +7256,6 @@
SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) ||
SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys))
{
- PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
ss->sec.peerKey = peerKey;
@@ -7078,10 +7278,16 @@
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
PORT_SetError( errCode );
return SECFailure;
no_memory: /* no-memory error has already been set. */
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
@@ -7092,7 +7298,7 @@
*/
static SECStatus
ssl3_ExtractClientKeyInfo(sslSocket *ss,
- TLSSignatureAlgorithm *sigAlg,
+ SSLSignType *sigAlg,
PRBool *preferSha1)
{
SECStatus rv = SECSuccess;
@@ -7148,7 +7354,7 @@
const SECItem *algorithms)
{
SECStatus rv;
- TLSSignatureAlgorithm sigAlg;
+ SSLSignType sigAlg;
PRBool preferSha1;
PRBool supportsSha1 = PR_FALSE;
PRBool supportsSha256 = PR_FALSE;
@@ -7173,9 +7379,9 @@
/* Determine the server's hash support for that signature algorithm. */
for (i = 0; i < algorithms->len; i += 2) {
if (algorithms->data[i+1] == sigAlg) {
- if (algorithms->data[i] == tls_hash_sha1) {
+ if (algorithms->data[i] == ssl_hash_sha1) {
supportsSha1 = PR_TRUE;
- } else if (algorithms->data[i] == tls_hash_sha256) {
+ } else if (algorithms->data[i] == ssl_hash_sha256) {
supportsSha256 = PR_TRUE;
}
}
@@ -7334,6 +7540,8 @@
} else
#endif
if (ss->getClientAuthData != NULL) {
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
/* XXX Should pass cert_types and algorithms in this call!! */
rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
ss->fd, &ca_list,
@@ -7565,6 +7773,8 @@
SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher",
SSL_GETPID(), ss->fd));
} else {
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
rv = (ss->canFalseStartCallback)(ss->fd,
ss->canFalseStartCallbackData,
&ss->ssl3.hs.canFalseStart);
@@ -7923,6 +8133,7 @@
sid->u.ssl3.policy = SSL_ALLOWED;
sid->u.ssl3.clientWriteKey = NULL;
sid->u.ssl3.serverWriteKey = NULL;
+ sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE;
if (is_server) {
SECStatus rv;
@@ -7975,7 +8186,7 @@
if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) {
/* see if we can legally use the key in the cert. */
- int keyLen; /* bytes */
+ unsigned int keyLen; /* bytes */
keyLen = PK11_GetPrivateModulusLen(
ss->serverCerts[kea_def->exchKeyType].SERVERKEY);
@@ -8022,6 +8233,22 @@
/* An empty TLS Renegotiation Info (RI) extension */
static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00};
+static PRBool
+ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
+{
+ switch (kea) {
+ case kea_dhe_dss:
+ case kea_dhe_dss_export:
+ case kea_dh_dss_export:
+ case kea_dh_dss:
+ /* TODO: Fix session tickets for DSS. The server code rejects the
+ * session ticket received from the client. Bug 1174677 */
+ return PR_FALSE;
+ default:
+ return PR_TRUE;
+ };
+}
+
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 Client Hello message.
* Caller must hold Handshake and RecvBuf locks.
@@ -8044,6 +8271,7 @@
SECItem comps = {siBuffer, NULL, 0};
PRBool haveSpecWriteLock = PR_FALSE;
PRBool haveXmitBufLock = PR_FALSE;
+ PRBool canOfferSessionTicket = PR_FALSE;
SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
SSL_GETPID(), ss->fd));
@@ -8051,6 +8279,7 @@
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert( ss->ssl3.initialized );
+ ss->ssl3.hs.preliminaryInfo = 0;
if (!ss->sec.isServer ||
(ss->ssl3.hs.ws != wait_client_hello &&
@@ -8116,6 +8345,7 @@
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
rv = ssl3_InitHandshakeHashes(ss);
if (rv != SECSuccess) {
@@ -8283,8 +8513,7 @@
* resuming.)
*/
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) {
- ssl3_RegisterServerHelloExtensionSender(ss,
- ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
+ canOfferSessionTicket = PR_TRUE;
}
if (sid != NULL) {
@@ -8367,7 +8596,7 @@
* The product policy won't change during the process lifetime.
* Implemented ("isPresent") shouldn't change for servers.
*/
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange))
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss))
break;
#else
if (!suite->enabled)
@@ -8380,6 +8609,7 @@
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
ss->ssl3.hs.suite_def =
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
/* Use the cached compression method. */
ss->ssl3.hs.compression = sid->u.ssl3.compression;
@@ -8416,7 +8646,7 @@
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
continue;
}
for (i = 0; i + 1 < suites.len; i += 2) {
@@ -8425,6 +8655,7 @@
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
ss->ssl3.hs.suite_def =
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
goto suite_found;
}
}
@@ -8433,6 +8664,15 @@
goto alert_loser;
suite_found:
+ if (canOfferSessionTicket)
+ canOfferSessionTicket = ssl3_KEAAllowsSessionTicket(
+ ss->ssl3.hs.suite_def->key_exchange_alg);
+
+ if (canOfferSessionTicket) {
+ ssl3_RegisterServerHelloExtensionSender(ss,
+ ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
+ }
+
/* Select a compression algorithm. */
for (i = 0; i < comps.len; i++) {
if (!compressionEnabled(ss, comps.data[i]))
@@ -8458,6 +8698,8 @@
/* If there are any failures while processing the old sid,
* we don't consider them to be errors. Instead, We just behave
* as if the client had sent us no sid to begin with, and make a new one.
+ * The exception here is attempts to resume extended_master_secret
+ * sessions without the extension, which causes an alert.
*/
if (sid != NULL) do {
ssl3CipherSpec *pwSpec;
@@ -8469,6 +8711,30 @@
break; /* not an error */
}
+ /* [draft-ietf-tls-session-hash-06; Section 5.3]
+ * o If the original session did not use the "extended_master_secret"
+ * extension but the new ClientHello contains the extension, then the
+ * server MUST NOT perform the abbreviated handshake. Instead, it
+ * SHOULD continue with a full handshake (as described in
+ * Section 5.2) to negotiate a new session.
+ *
+ * o If the original session used the "extended_master_secret"
+ * extension but the new ClientHello does not contain the extension,
+ * the server MUST abort the abbreviated handshake.
+ */
+ if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+ if (!sid->u.ssl3.keys.extendedMasterSecretUsed) {
+ break; /* not an error */
+ }
+ } else {
+ if (sid->u.ssl3.keys.extendedMasterSecretUsed) {
+ /* Note: we do not destroy the session */
+ desc = handshake_failure;
+ errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
+ goto alert_loser;
+ }
+ }
+
if (ss->sec.ci.sid) {
if (ss->sec.uncache)
ss->sec.uncache(ss->sec.ci.sid);
@@ -8610,7 +8876,7 @@
haveSpecWriteLock = PR_FALSE;
}
- /* NULL value for PMS signifies re-use of the old MS */
+ /* NULL value for PMS because we are re-using the old MS */
rv = ssl3_InitPendingCipherSpec(ss, NULL);
if (rv != SECSuccess) {
errCode = PORT_GetError();
@@ -8654,6 +8920,9 @@
if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
int ret = 0;
if (ss->sniSocketConfig) do { /* not a loop */
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
+
ret = SSL_SNI_SEND_ALERT;
/* If extension is negotiated, the len of names should > 0. */
if (ss->xtnData.sniNameArrSize) {
@@ -8701,7 +8970,7 @@
ret = SSL_SNI_SEND_ALERT;
break;
}
- } else if (ret < ss->xtnData.sniNameArrSize) {
+ } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
/* Application has configured new socket info. Lets check it
* and save the name. */
SECStatus rv;
@@ -8752,7 +9021,7 @@
ssl3_SendServerNameXtn);
} else {
/* Callback returned index outside of the boundary. */
- PORT_Assert(ret < ss->xtnData.sniNameArrSize);
+ PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
desc = internal_error;
ret = SSL_SNI_SEND_ALERT;
@@ -8798,13 +9067,16 @@
}
ss->sec.ci.sid = sid;
+ sid->u.ssl3.keys.extendedMasterSecretUsed =
+ ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
ss->ssl3.hs.isResuming = PR_FALSE;
ssl_GetXmitBufLock(ss);
rv = ssl3_SendServerHelloSequence(ss);
ssl_ReleaseXmitBufLock(ss);
if (rv != SECSuccess) {
- errCode = PORT_GetError();
- goto loser;
+ errCode = PORT_GetError();
+ desc = handshake_failure;
+ goto alert_loser;
}
if (haveXmitBufLock) {
@@ -8896,6 +9168,7 @@
errCode = SSL_ERROR_UNSUPPORTED_VERSION;
goto alert_loser;
}
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
rv = ssl3_InitHandshakeHashes(ss);
if (rv != SECSuccess) {
@@ -8951,7 +9224,7 @@
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
continue;
}
for (i = 0; i+2 < suite_length; i += 3) {
@@ -8960,6 +9233,7 @@
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
ss->ssl3.hs.suite_def =
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
+ ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
goto suite_found;
}
}
@@ -9150,6 +9424,154 @@
return SECSuccess;
}
+static SECStatus
+ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
+ SSLSignatureAndHashAlg* out);
+
+static SECStatus
+ssl3_SendDHServerKeyExchange(sslSocket *ss)
+{
+ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
+ SECStatus rv = SECFailure;
+ int length;
+ PRBool isTLS;
+ SECItem signed_hash = {siBuffer, NULL, 0};
+ SSL3Hashes hashes;
+ SSLSignatureAndHashAlg sigAndHash;
+ SECKEYDHParams dhParam;
+
+ ssl3KeyPair *keyPair = NULL;
+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */
+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
+ int certIndex = -1;
+
+ if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
+ /* TODO: Support DH_anon. It might be sufficient to drop the signature.
+ See bug 1170510. */
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
+ }
+
+ dhParam.prime.data = ss->dheParams->prime.data;
+ dhParam.prime.len = ss->dheParams->prime.len;
+ dhParam.base.data = ss->dheParams->base.data;
+ dhParam.base.len = ss->dheParams->base.len;
+
+ PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
+ dhParam.prime.len));
+ PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
+ dhParam.base.len));
+
+ /* Generate ephemeral DH keypair */
+ privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
+ if (!privKey || !pubKey) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ rv = SECFailure;
+ goto loser;
+ }
+
+ keyPair = ssl3_NewKeyPair(privKey, pubKey);
+ if (!keyPair) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ goto loser;
+ }
+
+ PRINT_BUF(50, (ss, "DH public value:",
+ pubKey->u.dh.publicValue.data,
+ pubKey->u.dh.publicValue.len));
+
+ if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ goto loser;
+ }
+
+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg,
+ pubKey->u.dh.prime,
+ pubKey->u.dh.base,
+ pubKey->u.dh.publicValue,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
+ /* It has been suggested to test kea_def->signKeyType instead, and to use
+ * ssl_auth_* instead. Investigate what to do. See bug 102794. */
+ if (kea_def->kea == kea_dhe_rsa)
+ certIndex = ssl_kea_rsa;
+ else
+ certIndex = ssl_kea_dh;
+
+ isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+ &signed_hash, isTLS);
+ if (rv != SECSuccess) {
+ goto loser; /* ssl3_SignHashes has set err. */
+ }
+ if (signed_hash.data == NULL) {
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+ length = 2 + pubKey->u.dh.prime.len +
+ 2 + pubKey->u.dh.base.len +
+ 2 + pubKey->u.dh.publicValue.len +
+ 2 + signed_hash.len;
+
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ length += 2;
+ }
+
+ rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
+ pubKey->u.dh.prime.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
+ pubKey->u.dh.base.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data,
+ pubKey->u.dh.publicValue.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
+ signed_hash.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+ PORT_Free(signed_hash.data);
+ ss->dheKeyPair = keyPair;
+ return SECSuccess;
+
+loser:
+ if (signed_hash.data)
+ PORT_Free(signed_hash.data);
+ if (privKey)
+ SECKEY_DestroyPrivateKey(privKey);
+ if (pubKey)
+ SECKEY_DestroyPublicKey(pubKey);
+ return SECFailure;
+}
+
/* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing
* elements of the handshake. (The negotiated cipher suite determines the
* signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always
@@ -9157,18 +9579,11 @@
* hash combinations. */
static SECStatus
ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
- SSL3SignatureAndHashAlgorithm* out)
+ SSLSignatureAndHashAlg* out)
{
- TLSSignatureAlgorithm sigAlg;
+ SSLSignType sigAlg;
+ PRUint32 policy;
unsigned int i, j;
- /* hashPreference expresses our preferences for hash algorithms, most
- * preferable first. */
- static const SECOidTag hashPreference[] = {
- SEC_OID_SHA256,
- SEC_OID_SHA384,
- SEC_OID_SHA512,
- SEC_OID_SHA1,
- };
switch (ss->ssl3.hs.kea_def->kea) {
case kea_rsa:
@@ -9181,48 +9596,63 @@
case kea_rsa_fips:
case kea_ecdh_rsa:
case kea_ecdhe_rsa:
- sigAlg = tls_sig_rsa;
- break;
+ sigAlg = ssl_sign_rsa;
+ break;
case kea_dh_dss:
case kea_dh_dss_export:
case kea_dhe_dss:
case kea_dhe_dss_export:
- sigAlg = tls_sig_dsa;
- break;
+ sigAlg = ssl_sign_dsa;
+ break;
case kea_ecdh_ecdsa:
case kea_ecdhe_ecdsa:
- sigAlg = tls_sig_ecdsa;
- break;
+ sigAlg = ssl_sign_ecdsa;
+ break;
default:
- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+ return SECFailure;
}
out->sigAlg = sigAlg;
if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) {
- /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and
- * prior. */
- out->hashAlg = SEC_OID_UNKNOWN;
- return SECSuccess;
+ /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and
+ * prior. */
+ out->hashAlg = ssl_hash_none;
+ return SECSuccess;
}
if (ss->ssl3.hs.numClientSigAndHash == 0) {
- /* If the client didn't provide any signature_algorithms extension then
- * we can assume that they support SHA-1:
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
- out->hashAlg = SEC_OID_SHA1;
- return SECSuccess;
+ /* If the client didn't provide any signature_algorithms extension then
+ * we can assume that they support SHA-1:
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+ out->hashAlg = ssl_hash_sha1;
+ return SECSuccess;
}
- for (i = 0; i < PR_ARRAY_SIZE(hashPreference); i++) {
- for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) {
- const SSL3SignatureAndHashAlgorithm* sh =
- &ss->ssl3.hs.clientSigAndHash[j];
- if (sh->sigAlg == sigAlg && sh->hashAlg == hashPreference[i]) {
- out->hashAlg = sh->hashAlg;
- return SECSuccess;
- }
+ /* Here we look for the first server preference that the client has
+ * indicated support for in their signature_algorithms extension. */
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
+ const SSLSignatureAndHashAlg *serverPref =
+ &ss->ssl3.signatureAlgorithms[i];
+ SECOidTag hashOID;
+ if (serverPref->sigAlg != sigAlg) {
+ continue;
+ }
+ hashOID = ssl3_TLSHashAlgorithmToOID(serverPref->hashAlg);
+ if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess)
+ || !(policy & NSS_USE_ALG_IN_SSL_KX)) {
+ /* we ignore hashes we don't support */
+ continue;
}
+ for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) {
+ const SSLSignatureAndHashAlg *clientPref =
+ &ss->ssl3.hs.clientSigAndHash[j];
+ if (clientPref->hashAlg == serverPref->hashAlg &&
+ clientPref->sigAlg == sigAlg) {
+ out->hashAlg = serverPref->hashAlg;
+ return SECSuccess;
+ }
+ }
}
PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
@@ -9240,7 +9670,7 @@
SECItem signed_hash = {siBuffer, NULL, 0};
SSL3Hashes hashes;
SECKEYPublicKey * sdPub; /* public key for step-down */
- SSL3SignatureAndHashAlgorithm sigAndHash;
+ SSLSignatureAndHashAlg sigAndHash;
SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
SSL_GETPID(), ss->fd));
@@ -9287,6 +9717,10 @@
2 + sdPub->u.rsa.publicExponent.len +
2 + signed_hash.len;
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ length += 2;
+ }
+
rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
if (rv != SECSuccess) {
goto loser; /* err set by AppendHandshake. */
@@ -9320,6 +9754,11 @@
PORT_Free(signed_hash.data);
return SECSuccess;
+ case ssl_kea_dh: {
+ rv = ssl3_SendDHServerKeyExchange(ss);
+ return rv;
+ }
+
#ifndef NSS_DISABLE_ECC
case kt_ecdh: {
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
@@ -9327,7 +9766,6 @@
}
#endif /* NSS_DISABLE_ECC */
- case kt_dh:
case kt_null:
default:
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
@@ -9339,6 +9777,36 @@
return SECFailure;
}
+static SECStatus
+ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
+ unsigned maxLen, PRUint32 *len)
+{
+ unsigned int i;
+
+ PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2);
+ if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
+ *len = 0;
+ for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
+ const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
+ /* Note that we don't support a handshake hash with anything other than
+ * SHA-256, so asking for a signature from clients for something else
+ * would be inviting disaster. */
+ if (alg->hashAlg == ssl_hash_sha256) {
+ buf[(*len)++] = (PRUint8)alg->hashAlg;
+ buf[(*len)++] = (PRUint8)alg->sigAlg;
+ }
+ }
+
+ if (*len == 0) {
+ PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+ return SECFailure;
+ }
+ return SECSuccess;
+}
static SECStatus
ssl3_SendCertificateRequest(sslSocket *ss)
@@ -9347,7 +9815,6 @@
SECItem * name;
CERTDistNames *ca_list;
const PRUint8 *certTypes;
- const PRUint8 *sigAlgs;
SECItem * names = NULL;
SECStatus rv;
int length;
@@ -9355,7 +9822,8 @@
int calen = 0;
int nnames = 0;
int certTypesLength;
- int sigAlgsLength;
+ PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2];
+ unsigned int sigAlgsLength = 0;
SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
SSL_GETPID(), ss->fd));
@@ -9382,12 +9850,15 @@
certTypes = certificate_types;
certTypesLength = sizeof certificate_types;
- sigAlgs = supported_signature_algorithms;
- sigAlgsLength = sizeof supported_signature_algorithms;
length = 1 + certTypesLength + 2 + calen;
if (isTLS12) {
- length += 2 + sigAlgsLength;
+ rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs),
+ &sigAlgsLength);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ length += 2 + sigAlgsLength;
}
rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
@@ -9453,7 +9924,7 @@
int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
SSL3AlertDescription desc = handshake_failure;
PRBool isTLS, isTLS12;
- SSL3SignatureAndHashAlgorithm sigAndHash;
+ SSLSignatureAndHashAlg sigAndHash;
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
SSL_GETPID(), ss->fd));
@@ -9469,6 +9940,13 @@
goto alert_loser;
}
+ if (!hashes) {
+ PORT_Assert(0);
+ desc = internal_error;
+ errCode = SEC_ERROR_LIBRARY_FAILURE;
+ goto alert_loser;
+ }
+
if (isTLS12) {
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
&sigAndHash);
@@ -9476,7 +9954,7 @@
goto loser; /* malformed or unsupported. */
}
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
- &sigAndHash, ss->sec.peerCert);
+ ss, &sigAndHash, ss->sec.peerCert);
if (rv != SECSuccess) {
errCode = PORT_GetError();
desc = decrypt_error;
@@ -9485,7 +9963,7 @@
/* We only support CertificateVerify messages that use the handshake
* hash. */
- if (sigAndHash.hashAlg != hashes->hashAlg) {
+ if (sigAndHash.hashAlg != hashes->hashAlg) {
errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM;
desc = decrypt_error;
goto alert_loser;
@@ -9616,18 +10094,17 @@
PRUint32 length,
SECKEYPrivateKey *serverKey)
{
- PK11SymKey * pms;
#ifndef NO_PKCS11_BYPASS
unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random;
unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random;
ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec;
unsigned int outLen = 0;
-#endif
PRBool isTLS = PR_FALSE;
+ SECItem pmsItem = {siBuffer, NULL, 0};
+ unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
+#endif
SECStatus rv;
SECItem enc_pms;
- unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
- SECItem pmsItem = {siBuffer, NULL, 0};
PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
@@ -9635,8 +10112,10 @@
enc_pms.data = b;
enc_pms.len = length;
+#ifndef NO_PKCS11_BYPASS
pmsItem.data = rsaPmsBuf;
pmsItem.len = sizeof rsaPmsBuf;
+#endif
if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
PRInt32 kLen;
@@ -9648,13 +10127,24 @@
if ((unsigned)kLen < enc_pms.len) {
enc_pms.len = kLen;
}
+#ifndef NO_PKCS11_BYPASS
isTLS = PR_TRUE;
+#endif
} else {
+#ifndef NO_PKCS11_BYPASS
isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0);
+#endif
}
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
+ /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass
+ * and will not negotiate this extension in bypass mode. This
+ * assert just double-checks that.
+ */
+ PORT_Assert(
+ !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn));
+
/* TRIPLE BYPASS, get PMS directly from RSA decryption.
* Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer,
* then, check for version rollback attack, then
@@ -9682,8 +10172,8 @@
}
}
/* have PMS, build MS without PKCS11 */
- rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
- PR_TRUE);
+ rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
+ PR_TRUE);
if (rv != SECSuccess) {
pwSpec->msItem.data = pwSpec->raw_master_secret;
pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
@@ -9693,49 +10183,163 @@
} else
#endif
{
+ PK11SymKey *tmpPms[2] = {NULL, NULL};
+ PK11SlotInfo *slot;
+ int useFauxPms = 0;
+#define currentPms tmpPms[!useFauxPms]
+#define unusedPms tmpPms[useFauxPms]
+#define realPms tmpPms[1]
+#define fauxPms tmpPms[0]
+
#ifndef NO_PKCS11_BYPASS
double_bypass:
#endif
- /*
- * unwrap pms out of the incoming buffer
- * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
- * the unwrap. Rather, it is the mechanism with which the
- * unwrapped pms will be used.
- */
- pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
- CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
- if (pms != NULL) {
- PRINT_BUF(60, (ss, "decrypted premaster secret:",
- PK11_GetKeyData(pms)->data,
- PK11_GetKeyData(pms)->len));
- } else {
- /* unwrap failed. Generate a bogus PMS and carry on. */
- PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey);
- ssl_GetSpecWriteLock(ss);
- pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
- ssl_ReleaseSpecWriteLock(ss);
- PK11_FreeSlot(slot);
- }
+ /*
+ * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1
+ * as we can within the constraints of the PKCS#11 interface.
+ *
+ * 1. Unconditionally generate a bogus PMS (what RFC 5246
+ * calls R).
+ * 2. Attempt the RSA decryption to recover the PMS (what
+ * RFC 5246 calls M).
+ * 3. Set PMS = (M == NULL) ? R : M
+ * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive
+ * the MS from PMS. This includes performing the version
+ * check and length check.
+ * 5. If either the initial RSA decryption failed or
+ * ssl3_ComputeMasterSecret(PMS) failed, then discard
+ * M and set PMS = R. Else, discard R and set PMS = M.
+ *
+ * We do two derivations here because we can't rely on having
+ * a function that only performs the PMS version and length
+ * check. The only redundant cost is that this runs the PRF,
+ * which isn't necessary here.
+ */
+
+ /* Generate the bogus PMS (R) */
+ slot = PK11_GetSlotFromPrivateKey(serverKey);
+ if (!slot) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
- if (pms == NULL) {
- /* last gasp. */
+ if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) {
+ PK11_FreeSlot(slot);
+ slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL);
+ if (!slot) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ }
+
+ ssl_GetSpecWriteLock(ss);
+ fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
+ ssl_ReleaseSpecWriteLock(ss);
+ PK11_FreeSlot(slot);
+
+ if (fauxPms == NULL) {
ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
+ /*
+ * unwrap pms out of the incoming buffer
+ * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
+ * the unwrap. Rather, it is the mechanism with which the
+ * unwrapped pms will be used.
+ */
+ realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms,
+ CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
+ /* Temporarily use the PMS if unwrapping the real PMS fails. */
+ useFauxPms |= (realPms == NULL);
+
+ /* Attempt to derive the MS from the PMS. This is the only way to
+ * check the version field in the RSA PMS. If this fails, we
+ * then use the faux PMS in place of the PMS. Note that this
+ * operation should never fail if we are using the faux PMS
+ * since it is correctly formatted. */
+ rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL);
+
+ /* If we succeeded, then select the true PMS and discard the
+ * FPMS. Else, select the FPMS and select the true PMS */
+ useFauxPms |= (rv != SECSuccess);
+
+ if (unusedPms) {
+ PK11_FreeSymKey(unusedPms);
+ }
+
/* This step will derive the MS from the PMS, among other things. */
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms);
+ rv = ssl3_InitPendingCipherSpec(ss, currentPms);
+ PK11_FreeSymKey(currentPms);
}
if (rv != SECSuccess) {
SEND_ALERT
return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
}
+
+#undef currentPms
+#undef unusedPms
+#undef realPms
+#undef fauxPms
+
return SECSuccess;
}
+static SECStatus
+ssl3_HandleDHClientKeyExchange(sslSocket *ss,
+ SSL3Opaque *b,
+ PRUint32 length,
+ SECKEYPublicKey *srvrPubKey,
+ SECKEYPrivateKey *serverKey)
+{
+ PK11SymKey *pms;
+ SECStatus rv;
+ SECKEYPublicKey clntPubKey;
+ CK_MECHANISM_TYPE target;
+ PRBool isTLS;
+
+ PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
+ PORT_Assert( srvrPubKey );
+
+ clntPubKey.keyType = dhKey;
+ clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len;
+ clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data;
+ clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len;
+ clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data;
+
+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
+ 2, &b, &length);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+ if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+
+ /* Determine the PMS */
+ pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL,
+ CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
+ if (pms == NULL) {
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
+ PK11_FreeSymKey(pms); pms = NULL;
+
+loser:
+ if (ss->dheKeyPair) {
+ ssl3_FreeKeyPair(ss->dheKeyPair);
+ ss->dheKeyPair = NULL;
+ }
+ return rv;
+}
+
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 ClientKeyExchange message from the remote client
@@ -9748,9 +10352,7 @@
SECStatus rv;
const ssl3KEADef *kea_def;
ssl3KeyPair *serverKeyPair = NULL;
-#ifndef NSS_DISABLE_ECC
SECKEYPublicKey *serverPubKey = NULL;
-#endif /* NSS_DISABLE_ECC */
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
SSL_GETPID(), ss->fd));
@@ -9780,6 +10382,16 @@
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
} else
skip:
+ if (kea_def->kea == kea_dhe_dss ||
+ kea_def->kea == kea_dhe_rsa) {
+ if (ss->dheKeyPair) {
+ serverKeyPair = ss->dheKeyPair;
+ if (serverKeyPair->pubKey) {
+ ss->sec.keaKeyBits =
+ SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
+ }
+ }
+ } else
#ifndef NSS_DISABLE_ECC
/* XXX Using SSLKEAType to index server certifiates
* does not work for (EC)DHE ciphers. Until we have
@@ -9825,6 +10437,21 @@
}
break;
+ case ssl_kea_dh:
+ if (ss->dheKeyPair && ss->dheKeyPair->pubKey) {
+ serverPubKey = ss->dheKeyPair->pubKey;
+ }
+ if (!serverPubKey) {
+ PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+ return SECFailure;
+ }
+ rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
+ serverPubKey, serverKey);
+ if (rv != SECSuccess) {
+ SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+ return SECFailure; /* error code set */
+ }
+ break;
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
@@ -10454,6 +11081,8 @@
ss->ssl3.hs.authCertificatePending = PR_FALSE;
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
/*
* Ask caller-supplied callback function to validate cert chain.
*/
@@ -10498,40 +11127,60 @@
ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
if (pubKey) {
+ KeyType pubKeyType;
+ PRInt32 minKey;
ss->sec.keaKeyBits = ss->sec.authKeyBits =
SECKEY_PublicKeyStrengthInBits(pubKey);
-#ifndef NSS_DISABLE_ECC
- if (ss->sec.keaType == kt_ecdh) {
- /* Get authKeyBits from signing key.
- * XXX The code below uses a quick approximation of
- * key size based on cert->signatureWrap.signature.data
- * (which contains the DER encoded signature). The field
- * cert->signatureWrap.signature.len contains the
- * length of the encoded signature in bits.
- */
- if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) {
- ss->sec.authKeyBits =
- cert->signatureWrap.signature.data[3]*8;
- if (cert->signatureWrap.signature.data[4] == 0x00)
- ss->sec.authKeyBits -= 8;
- /*
- * XXX: if cert is not signed by ecdsa we should
- * destroy pubKey and goto bad_cert
- */
- } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) {
- ss->sec.authKeyBits = cert->signatureWrap.signature.len;
- /*
- * XXX: if cert is not signed by rsa we should
- * destroy pubKey and goto bad_cert
- */
+ pubKeyType = SECKEY_GetPublicKeyType(pubKey);
+ minKey = ss->sec.authKeyBits;
+ switch (pubKeyType) {
+ case rsaKey:
+ case rsaPssKey:
+ case rsaOaepKey:
+ rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
+ if (rv != SECSuccess) {
+ minKey = SSL_RSA_MIN_MODULUS_BITS;
}
+ break;
+ case dsaKey:
+ rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
+ if (rv != SECSuccess) {
+ minKey = SSL_DSA_MIN_P_BITS;
+ }
+ break;
+ case dhKey:
+ rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
+ if (rv != SECSuccess) {
+ minKey = SSL_DH_MIN_P_BITS;
+ }
+ break;
+ default:
+ break;
}
-#endif /* NSS_DISABLE_ECC */
+
+ /* Too small: not good enough. Send a fatal alert. */
+ /* We aren't checking EC here on the understanding that we only
+ * support curves we like, a decision that might need revisiting. */
+ if ( ss->sec.authKeyBits < minKey) {
+ PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
+ (void)SSL3_SendAlert(ss, alert_fatal,
+ ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
+ ? insufficient_security
+ : illegal_parameter);
+ SECKEY_DestroyPublicKey(pubKey);
+ return SECFailure;
+ }
SECKEY_DestroyPublicKey(pubKey);
pubKey = NULL;
}
- if (ss->ssl3.hs.kea_def->ephemeral) {
+ /* Ephemeral suites require ServerKeyExchange. Export cipher suites
+ * with RSA key exchange also require ServerKeyExchange if the
+ * authentication key exceeds the key size limit. */
+ if (ss->ssl3.hs.kea_def->ephemeral ||
+ (ss->ssl3.hs.kea_def->is_limited &&
+ ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa &&
+ ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) {
ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */
} else {
ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */
@@ -10643,16 +11292,42 @@
const SSL3Hashes * hashes,
TLSFinished * tlsFinished)
{
- const char * label;
- unsigned int len;
- SECStatus rv;
+ SECStatus rv;
+ CK_TLS_MAC_PARAMS tls_mac_params;
+ SECItem param = {siBuffer, NULL, 0};
+ PK11Context *prf_context;
+ unsigned int retLen;
- label = isServer ? "server finished" : "client finished";
- len = 15;
+ if (!spec->master_secret || spec->bypassCiphers) {
+ const char *label = isServer ? "server finished" : "client finished";
+ unsigned int len = 15;
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
- hashes->len, tlsFinished->verify_data,
- sizeof tlsFinished->verify_data);
+ return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
+ hashes->len, tlsFinished->verify_data,
+ sizeof tlsFinished->verify_data);
+ }
+
+ if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+ tls_mac_params.prfMechanism = CKM_TLS_PRF;
+ } else {
+ tls_mac_params.prfMechanism = CKM_SHA256;
+ }
+ tls_mac_params.ulMacLength = 12;
+ tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
+ param.data = (unsigned char *)&tls_mac_params;
+ param.len = sizeof(tls_mac_params);
+ prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
+ spec->master_secret, &param);
+ if (!prf_context)
+ return SECFailure;
+
+ rv = PK11_DigestBegin(prf_context);
+ rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
+ rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
+ sizeof tlsFinished->verify_data);
+ PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
+
+ PK11_DestroyContext(prf_context, PR_TRUE);
return rv;
}
@@ -11170,6 +11845,13 @@
return SECFailure;
}
+ if (!hashes) {
+ PORT_Assert(0);
+ SSL3_SendAlert(ss, alert_fatal, internal_error);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
if (isTLS) {
TLSFinished tlsFinished;
@@ -11225,7 +11907,8 @@
* ServerHello message.)
*/
if (isServer && !ss->ssl3.hs.isResuming &&
- ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
+ ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
+ ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) {
/* RFC 5077 Section 3.3: "In the case of a full handshake, the
* server MUST verify the client's Finished message before sending
* the ticket." Presumably, this also means that the client's
@@ -11278,7 +11961,8 @@
return rv;
}
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
@@ -11398,6 +12082,7 @@
SECStatus rv = SECSuccess;
SSL3HandshakeType type = ss->ssl3.hs.msg_type;
SSL3Hashes hashes; /* computed hashes are put here. */
+ SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
PRUint8 hdr[4];
PRUint8 dtlsData[8];
@@ -11408,7 +12093,8 @@
* current message.
*/
ssl_GetSpecReadLock(ss); /************************************/
- if((type == finished) || (type == certificate_verify)) {
+ if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) ||
+ ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) {
SSL3Sender sender = (SSL3Sender)0;
ssl3CipherSpec *rSpec = ss->ssl3.prSpec;
@@ -11417,6 +12103,9 @@
rSpec = ss->ssl3.crSpec;
}
rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
+ if (rv == SECSuccess) {
+ hashesPtr = &hashes;
+ }
}
ssl_ReleaseSpecReadLock(ss); /************************************/
if (rv != SECSuccess) {
@@ -11567,7 +12256,7 @@
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
return SECFailure;
}
- rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes);
+ rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
break;
case client_key_exchange:
if (!ss->sec.isServer) {
@@ -11586,7 +12275,7 @@
rv = ssl3_HandleNewSessionTicket(ss, b, length);
break;
case finished:
- rv = ssl3_HandleFinished(ss, b, length, &hashes);
+ rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
break;
default:
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
@@ -11641,7 +12330,7 @@
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
(void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
#undef MAX_HANDSHAKE_MSG_LEN
@@ -11942,7 +12631,7 @@
SSL3Opaque *givenHash;
sslBuffer *plaintext;
sslBuffer temp_buf;
- PRUint64 dtls_seq_num;
+ PRUint64 dtls_seq_num = 0;
unsigned int ivLen = 0;
unsigned int originalLen = 0;
unsigned int good;
@@ -12423,6 +13112,7 @@
ss->ssl3.hs.sendingSCSV = PR_FALSE;
ssl3_InitCipherSpec(ss, ss->ssl3.crSpec);
ssl3_InitCipherSpec(ss, ss->ssl3.prSpec);
+ ss->ssl3.hs.preliminaryInfo = 0;
ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
#ifndef NSS_DISABLE_ECC
@@ -12496,8 +13186,6 @@
}
}
-
-
/*
* Creates the public and private RSA keys for SSL Step down.
* Called from SSL_ConfigSecureServer in sslsecur.c
@@ -12529,7 +13217,6 @@
return rv;
}
-
/* record the export policy for this cipher suite */
SECStatus
ssl3_SetPolicy(ssl3CipherSuite which, int policy)
@@ -12631,6 +13318,79 @@
}
SECStatus
+SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
+ unsigned int count)
+{
+ sslSocket *ss;
+ unsigned int i;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet",
+ SSL_GETPID(), fd));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ if (!count || count > MAX_SIGNATURE_ALGORITHMS) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ ss->ssl3.signatureAlgorithmCount = 0;
+ for (i = 0; i < count; ++i) {
+ if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) {
+ SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d",
+ SSL_GETPID(), fd, algorithms[i].sigAlg,
+ algorithms[i].hashAlg));
+ continue;
+ }
+
+ ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] =
+ algorithms[i];
+ }
+
+ if (ss->ssl3.signatureAlgorithmCount == 0) {
+ PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+ return SECFailure;
+ }
+ return SECSuccess;
+}
+
+SECStatus
+SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms,
+ unsigned int *count, unsigned int maxCount)
+{
+ sslSocket *ss;
+ unsigned int requiredSpace;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet",
+ SSL_GETPID(), fd));
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ if (!algorithms || !count ||
+ maxCount < ss->ssl3.signatureAlgorithmCount) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ requiredSpace =
+ ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg);
+ PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace);
+ *count = ss->ssl3.signatureAlgorithmCount;
+ return SECSuccess;
+}
+
+unsigned int
+SSL_SignatureMaxCount() {
+ return MAX_SIGNATURE_ALGORITHMS;
+}
+
+SECStatus
ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
{
/* |i| iterates over |ciphers| while |done| and |j| iterate over
@@ -12675,6 +13435,9 @@
ssl3_InitSocketPolicy(sslSocket *ss)
{
PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms,
+ sizeof(defaultSignatureAlgorithms));
+ ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms);
}
SECStatus
@@ -12764,7 +13527,7 @@
/* ssl3_config_match_init was called by the caller of this function. */
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) {
+ if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) {
if (cs != NULL) {
*cs++ = 0x00;
*cs++ = (suite->cipher_suite >> 8) & 0xFF;
@@ -12898,6 +13661,10 @@
}
}
+ if (ss->ssl3.dheGroups) {
+ PORT_Free(ss->ssl3.dheGroups);
+ }
+
ss->ssl3.initialized = PR_FALSE;
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ecc.c 2016-01-13 14:18:55.621954867 +0100
@@ -214,7 +214,7 @@
/* Caller must set hiLevel error code. */
static SECStatus
-ssl3_ComputeECDHKeyHash(SECOidTag hashAlg,
+ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
SECItem ec_params, SECItem server_ecpoint,
SSL3Random *client_rand, SSL3Random *server_rand,
SSL3Hashes *hashes, PRBool bypassPKCS11)
@@ -303,7 +303,7 @@
pubKey->u.ec.publicValue.len));
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
@@ -325,14 +325,6 @@
SECKEY_DestroyPrivateKey(privKey);
privKey = NULL;
- rv = ssl3_InitPendingCipherSpec(ss, pms);
- PK11_FreeSymKey(pms); pms = NULL;
-
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
- goto loser;
- }
-
rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
pubKey->u.ec.publicValue.len + 1);
if (rv != SECSuccess) {
@@ -349,6 +341,14 @@
goto loser; /* err set by ssl3_AppendHandshake* */
}
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
+ PK11_FreeSymKey(pms); pms = NULL;
+
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
rv = SECSuccess;
loser:
@@ -394,7 +394,7 @@
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
@@ -615,9 +615,9 @@
SECItem ec_params = {siBuffer, NULL, 0};
SECItem ec_point = {siBuffer, NULL, 0};
unsigned char paramBuf[3]; /* only for curve_type == named_curve */
- SSL3SignatureAndHashAlgorithm sigAndHash;
+ SSLSignatureAndHashAlg sigAndHash;
- sigAndHash.hashAlg = SEC_OID_UNKNOWN;
+ sigAndHash.hashAlg = ssl_hash_none;
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
@@ -659,7 +659,7 @@
goto loser; /* malformed or unsupported. */
}
rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(
- &sigAndHash, ss->sec.peerCert);
+ ss, &sigAndHash, ss->sec.peerCert);
if (rv != SECSuccess) {
goto loser;
}
@@ -710,7 +710,7 @@
goto no_memory;
}
- ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
+ peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
goto no_memory;
}
@@ -731,7 +731,6 @@
/* copy publicValue in peerKey */
if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point))
{
- PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
peerKey->pkcs11Slot = NULL;
@@ -745,10 +744,16 @@
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
PORT_SetError( errCode );
return SECFailure;
no_memory: /* no-memory error has already been set. */
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
@@ -756,7 +761,7 @@
SECStatus
ssl3_SendECDHServerKeyExchange(
sslSocket *ss,
- const SSL3SignatureAndHashAlgorithm *sigAndHash)
+ const SSLSignatureAndHashAlg *sigAndHash)
{
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
SECStatus rv = SECFailure;
@@ -977,9 +982,7 @@
if (!suite)
suite = ecSuites;
for (; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
-
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
}
return SECSuccess;
}
@@ -1142,7 +1145,10 @@
ecList = tlsECList;
}
- if (append && maxBytes >= ecListSize) {
+ if (maxBytes < (PRUint32)ecListSize) {
+ return 0;
+ }
+ if (append) {
SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
if (rv != SECSuccess)
return -1;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3ext.c 2016-01-13 14:18:55.623954879 +0100
@@ -101,6 +101,12 @@
PRUint32 maxBytes);
static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data);
+static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
+static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss,
+ PRUint16 ex_type,
+ SECItem *data);
+
/*
* Write bytes. Using this function means the SECItem structure
@@ -266,6 +272,7 @@
{ ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn },
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
{ -1, NULL }
};
@@ -281,6 +288,7 @@
{ ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
{ ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn },
{ ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+ { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
{ ssl_signed_certificate_timestamp_xtn,
&ssl3_ClientHandleSignedCertTimestampXtn },
{ -1, NULL }
@@ -319,6 +327,7 @@
* extension. */
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
{ ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn },
+ { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn},
/* any extra entries will appear as { 0, NULL } */
};
@@ -331,7 +340,7 @@
static PRBool
arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
{
- int i;
+ unsigned int i;
for (i = 0; i < len; i++) {
if (ex_type == array[i])
return PR_TRUE;
@@ -433,12 +442,12 @@
}
/* length of server_name_list */
listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
- if (listLenBytes < 0 || listLenBytes != data->len) {
- (void)ssl3_DecodeError(ss);
+ if (listLenBytes < 0) {
return SECFailure;
}
- if (listLenBytes == 0) {
- return SECSuccess; /* ignore an empty extension */
+ if (listLenBytes == 0 || listLenBytes != data->len) {
+ (void)ssl3_DecodeError(ss);
+ return SECFailure;
}
ldata = *data;
/* Calculate the size of the array.*/
@@ -463,15 +472,12 @@
}
listCount += 1;
}
- if (!listCount) {
- return SECFailure; /* nothing we can act on */
- }
names = PORT_ZNewArray(SECItem, listCount);
if (!names) {
return SECFailure;
}
for (i = 0;i < listCount;i++) {
- int j;
+ unsigned int j;
PRInt32 type;
SECStatus rv;
PRBool nametypePresent = PR_FALSE;
@@ -559,7 +565,11 @@
}
}
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
@@ -582,9 +592,6 @@
xtnData->advertised[xtnData->numAdvertised++] =
ssl_session_ticket_xtn;
}
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
@@ -645,12 +652,17 @@
rv = ssl3_ValidateNextProtoNego(data->data, data->len);
if (rv != SECSuccess) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return rv;
}
PORT_Assert(ss->nextProtoCallback);
+ /* For ALPN, the cipher suite isn't selected yet. Note that extensions
+ * sometimes affect what cipher suite is selected, e.g., for ECC. */
+ PORT_Assert((ss->ssl3.hs.preliminaryInfo &
+ ssl_preinfo_all & ~ssl_preinfo_cipher_suite) ==
+ (ssl_preinfo_all & ~ssl_preinfo_cipher_suite));
rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
result.data, &result.len, sizeof(resultBuffer));
if (rv != SECSuccess) {
@@ -673,8 +685,8 @@
ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
/* The callback might say OK, but then it picks a default value - one
* that was not listed. That's OK for NPN, but not ALPN. */
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
(void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
return SECFailure;
}
@@ -693,8 +705,8 @@
* despite it being permitted by the spec. */
if (ss->firstHsDone || data->len == 0) {
/* Clients MUST send a non-empty ALPN extension. */
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return SECFailure;
}
@@ -721,8 +733,8 @@
rv = ssl3_RegisterServerHelloExtensionSender(
ss, ex_type, ssl3_ServerSendAppProtoXtn);
if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return rv;
}
}
@@ -742,8 +754,8 @@
* we've negotiated NPN then we're required to send the NPN handshake
* message. Thus, these two extensions cannot both be negotiated on the
* same connection. */
- PORT_SetError(SSL_ERROR_BAD_SERVER);
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+ PORT_SetError(SSL_ERROR_BAD_SERVER);
return SECFailure;
}
@@ -753,8 +765,8 @@
* we sent the ClientHello and now. */
if (!ss->nextProtoCallback) {
PORT_Assert(0);
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
return SECFailure;
}
@@ -778,16 +790,16 @@
* uint8 len; // where len >= 1
* uint8 protocol_name[len]; */
if (data->len < 4 || data->len > 2 + 1 + 255) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return SECFailure;
}
list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len);
/* The list has to be the entire extension. */
if (list_len != data->len) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return SECFailure;
}
@@ -795,8 +807,8 @@
&data->data, &data->len);
/* The list must have exactly one value. */
if (rv != SECSuccess || data->len != 0) {
- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return SECFailure;
}
@@ -819,7 +831,10 @@
extension_length = 4;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
if (rv != SECSuccess)
@@ -829,8 +844,6 @@
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_next_proto_nego_xtn;
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -854,7 +867,10 @@
2 /* protocol name list length */ +
ss->opt.nextProtoNego.len;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
/* NPN requires that the client's fallback protocol is first in the
* list. However, ALPN sends protocols in preference order. So we
* allocate a buffer and move the first protocol to the end of the
@@ -894,8 +910,6 @@
}
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_app_layer_protocol_xtn;
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -923,7 +937,10 @@
2 /* protocol name list */ + 1 /* name length */ +
ss->ssl3.nextProto.len;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
if (rv != SECSuccess) {
@@ -942,8 +959,6 @@
if (rv != SECSuccess) {
return -1;
}
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -1045,7 +1060,10 @@
return 0;
extension_length = 2 + 2;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
if (rv != SECSuccess)
@@ -1078,7 +1096,11 @@
*/
extension_length = 9;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
TLSExtensionData *xtnData;
@@ -1106,9 +1128,6 @@
xtnData = &ss->xtnData;
xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
}
@@ -1120,7 +1139,7 @@
SECStatus
ssl3_SendNewSessionTicket(sslSocket *ss)
{
- int i;
+ PRUint32 i;
SECStatus rv;
NewSessionTicket ticket;
SECItem plaintext;
@@ -1152,7 +1171,7 @@
CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
PK11Context *aes_ctx_pkcs11;
CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
- PK11Context *hmac_ctx_pkcs11;
+ PK11Context *hmac_ctx_pkcs11 = NULL;
unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
unsigned int computed_mac_length;
unsigned char iv[AES_BLOCK_SIZE];
@@ -1200,7 +1219,8 @@
sslSessionID sid;
PORT_Memset(&sid, 0, sizeof(sslSessionID));
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
@@ -1243,6 +1263,7 @@
+ cert_length /* cert */
+ 1 /* server name type */
+ srvNameLen /* name len + length field */
+ + 1 /* extendedMasterSecretUsed */
+ sizeof(ticket.ticket_lifetime_hint);
padding_length = AES_BLOCK_SIZE -
(ciphertext_length % AES_BLOCK_SIZE);
@@ -1341,6 +1362,11 @@
if (rv != SECSuccess) goto loser;
}
+ /* extendedMasterSecretUsed */
+ rv = ssl3_AppendNumberToItem(
+ &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
+ if (rv != SECSuccess) goto loser;
+
PORT_Assert(plaintext.len == padding_length);
for (i = 0; i < padding_length; i++)
plaintext.data[i] = (unsigned char)padding_length;
@@ -1410,14 +1436,18 @@
goto loser;
rv = PK11_DigestBegin(hmac_ctx_pkcs11);
+ if (rv != SECSuccess) goto loser;
rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name,
SESS_TICKET_KEY_NAME_LEN);
+ if (rv != SECSuccess) goto loser;
rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv));
+ if (rv != SECSuccess) goto loser;
rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2);
+ if (rv != SECSuccess) goto loser;
rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len);
+ if (rv != SECSuccess) goto loser;
rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac,
&computed_mac_length, sizeof(computed_mac));
- PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
if (rv != SECSuccess) goto loser;
}
@@ -1446,6 +1476,8 @@
if (rv != SECSuccess) goto loser;
loser:
+ if (hmac_ctx_pkcs11)
+ PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
if (plaintext_item.data)
SECITEM_FreeItem(&plaintext_item, PR_FALSE);
if (ciphertext.data)
@@ -1495,7 +1527,7 @@
if (data->len == 0) {
ss->xtnData.emptySessionTicket = PR_TRUE;
} else {
- int i;
+ PRUint32 i;
SECItem extension_data;
EncryptedSessionTicket enc_session_ticket;
unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
@@ -1698,9 +1730,10 @@
goto loser;
}
- /* Read ticket_version (which is ignored for now.) */
+ /* Read ticket_version and reject if the version is wrong */
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len);
- if (temp < 0) goto no_ticket;
+ if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket;
+
parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
/* Read SSLVersion. */
@@ -1801,6 +1834,13 @@
parsed_session_ticket->srvName.type = nameType;
}
+ /* Read extendedMasterSecretUsed */
+ temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len);
+ if (temp < 0)
+ goto no_ticket;
+ PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
+ parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp;
+
/* Done parsing. Check that all bytes have been consumed. */
if (buffer_len != padding_length)
goto no_ticket;
@@ -1847,6 +1887,8 @@
parsed_session_ticket->ms_is_wrapped;
sid->u.ssl3.masterValid = PR_TRUE;
sid->u.ssl3.keys.resumable = PR_TRUE;
+ sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->
+ extendedMasterSecretUsed;
/* Copy over client cert from session ticket if there is one. */
if (parsed_session_ticket->peer_cert.data != NULL) {
@@ -2085,7 +2127,10 @@
(ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
: ss->ssl3.hs.finishedBytes);
needed = 5 + len;
- if (append && maxBytes >= needed) {
+ if (maxBytes < (PRUint32)needed) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
@@ -2138,8 +2183,8 @@
}
if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
data->data + 1, len)) {
- PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+ PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
return SECFailure;
}
/* remember that we got this extension and it was correct. */
@@ -2263,8 +2308,8 @@
}
if (!found) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
return SECFailure;
}
@@ -2277,8 +2322,8 @@
/* We didn't offer an MKI, so this must be 0 length */
if (litem.len != 0) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
(void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
return SECFailure;
}
@@ -2374,7 +2419,7 @@
SECStatus rv;
SECItem algorithms;
const unsigned char *b;
- unsigned int numAlgorithms, i, j;
+ unsigned int numAlgorithms, i;
/* Ignore this extension if we aren't doing TLS 1.2 or greater. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
@@ -2388,8 +2433,8 @@
}
/* Trailing data, empty value, or odd-length value is invalid. */
if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
return SECFailure;
}
@@ -2401,30 +2446,24 @@
}
ss->ssl3.hs.clientSigAndHash =
- PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms);
+ PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms);
if (!ss->ssl3.hs.clientSigAndHash) {
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
(void)SSL3_SendAlert(ss, alert_fatal, internal_error);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
return SECFailure;
}
ss->ssl3.hs.numClientSigAndHash = 0;
b = algorithms.data;
- for (i = j = 0; i < numAlgorithms; i++) {
- unsigned char tls_hash = *(b++);
- unsigned char tls_sig = *(b++);
- SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash);
-
- if (hash == SEC_OID_UNKNOWN) {
- /* We ignore formats that we don't understand. */
- continue;
- }
- /* tls_sig support will be checked later in
- * ssl3_PickSignatureHashAlgorithm. */
- ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash;
- ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig;
- ++j;
- ++ss->ssl3.hs.numClientSigAndHash;
+ ss->ssl3.hs.numClientSigAndHash = 0;
+ for (i = 0; i < numAlgorithms; i++) {
+ SSLSignatureAndHashAlg *sigAndHash =
+ &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash];
+ sigAndHash->hashAlg = (SSLHashType)*(b++);
+ sigAndHash->sigAlg = (SSLSignType)*(b++);
+ if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) {
+ ++ss->ssl3.hs.numClientSigAndHash;
+ }
}
if (!ss->ssl3.hs.numClientSigAndHash) {
@@ -2442,60 +2481,60 @@
/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
* 1.2 ClientHellos. */
static PRInt32
-ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
{
- static const unsigned char signatureAlgorithms[] = {
- /* This block is the contents of our signature_algorithms extension, in
- * wire format. See
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
- tls_hash_sha256, tls_sig_rsa,
- tls_hash_sha384, tls_sig_rsa,
- tls_hash_sha512, tls_sig_rsa,
- tls_hash_sha1, tls_sig_rsa,
-#ifndef NSS_DISABLE_ECC
- tls_hash_sha256, tls_sig_ecdsa,
- tls_hash_sha384, tls_sig_ecdsa,
- tls_hash_sha512, tls_sig_ecdsa,
- tls_hash_sha1, tls_sig_ecdsa,
-#endif
- tls_hash_sha256, tls_sig_dsa,
- tls_hash_sha1, tls_sig_dsa,
- };
PRInt32 extension_length;
+ unsigned int i;
+ PRInt32 pos=0;
+ PRUint32 policy;
+ PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2];
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
return 0;
}
+ for (i=0; i < ss->ssl3.signatureAlgorithmCount; i++) {
+ SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(
+ ss->ssl3.signatureAlgorithms[i].hashAlg);
+ if ((NSS_GetAlgorithmPolicy(hashOID, & policy) != SECSuccess) ||
+ (policy & NSS_USE_ALG_IN_SSL_KX)) {
+ buf[pos++] = ss->ssl3.signatureAlgorithms[i].hashAlg;
+ buf[pos++] = ss->ssl3.signatureAlgorithms[i].sigAlg;
+ }
+ }
+
extension_length =
2 /* extension type */ +
2 /* extension length */ +
2 /* supported_signature_algorithms length */ +
- sizeof(signatureAlgorithms);
+ pos;
+
+ if (maxBytes < extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
- if (append && maxBytes >= extension_length) {
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
- if (rv != SECSuccess)
- goto loser;
+ if (rv != SECSuccess) {
+ return -1;
+ }
rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
- if (rv != SECSuccess)
- goto loser;
- rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms,
- sizeof(signatureAlgorithms), 2);
- if (rv != SECSuccess)
- goto loser;
+ if (rv != SECSuccess) {
+ return -1;
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2);
+ if (rv != SECSuccess) {
+ return -1;
+ }
+
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signature_algorithms_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
-
-loser:
- return -1;
}
unsigned int
@@ -2565,7 +2604,11 @@
}
extension_length = 6; /* Type + length + number */
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
if (rv != SECSuccess)
@@ -2578,9 +2621,6 @@
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_tls13_draft_version_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
@@ -2633,6 +2673,51 @@
return SECSuccess;
}
+static PRInt32
+ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append,
+ PRUint32 maxBytes)
+{
+ PRInt32 extension_length;
+
+ if (!ss->opt.enableExtendedMS) {
+ return 0;
+ }
+
+#ifndef NO_PKCS11_BYPASS
+ /* Extended MS can only be used w/o bypass mode */
+ if (ss->opt.bypassPKCS11) {
+ PORT_Assert(0);
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+ return -1;
+ }
+#endif
+
+ /* Always send the extension in this function, since the
+ * client always sends it and this function is only called on
+ * the server if we negotiated the extension. */
+ extension_length = 4; /* Type + length (0) */
+ if (maxBytes < extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+
+ if (append) {
+ SECStatus rv;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ goto loser;
+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
+ ssl_extended_master_secret_xtn;
+ }
+
+ return extension_length;
+loser:
+ return -1;
+}
+
/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
* extension for TLS ClientHellos. */
static PRInt32
@@ -2646,7 +2731,12 @@
if (!ss->opt.enableSignedCertTimestamps)
return 0;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+
+ if (append) {
SECStatus rv;
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss,
@@ -2660,9 +2750,6 @@
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signed_certificate_timestamp_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
@@ -2671,6 +2758,46 @@
}
static SECStatus
+ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type,
+ SECItem *data)
+{
+ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
+ return SECSuccess;
+ }
+
+ if (!ss->opt.enableExtendedMS) {
+ return SECSuccess;
+ }
+
+#ifndef NO_PKCS11_BYPASS
+ /* Extended MS can only be used w/o bypass mode */
+ if (ss->opt.bypassPKCS11) {
+ PORT_Assert(0);
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+ return SECFailure;
+ }
+#endif
+
+ if (data->len != 0) {
+ SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension",
+ SSL_GETPID(), ss->fd));
+ return SECFailure;
+ }
+
+ SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.",
+ SSL_GETPID(), ss->fd));
+
+ /* Keep track of negotiated extensions. */
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+ if (ss->sec.isServer) {
+ return ssl3_RegisterServerHelloExtensionSender(
+ ss, ex_type, ssl3_SendExtendedMasterSecretXtn);
+ }
+ return SECSuccess;
+}
+
+static SECStatus
ssl3_ClientHandleSignedCertTimestampXtn(sslSocket *ss, PRUint16 ex_type,
SECItem *data)
{
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3gthr.c 2016-01-13 14:18:55.623954879 +0100
@@ -71,8 +71,8 @@
break;
}
- PORT_Assert( nb <= gs->remainder );
- if (nb > gs->remainder) {
+ PORT_Assert( (unsigned int)nb <= gs->remainder );
+ if ((unsigned int)nb > gs->remainder) {
/* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
gs->state = GS_INIT; /* so we don't crash next time */
rv = SECFailure;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl3prot.h 2016-01-13 14:18:55.623954879 +0100
@@ -218,32 +218,6 @@
} u;
} SSL3ServerParams;
-/* This enum reflects HashAlgorithm enum from
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
- *
- * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
-enum {
- tls_hash_md5 = 1,
- tls_hash_sha1 = 2,
- tls_hash_sha224 = 3,
- tls_hash_sha256 = 4,
- tls_hash_sha384 = 5,
- tls_hash_sha512 = 6
-};
-
-/* This enum reflects SignatureAlgorithm enum from
- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
-typedef enum {
- tls_sig_rsa = 1,
- tls_sig_dsa = 2,
- tls_sig_ecdsa = 3
-} TLSSignatureAlgorithm;
-
-typedef struct {
- SECOidTag hashAlg;
- TLSSignatureAlgorithm sigAlg;
-} SSL3SignatureAndHashAlgorithm;
-
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
* prior to 1.2. */
typedef struct {
@@ -252,11 +226,11 @@
} SSL3HashesIndividually;
/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
- * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually
+ * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
* struct. */
typedef struct {
unsigned int len;
- SECOidTag hashAlg;
+ SSLHashType hashAlg;
union {
PRUint8 raw[64];
SSL3HashesIndividually s;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslauth.c 2016-01-13 14:18:55.624954885 +0100
@@ -304,8 +304,7 @@
&certStatusArray->items[0],
ss->pkcs11PinArg)
!= SECSuccess) {
- PRErrorCode error = PR_GetError();
- PORT_Assert(error != 0);
+ PORT_Assert(PR_GetError() != 0);
}
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslcon.c 2016-01-13 14:18:55.625954891 +0100
@@ -22,20 +22,6 @@
static PRBool policyWasSet;
-/* This ordered list is indexed by (SSL_CK_xx * 3) */
-/* Second and third bytes are MSB and LSB of master key length. */
-static const PRUint8 allCipherSuites[] = {
- 0, 0, 0,
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40,
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0,
- 0, 0, 0
-};
-
#define ssl2_NUM_SUITES_IMPLEMENTED 6
/* This list is sent back to the client when the client-hello message
@@ -851,7 +837,7 @@
{
PRUint8 * out;
int rv;
- int amount;
+ unsigned int amount;
int count = 0;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -927,7 +913,7 @@
int amount;
PRUint8 macLen;
int nout;
- int buflen;
+ unsigned int buflen;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -1031,7 +1017,7 @@
int amount; /* of plaintext to go in record. */
unsigned int padding; /* add this many padding byte. */
int nout; /* ciphertext size after header. */
- int buflen; /* size of generated record. */
+ unsigned int buflen; /* size of generated record. */
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -1555,7 +1541,7 @@
unsigned int ddLen; /* length of RSA decrypted data in kbuf */
unsigned int keySize;
unsigned int dkLen; /* decrypted key length in bytes */
- int modulusLen;
+ int modulusLen;
SECStatus rv;
PRUint16 allowed; /* cipher kinds enabled and allowed by policy */
PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
@@ -1617,11 +1603,11 @@
}
modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY);
- if (modulusLen == -1) {
+ if (modulusLen < 0) {
/* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */
modulusLen = ekLen;
}
- if (ekLen > modulusLen || ekLen + ckLen < keySize) {
+ if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) {
SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!",
SSL_GETPID(), ss->fd, ekLen));
PORT_SetError(SSL_ERROR_BAD_CLIENT);
@@ -2495,7 +2481,6 @@
PRUint8 * cid;
unsigned len, certType, certLen, responseLen;
int rv;
- int rv2;
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -2613,7 +2598,7 @@
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen,
responseLen);
if (rv) {
- rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
+ (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
SET_ERROR_CODE
goto loser;
}
@@ -2741,7 +2726,7 @@
PRUint8 * cs;
PRUint8 * data;
SECStatus rv;
- int needed, sidHit, certLen, csLen, cidLen, certType, err;
+ unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err;
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -3669,12 +3654,14 @@
*/
#include "nss.h"
-extern const char __nss_ssl_rcsid[];
-extern const char __nss_ssl_sccsid[];
+extern const char __nss_ssl_version[];
PRBool
NSSSSL_VersionCheck(const char *importedVersion)
{
+#define NSS_VERSION_VARIABLE __nss_ssl_version
+#include "verref.h"
+
/*
* This is the secret handshake algorithm.
*
@@ -3684,9 +3671,6 @@
* not compatible with future major, minor, or
* patch releases.
*/
- volatile char c; /* force a reference that won't get optimized away */
-
- c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0];
return NSS_VersionCheck(importedVersion);
}
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslenum.c 2016-01-13 14:18:55.625954891 +0100
@@ -70,14 +70,17 @@
#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslerr.h 2016-01-13 14:18:55.626954897 +0100
@@ -198,9 +198,19 @@
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131),
-SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 132),
-SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 133),
-SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 134),
+SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132),
+
+SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133),
+
+SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134),
+SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
+
+SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
+SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
+
+SSL_ERROR_BAD_CHANNEL_ID_DATA = (SSL_ERROR_BASE + 138),
+SSL_ERROR_INVALID_CHANNEL_ID_KEY = (SSL_ERROR_BASE + 139),
+SSL_ERROR_GET_CHANNEL_ID_FAILED = (SSL_ERROR_BASE + 140),
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/SSLerrs.h 2016-01-13 14:18:55.613954821 +0100
@@ -423,11 +423,29 @@
"The server rejected the handshake because the client downgraded to a lower "
"TLS version than the server supports.")
-ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 132),
+ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
+"The server certificate included a public key that was too weak.")
+
+ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133),
+"Not enough room in buffer for DTLS record.")
+
+ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134),
+"No supported TLS signature algorithm was configured.")
+
+ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135),
+"The peer used an unsupported combination of signature and hash algorithm.")
+
+ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
+"The peer tried to resume without a correct extended_master_secret extension")
+
+ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
+"The peer tried to resume with an unexpected extended_master_secret extension")
+
+ER3(SSL_ERROR_BAD_CHANNEL_ID_DATA, (SSL_ERROR_BASE + 138),
"SSL received a malformed TLS Channel ID extension.")
-ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 133),
+ER3(SSL_ERROR_INVALID_CHANNEL_ID_KEY, (SSL_ERROR_BASE + 139),
"The application provided an invalid TLS Channel ID key.")
-ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 134),
+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 140),
"The application could not get a TLS Channel ID.")
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/ssl.h 2016-01-13 14:18:55.614954827 +0100
@@ -185,14 +185,26 @@
/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
* reused for multiple handshakes or generated each time.
* SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
+ * This socket option is for ECDHE, only. It is unrelated to DHE.
*/
#define SSL_REUSE_SERVER_ECDHE_KEY 27
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
* handshakes. */
+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
+ */
+#define SSL_ENABLE_SERVER_DHE 29
+
+/* Use draft-ietf-tls-session-hash. Controls whether we offer the
+ * extended_master_secret extension which, when accepted, hashes
+ * the handshake transcript into the master secret. This option is
+ * disabled by default.
+ */
+#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
+
/* Request Signed Certificate Timestamps via TLS extension (client) */
-#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 29
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
@@ -295,6 +307,86 @@
SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+/*
+** Control for TLS signature algorithms for TLS 1.2 only.
+**
+** This governs what signature algorithms are sent by a client in the
+** signature_algorithms extension. A client will not accept a signature from a
+** server unless it uses an enabled algorithm.
+**
+** This also governs what the server sends in the supported_signature_algorithms
+** field of a CertificateRequest. It also changes what the server uses to sign
+** ServerKeyExchange: a server uses the first entry from this list that is
+** compatible with the client's advertised signature_algorithms extension and
+** the selected server certificate.
+**
+** Omitting SHA-256 from this list might be foolish. Support is mandatory in
+** TLS 1.2 and there might be interoperability issues. For a server, NSS only
+** supports SHA-256 for verifying a TLS 1.2 CertificateVerify. This list needs
+** to include SHA-256 if client authentication is requested or required, or
+** creating a CertificateRequest will fail.
+*/
+SSL_IMPORT SECStatus SSL_SignaturePrefSet(
+ PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
+ unsigned int count);
+
+/*
+** Get the currently configured signature algorithms.
+**
+** The algorithms are written to |algorithms| but not if there are more than
+** |maxCount| values configured. The number of algorithms that are in use are
+** written to |count|. This fails if |maxCount| is insufficiently large.
+*/
+SSL_IMPORT SECStatus SSL_SignaturePrefGet(
+ PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count,
+ unsigned int maxCount);
+
+/*
+** Returns the maximum number of signature algorithms that are supported and
+** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet.
+*/
+SSL_IMPORT unsigned int SSL_SignatureMaxCount();
+
+/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
+** parameters that can be used by NSS for the given server socket.
+** The first item in the array is used as the default group, if no other
+** selection criteria can be used by NSS.
+** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
+** If more than one group identifier is provided, NSS will select the one to use.
+** For example, a TLS extension sent by the client might indicate a preference.
+*/
+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ SSLDHEGroupType *groups,
+ PRUint16 num_groups);
+
+/* Enable the use of a DHE group that's smaller than the library default,
+** for backwards compatibility reasons. The DH parameters will be created
+** at the time this function is called, which might take a very long time.
+** The function will block until generation is completed.
+** The intention is to enforce that fresh and safe parameters are generated
+** each time a process is started.
+** At the time this API was initially implemented, the API will enable the
+** use of 1024 bit DHE parameters. This value might get increased in future
+** versions of NSS.
+**
+** It is allowed to call this API will a NULL value for parameter fd,
+** which will prepare the global parameters that NSS will reuse for the remainder
+** of the process lifetime. This can be used early after startup of a process,
+** to avoid a delay when handling incoming client connections.
+** This preparation with a NULL for parameter fd will NOT enable the weak group
+** on sockets. The function needs to be called again for every socket that
+** should use the weak group.
+**
+** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API.
+** If both APIs have been called, the weakest group will be used,
+** unless it is certain that the client supports larger group parameters.
+** The weak group will be used as the default group, overriding the preference
+** for the first group potentially set with a call to SSL_DHEGroupPrefSet
+** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but
+** it's no longer the default group.)
+*/
+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
+
/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
* which must be an array of cipher suite ids of length |len|. All the given
* cipher suite ids must appear in the array that is returned by
@@ -1012,10 +1104,27 @@
SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void);
/* Report more information than SSL_SecurityStatus.
-** Caller supplies the info struct. Function fills it in.
-*/
+ * Caller supplies the info struct. This function fills it in.
+ * The information here will be zeroed prior to details being confirmed. The
+ * details are confirmed either when a Finished message is received, or - for a
+ * client - when the second flight of messages have been sent. This function
+ * therefore produces unreliable results prior to receiving the
+ * SSLHandshakeCallback or the SSLCanFalseStartCallback.
+ */
SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
PRUintn len);
+/* Get preliminary information about a channel.
+ * This function can be called prior to handshake details being confirmed (see
+ * SSL_GetChannelInfo above for what that means). Thus, information provided by
+ * this function is available to SSLAuthCertificate, SSLGetClientAuthData,
+ * SSLSNISocketConfig, and other callbacks that might be called during the
+ * processing of the first flight of client of server handshake messages.
+ * Values are marked as being unavailable when renegotiation is initiated.
+ */
+SSL_IMPORT SECStatus
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
+ SSLPreliminaryChannelInfo *info,
+ PRUintn len);
SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
SSLCipherSuiteInfo *info, PRUintn len);
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslimpl.h 2016-01-13 14:18:55.627954902 +0100
@@ -1,3 +1,4 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is PRIVATE to SSL and should be the first thing included by
* any SSL implementation file.
@@ -181,6 +182,7 @@
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
typedef struct ssl3MACDefStr ssl3MACDef;
typedef struct ssl3KeyPairStr ssl3KeyPair;
+typedef struct ssl3DHParamsStr ssl3DHParams;
struct ssl3CertNodeStr {
struct ssl3CertNodeStr *next;
@@ -300,13 +302,19 @@
} ssl3CipherSuiteCfg;
#ifndef NSS_DISABLE_ECC
-#define ssl_V3_SUITES_IMPLEMENTED 63
+#define ssl_V3_SUITES_IMPLEMENTED 66
#else
-#define ssl_V3_SUITES_IMPLEMENTED 37
+#define ssl_V3_SUITES_IMPLEMENTED 40
#endif /* NSS_DISABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
+/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of
+ * SSLSignType and SSLHashType, but not all combinations (specifically, this
+ * doesn't allow space for combinations with MD5). */
+#define MAX_SIGNATURE_ALGORITHMS 15
+
+
typedef struct sslOptionsStr {
/* If SSL_SetNextProtoNego has been called, then this contains the
* list of supported protocols. */
@@ -339,7 +347,9 @@
unsigned int enableALPN : 1; /* 27 */
unsigned int reuseServerECDHEKey : 1; /* 28 */
unsigned int enableFallbackSCSV : 1; /* 29 */
- unsigned int enableSignedCertTimestamps : 1; /* 30 */
+ unsigned int enableServerDhe : 1; /* 30 */
+ unsigned int enableExtendedMS : 1; /* 31 */
+ unsigned int enableSignedCertTimestamps : 1; /* 32 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@@ -521,6 +531,7 @@
PRUint16 wrapped_master_secret_len;
PRUint8 msIsWrapped;
PRUint8 resumable;
+ PRUint8 extendedMasterSecretUsed;
} ssl3SidKeys; /* 52 bytes */
typedef struct {
@@ -766,10 +777,10 @@
* is_limited identifies a suite as having a limit on the key size.
* key_size_limit provides the corresponding limit. */
PRBool is_limited;
- int key_size_limit;
+ unsigned int key_size_limit;
PRBool tls_keygen;
- /* True if the key exchange for the suite can be ephemeral. Or to be more
- * precise: true if the ServerKeyExchange message is required. */
+ /* True if the key exchange for the suite is ephemeral. Or to be more
+ * precise: true if the ServerKeyExchange message is always required. */
PRBool ephemeral;
} ssl3KEADef;
@@ -955,12 +966,14 @@
PRBool cacheSID;
PRBool canFalseStart; /* Can/did we False Start */
+ /* Which preliminaryinfo values have been set. */
+ PRUint32 preliminaryInfo;
/* clientSigAndHash contains the contents of the signature_algorithms
* extension (if any) from the client. This is only valid for TLS 1.2
* or later. */
- SSL3SignatureAndHashAlgorithm *clientSigAndHash;
- unsigned int numClientSigAndHash;
+ SSLSignatureAndHashAlg *clientSigAndHash;
+ unsigned int numClientSigAndHash;
/* This group of values is used for DTLS */
PRUint16 sendMessageSeq; /* The sending message sequence
@@ -1044,9 +1057,17 @@
PRUint16 dtlsSRTPCipherCount;
PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
PRBool fatalAlertSent;
+ PRUint16 numDHEGroups; /* used by server */
+ SSLDHEGroupType * dheGroups; /* used by server */
+ PRBool dheWeakGroupEnabled; /* used by server */
+
+ /* TLS 1.2 introduces separate signature algorithm negotiation.
+ * This is our preference order. */
+ SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS];
+ unsigned int signatureAlgorithmCount;
};
-#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the
+#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the
* headers, so slightly larger than expected */
#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
@@ -1063,6 +1084,11 @@
PRInt32 refCount; /* use PR_Atomic calls for this. */
};
+struct ssl3DHParamsStr {
+ SECItem prime; /* p */
+ SECItem base; /* g */
+};
+
typedef struct SSLWrappedSymWrappingKeyStr {
SSL3Opaque wrappedSymmetricWrappingkey[512];
CK_MECHANISM_TYPE symWrapMechanism;
@@ -1093,6 +1119,7 @@
CK_MECHANISM_TYPE msWrapMech;
PRUint16 ms_length;
SSL3Opaque master_secret[48];
+ PRBool extendedMasterSecretUsed;
ClientIdentity client_identity;
SECItem peer_cert;
PRUint32 timestamp;
@@ -1275,6 +1302,9 @@
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
+ const ssl3DHParams *dheParams; /* DHE param */
+ ssl3KeyPair * dheKeyPair; /* DHE keys */
+
/* Callbacks */
SSLAuthCertificate authCertificate;
void *authCertificateArg;
@@ -1634,7 +1664,7 @@
extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec,
const unsigned char * cr, const unsigned char * sr,
PRBool isTLS, PRBool isExport);
-extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
+extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec,
const unsigned char * cr, const unsigned char * sr,
const SECItem * pms, PRBool isTLS, PRBool isRSA);
@@ -1688,6 +1718,8 @@
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
+extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
+
#ifndef NSS_DISABLE_ECC
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
@@ -1790,11 +1822,11 @@
SSL3Opaque *b, PRUint32 length,
SECKEYPublicKey *srvrPubKey,
SECKEYPrivateKey *srvrPrivKey);
-extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss,
- const SSL3SignatureAndHashAlgorithm *sigAndHash);
+extern SECStatus ssl3_SendECDHServerKeyExchange(
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
#endif
-extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg,
+extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
PRUint8 * hashBuf,
unsigned int bufLen, SSL3Hashes *hashes,
PRBool bypassPKCS11);
@@ -1808,21 +1840,22 @@
PRInt32 lenSize);
extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss,
const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
-extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss,
- const SSL3SignatureAndHashAlgorithm* sigAndHash);
+extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
+ sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash);
extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
SSL3Opaque **b, PRUint32 *length);
extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
PRInt32 bytes, SSL3Opaque **b, PRUint32 *length);
-extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc);
+extern PRBool ssl3_IsSupportedSignatureAlgorithm(
+ const SSLSignatureAndHashAlg *alg);
extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency(
- const SSL3SignatureAndHashAlgorithm *sigAndHash,
- CERTCertificate* cert);
-extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss,
- SSL3Opaque **b, PRUint32 *length,
- SSL3SignatureAndHashAlgorithm *out);
+ sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash,
+ CERTCertificate* cert);
+extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(
+ sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
+ SSLSignatureAndHashAlg *out);
extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key,
SECItem *buf, PRBool isTLS);
extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash,
@@ -1890,7 +1923,7 @@
/* Tell clients to consider tickets valid for this long. */
#define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */
-#define TLS_EX_SESS_TICKET_VERSION (0x0100)
+#define TLS_EX_SESS_TICKET_VERSION (0x0101)
extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
unsigned int length);
@@ -2024,6 +2057,8 @@
const char *label, unsigned int labelLen,
const unsigned char *val, unsigned int valLen,
unsigned char *out, unsigned int outLen);
+extern SECOidTag
+ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc);
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslinfo.c 2016-01-13 14:18:55.628954908 +0100
@@ -67,6 +67,8 @@
inf.creationTime = sid->creationTime;
inf.lastAccessTime = sid->lastAccessTime;
inf.expirationTime = sid->expirationTime;
+ inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed;
+
if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */
inf.sessionIDLength = SSL2_SESSIONID_BYTES;
memcpy(inf.sessionID, sid->u.ssl2.sessionID,
@@ -85,6 +87,42 @@
return SECSuccess;
}
+SECStatus
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
+ SSLPreliminaryChannelInfo *info,
+ PRUintn len)
+{
+ sslSocket *ss;
+ SSLPreliminaryChannelInfo inf;
+
+ if (!info || len < sizeof inf.length) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (ss->version < SSL_LIBRARY_VERSION_3_0) {
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
+ return SECFailure;
+ }
+
+ memset(&inf, 0, sizeof(inf));
+ inf.length = PR_MIN(sizeof(inf), len);
+
+ inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
+ inf.protocolVersion = ss->version;
+ inf.cipherSuite = ss->ssl3.hs.cipher_suite;
+
+ memcpy(info, &inf, inf.length);
+ return SECSuccess;
+}
+
#define CS(x) x, #x
#define CK(x) x | 0xff00, #x
@@ -136,6 +174,7 @@
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -146,7 +185,9 @@
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
@@ -247,12 +288,10 @@
{
const SSLCipherSuiteInfo * pInfo = suiteInfo;
unsigned int i;
- SECStatus rv;
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
if (pInfo->isExportable) {
- rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
- PORT_Assert(rv == SECSuccess);
+ PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE));
}
}
return SECSuccess;
@@ -268,12 +307,10 @@
{
const SSLCipherSuiteInfo * pInfo = suiteInfo;
unsigned int i;
- SECStatus rv;
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
if (pInfo->isExportable) {
- rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
- PORT_Assert(rv == SECSuccess);
+ PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE));
}
}
return SECSuccess;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.c 2016-01-13 14:18:55.628954908 +0100
@@ -504,7 +504,7 @@
return SECSuccess;
}
-#elif defined(XP_UNIX)
+#elif defined(XP_UNIX) && !defined(DARWIN)
#include <errno.h>
#include "unix_err.h"
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslmutex.h 2016-01-13 14:18:55.628954908 +0100
@@ -67,7 +67,8 @@
} sslMutex;
typedef pid_t sslPID;
-#elif defined(XP_UNIX) /* other types of Unix */
+/* other types of unix, except OS X */
+#elif defined(XP_UNIX) && !defined(DARWIN)
#include <sys/types.h> /* for pid_t */
#include <semaphore.h> /* for sem_t, and sem_* functions */
@@ -83,7 +84,7 @@
typedef pid_t sslPID;
-#else
+#else /* no support for cross-process locking */
/* what platform is this ?? */
@@ -95,7 +96,11 @@
} u;
} sslMutex;
+#ifdef DARWIN
+typedef pid_t sslPID;
+#else
typedef int sslPID;
+#endif
#endif
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslproto.h 2016-01-13 14:18:55.629954914 +0100
@@ -177,6 +177,7 @@
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
@@ -191,6 +192,7 @@
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsecur.c 2016-01-13 14:18:55.629954914 +0100
@@ -138,6 +138,9 @@
ss->gs.readOffset = 0;
if (ss->handshakeCallback) {
+ PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 ||
+ (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+ ssl_preinfo_all);
(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
}
}
@@ -654,6 +657,16 @@
SSL_GETPID(), ss->fd, available));
}
+ if (IS_DTLS(ss) && (len < available)) {
+ /* DTLS does not allow you to do partial reads */
+ SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d",
+ SSL_GETPID(), ss->fd, len, available));
+ ss->gs.readOffset += available;
+ PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ);
+ rv = SECFailure;
+ goto done;
+ }
+
/* Dole out clear data to reader */
amount = PR_MIN(len, available);
PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);
@@ -693,6 +706,7 @@
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;
@@ -789,6 +803,11 @@
goto loser;
}
}
+ if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
+ if (ssl3_SelectDHParams(ss) != SECSuccess) {
+ goto loser;
+ }
+ }
return SECSuccess;
loser:
@@ -1177,11 +1196,8 @@
int
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
{
- sslSecurityInfo *sec;
int rv = 0;
- sec = &ss->sec;
-
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
return PR_FAILURE;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsnce.c 2016-01-13 14:18:55.631954926 +0100
@@ -120,14 +120,14 @@
/* 2 */ ssl3CipherSuite cipherSuite;
/* 2 */ PRUint16 compression; /* SSLCompressionMethod */
-/* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
+/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
/* 4 */ PRUint32 masterWrapMech;
/* 4 */ SSL3KEAType exchKeyType;
/* 4 */ PRInt32 certIndex;
/* 4 */ PRInt32 srvNameIndex;
/* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
-/*104 */} ssl3;
+/*108 */} ssl3;
/* force sizeof(sidCacheEntry) to be a multiple of cache line size */
struct {
/*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
@@ -507,7 +507,6 @@
to->sessionIDLength = from->u.ssl3.sessionIDLength;
to->u.ssl3.certIndex = -1;
to->u.ssl3.srvNameIndex = -1;
-
PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
to->sessionIDLength);
@@ -637,7 +636,7 @@
to->authKeyBits = from->authKeyBits;
to->keaType = from->keaType;
to->keaKeyBits = from->keaKeyBits;
-
+
return to;
loser:
@@ -1228,20 +1227,32 @@
/* Fix pointers in our private copy of cache descriptor to point to
** spaces in shared memory
*/
- ptr = (ptrdiff_t)cache->cacheMem;
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr;
- *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr;
- *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr;
- *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr;
- *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr;
+ cache->sidCacheLocks = (sidCacheLock *)
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks);
+ cache->keyCacheLock = (sidCacheLock *)
+ (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock);
+ cache->certCacheLock = (sidCacheLock *)
+ (cache->cacheMem + (ptrdiff_t)cache->certCacheLock);
+ cache->srvNameCacheLock = (sidCacheLock *)
+ (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
+ cache->sidCacheSets = (sidCacheSet *)
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets);
+ cache->sidCacheData = (sidCacheEntry *)
+ (cache->cacheMem + (ptrdiff_t)cache->sidCacheData);
+ cache->certCacheData = (certCacheEntry *)
+ (cache->cacheMem + (ptrdiff_t)cache->certCacheData);
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)
+ (cache->cacheMem + (ptrdiff_t)cache->keyCacheData);
+ cache->ticketKeyNameSuffix = (PRUint8 *)
+ (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
+ cache->ticketEncKey = (encKeyCacheEntry *)
+ (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey);
+ cache->ticketMacKey = (encKeyCacheEntry *)
+ (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey);
+ cache->ticketKeysValid = (PRUint32 *)
+ (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid);
+ cache->srvNameCacheData = (srvNameCacheEntry *)
+ (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
/* initialize the locks */
init_time = ssl_Time();
@@ -1484,7 +1495,6 @@
char * fmString = NULL;
char * myEnvString = NULL;
unsigned int decoLen;
- ptrdiff_t ptr;
inheritance inherit;
cacheDesc my;
#ifdef WINNT
@@ -1580,20 +1590,32 @@
/* Fix pointers in our private copy of cache descriptor to point to
** spaces in shared memory, whose address is now in "my".
*/
- ptr = (ptrdiff_t)my.cacheMem;
- *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr;
- *(ptrdiff_t *)(&cache->sidCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->certCacheData) += ptr;
- *(ptrdiff_t *)(&cache->keyCacheData ) += ptr;
- *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr;
- *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr;
- *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr;
- *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr;
- *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr;
+ cache->sidCacheLocks = (sidCacheLock *)
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks);
+ cache->keyCacheLock = (sidCacheLock *)
+ (my.cacheMem + (ptrdiff_t)cache->keyCacheLock);
+ cache->certCacheLock = (sidCacheLock *)
+ (my.cacheMem + (ptrdiff_t)cache->certCacheLock);
+ cache->srvNameCacheLock = (sidCacheLock *)
+ (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
+ cache->sidCacheSets = (sidCacheSet *)
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheSets);
+ cache->sidCacheData = (sidCacheEntry *)
+ (my.cacheMem + (ptrdiff_t)cache->sidCacheData);
+ cache->certCacheData = (certCacheEntry *)
+ (my.cacheMem + (ptrdiff_t)cache->certCacheData);
+ cache->keyCacheData = (SSLWrappedSymWrappingKey *)
+ (my.cacheMem + (ptrdiff_t)cache->keyCacheData);
+ cache->ticketKeyNameSuffix = (PRUint8 *)
+ (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
+ cache->ticketEncKey = (encKeyCacheEntry *)
+ (my.cacheMem + (ptrdiff_t)cache->ticketEncKey);
+ cache->ticketMacKey = (encKeyCacheEntry *)
+ (my.cacheMem + (ptrdiff_t)cache->ticketMacKey);
+ cache->ticketKeysValid = (PRUint32 *)
+ (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid);
+ cache->srvNameCacheData = (srvNameCacheEntry *)
+ (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData);
cache->cacheMemMap = my.cacheMemMap;
cache->cacheMem = my.cacheMem;
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslsock.c 2016-01-13 14:18:55.632954931 +0100
@@ -19,6 +19,7 @@
#endif
#include "pk11pub.h"
#include "nss.h"
+#include "pk11pqg.h"
/* This is a bodge to allow this code to be compiled against older NSS headers
* that don't contain the TLS 1.2 changes. */
@@ -90,6 +91,8 @@
PR_FALSE, /* enableALPN */
PR_TRUE, /* reuseServerECDHEKey */
PR_FALSE, /* enableFallbackSCSV */
+ PR_TRUE, /* enableServerDhe */
+ PR_FALSE, /* enableExtendedMS */
PR_FALSE, /* enableSignedCertTimestamps */
};
@@ -232,6 +235,24 @@
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms,
+ sizeof(ss->ssl3.signatureAlgorithms[0]) *
+ os->ssl3.signatureAlgorithmCount);
+ ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount;
+
+ ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
+ ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
+ if (os->ssl3.dheGroups) {
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
+ os->ssl3.numDHEGroups);
+ if (!ss->ssl3.dheGroups) {
+ goto loser;
+ }
+ PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
+ sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
+ } else {
+ ss->ssl3.dheGroups = NULL;
+ }
if (os->cipherSpecs) {
ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
@@ -275,6 +296,10 @@
ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+ ss->dheKeyPair = !os->dheKeyPair ? NULL :
+ ssl3_GetKeyPairRef(os->dheKeyPair);
+ ss->dheParams = os->dheParams;
+
/*
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
* XXX We should detect this, and not just march on with NULL pointers.
@@ -398,8 +423,11 @@
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
}
+ if (ss->dheKeyPair) {
+ ssl3_FreeKeyPair(ss->dheKeyPair);
+ ss->dheKeyPair = NULL;
+ }
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
- PORT_Assert(!ss->xtnData.sniNameArr);
if (ss->xtnData.sniNameArr) {
PORT_Free(ss->xtnData.sniNameArr);
ss->xtnData.sniNameArr = NULL;
@@ -808,6 +836,14 @@
ss->opt.enableFallbackSCSV = on;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ ss->opt.enableServerDhe = on;
+ break;
+
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ ss->opt.enableExtendedMS = on;
+ break;
+
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
ss->opt.enableSignedCertTimestamps = on;
break;
@@ -887,6 +923,9 @@
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ss->opt.reuseServerECDHEKey; break;
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ on = ss->opt.enableExtendedMS; break;
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
on = ss->opt.enableSignedCertTimestamps;
break;
@@ -959,6 +998,12 @@
case SSL_ENABLE_FALLBACK_SCSV:
on = ssl_defaults.enableFallbackSCSV;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ on = ssl_defaults.enableServerDhe;
+ break;
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ on = ssl_defaults.enableExtendedMS;
+ break;
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
on = ssl_defaults.enableSignedCertTimestamps;
break;
@@ -1145,6 +1190,14 @@
ssl_defaults.enableFallbackSCSV = on;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ ssl_defaults.enableServerDhe = on;
+ break;
+
+ case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+ ssl_defaults.enableExtendedMS = on;
+ break;
+
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
ssl_defaults.enableSignedCertTimestamps = on;
break;
@@ -1381,6 +1434,148 @@
}
SECStatus
+SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ SSLDHEGroupType *groups,
+ PRUint16 num_groups)
+{
+ sslSocket *ss;
+
+ if ((num_groups && !groups) || (!num_groups && groups)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (ss->ssl3.dheGroups) {
+ PORT_Free(ss->ssl3.dheGroups);
+ ss->ssl3.dheGroups = NULL;
+ ss->ssl3.numDHEGroups = 0;
+ }
+
+ if (groups) {
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
+ if (!ss->ssl3.dheGroups) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
+ }
+ PORT_Memcpy(ss->ssl3.dheGroups, groups,
+ sizeof(SSLDHEGroupType) * num_groups);
+ }
+ return SECSuccess;
+}
+
+
+PRCallOnceType gWeakDHParamsRegisterOnce;
+int gWeakDHParamsRegisterError;
+
+PRCallOnceType gWeakDHParamsOnce;
+int gWeakDHParamsError;
+/* As our code allocates type PQGParams, we'll keep it around,
+ * even though we only make use of it's parameters through gWeakDHParam. */
+static PQGParams *gWeakParamsPQG;
+static ssl3DHParams *gWeakDHParams;
+
+static PRStatus
+ssl3_CreateWeakDHParams(void)
+{
+ PQGVerify *vfy;
+ SECStatus rv, passed;
+
+ PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
+
+ rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
+ &gWeakParamsPQG, &vfy);
+ if (rv != SECSuccess) {
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
+ if (rv != SECSuccess || passed != SECSuccess) {
+ SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
+ SSL_GETPID()));
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
+ if (!gWeakDHParams) {
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
+ gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
+ gWeakDHParams->base.data = gWeakParamsPQG->base.data;
+ gWeakDHParams->base.len = gWeakParamsPQG->base.len;
+
+ PK11_PQG_DestroyVerify(vfy);
+ return PR_SUCCESS;
+}
+
+static SECStatus
+ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
+{
+ if (gWeakParamsPQG) {
+ PK11_PQG_DestroyParams(gWeakParamsPQG);
+ gWeakParamsPQG = NULL;
+ gWeakDHParams = NULL;
+ }
+ return SECSuccess;
+}
+
+static PRStatus
+ssl3_WeakDHParamsRegisterShutdown(void)
+{
+ SECStatus rv;
+ rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
+ if (rv != SECSuccess) {
+ gWeakDHParamsRegisterError = PORT_GetError();
+ }
+ return (PRStatus)rv;
+}
+
+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
+SECStatus
+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
+{
+ sslSocket *ss;
+ PRStatus status;
+
+ if (enabled) {
+ status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
+ ssl3_WeakDHParamsRegisterShutdown);
+ if (status != PR_SUCCESS) {
+ PORT_SetError(gWeakDHParamsRegisterError);
+ return SECFailure;
+ }
+
+ status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
+ if (status != PR_SUCCESS) {
+ PORT_SetError(gWeakDHParamsError);
+ return SECFailure;
+ }
+ }
+
+ if (!fd)
+ return SECSuccess;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ ss->ssl3.dheWeakGroupEnabled = enabled;
+ return SECSuccess;
+}
+
+SECStatus
SSL_GetChannelBinding(PRFileDesc *fd,
SSLChannelBindingType binding_type,
unsigned char *out,
@@ -1402,6 +1597,62 @@
return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
}
+#include "dhe-param.c"
+
+static const SSLDHEGroupType ssl_default_dhe_groups[] = {
+ ssl_ff_dhe_2048_group
+};
+
+/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
+static const ssl3DHParams *all_ssl3DHParams[] = {
+ NULL, /* ssl_dhe_group_none */
+ &ff_dhe_2048,
+ &ff_dhe_3072,
+ &ff_dhe_4096,
+ &ff_dhe_6144,
+ &ff_dhe_8192,
+};
+
+static SSLDHEGroupType
+selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
+{
+ if (!groups || !num_groups)
+ return ssl_dhe_group_none;
+
+ /* We don't have automatic group parameter selection yet
+ * (potentially) based on socket parameters, e.g. key sizes.
+ * For now, we return the first available group from the allowed list. */
+ return groups[0];
+}
+
+/* Ensure DH parameters have been selected */
+SECStatus
+ssl3_SelectDHParams(sslSocket *ss)
+{
+ SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
+
+ if (ss->ssl3.dheWeakGroupEnabled) {
+ ss->dheParams = gWeakDHParams;
+ } else {
+ if (ss->ssl3.dheGroups) {
+ selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
+ ss->ssl3.numDHEGroups);
+ } else {
+ size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
+ selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
+ number_of_default_groups);
+ }
+
+ if (selectedGroup == ssl_dhe_group_none ||
+ selectedGroup >= ssl_dhe_group_max) {
+ return SECFailure;
+ }
+
+ ss->dheParams = all_ssl3DHParams[selectedGroup];
+ }
+
+ return SECSuccess;
+}
/* LOCKS ??? XXX */
static PRFileDesc *
@@ -1699,6 +1950,10 @@
PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
+ PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms,
+ sizeof(ss->ssl3.signatureAlgorithms[0]) *
+ sm->ssl3.signatureAlgorithmCount);
+ ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount;
if (!ss->opt.useSecurity) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3122,6 +3377,10 @@
}
ss->requestedCertTypes = NULL;
ss->stepDownKeyPair = NULL;
+
+ ss->dheParams = NULL;
+ ss->dheKeyPair = NULL;
+
ss->dbHandle = CERT_GetDefaultCertDB();
/* Provide default implementation of hooks */
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslt.h 2016-01-13 14:18:55.633954937 +0100
@@ -1,3 +1,4 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file contains prototypes for the public SSL functions.
*
@@ -68,13 +69,35 @@
#define kt_ecdh ssl_kea_ecdh
#define kt_kea_size ssl_kea_size
+
+/* Values of this enum match the SignatureAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
typedef enum {
- ssl_sign_null = 0,
+ ssl_sign_null = 0, /* "anonymous" in TLS */
ssl_sign_rsa = 1,
ssl_sign_dsa = 2,
ssl_sign_ecdsa = 3
} SSLSignType;
+/* Values of this enum match the HashAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+typedef enum {
+ /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
+ * and SHA1. The other values are only used in TLS 1.2. */
+ ssl_hash_none = 0,
+ ssl_hash_md5 = 1,
+ ssl_hash_sha1 = 2,
+ ssl_hash_sha224 = 3,
+ ssl_hash_sha256 = 4,
+ ssl_hash_sha384 = 5,
+ ssl_hash_sha512 = 6
+} SSLHashType;
+
+typedef struct SSLSignatureAndHashAlgStr {
+ SSLHashType hashAlg;
+ SSLSignType sigAlg;
+} SSLSignatureAndHashAlg;
+
typedef enum {
ssl_auth_null = 0,
ssl_auth_rsa = 1,
@@ -136,8 +159,31 @@
/* compression method info */
const char * compressionMethodName;
SSLCompressionMethod compressionMethod;
+
+ /* The following fields are added in NSS 3.21.
+ * This field only has meaning in TLS < 1.3 and will be set to
+ * PR_FALSE in TLS 1.3.
+ */
+ PRBool extendedMasterSecretUsed;
} SSLChannelInfo;
+/* Preliminary channel info */
+#define ssl_preinfo_version (1U << 0)
+#define ssl_preinfo_cipher_suite (1U << 1)
+#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite)
+
+typedef struct SSLPreliminaryChannelInfoStr {
+ /* This is set to the length of the struct. */
+ PRUint32 length;
+ /* A bitfield over SSLPreliminaryValueSet that describes which
+ * preliminary values are set (see ssl_preinfo_*). */
+ PRUint32 valuesSet;
+ /* Protocol version: test (valuesSet & ssl_preinfo_version) */
+ PRUint16 protocolVersion;
+ /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
+ PRUint16 cipherSuite;
+} SSLPreliminaryChannelInfo;
+
typedef struct SSLCipherSuiteInfoStr {
PRUint16 length;
PRUint16 cipherSuite;
@@ -204,6 +250,7 @@
ssl_app_layer_protocol_xtn = 16,
ssl_signed_certificate_timestamp_xtn = 18, /* RFC 6962 */
ssl_padding_xtn = 21,
+ ssl_extended_master_secret_xtn = 23,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
ssl_channel_id_xtn = 30032,
@@ -211,6 +258,16 @@
ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */
} SSLExtensionType;
-#define SSL_MAX_EXTENSIONS 13 /* doesn't include ssl_padding_xtn. */
+#define SSL_MAX_EXTENSIONS 14 /* doesn't include ssl_padding_xtn. */
+
+typedef enum {
+ ssl_dhe_group_none = 0,
+ ssl_ff_dhe_2048_group = 1,
+ ssl_ff_dhe_3072_group = 2,
+ ssl_ff_dhe_4096_group = 3,
+ ssl_ff_dhe_6144_group = 4,
+ ssl_ff_dhe_8192_group = 5,
+ ssl_dhe_group_max
+} SSLDHEGroupType;
#endif /* __sslt_h_ */
diff -Nur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c 2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-nss321/src/3rdparty/chromium/net/third_party/nss/ssl/sslver.c 2016-01-13 14:18:55.633954937 +0100
@@ -12,20 +12,7 @@
#define _DEBUG_STRING ""
#endif
-#if defined(DONT_EMBED_BUILD_METADATA) && !defined(OFFICIAL_BUILD)
-#define _DATE_AND_TIME "Sep 02 2008 08:00:00"
-#else
-#define _DATE_AND_TIME __DATE__ " " __TIME__
-#endif
-
-
/*
- * Version information for the 'ident' and 'what commands
- *
- * NOTE: the first component of the concatenated rcsid string
- * must not end in a '$' to prevent rcs keyword substitution.
+ * Version information
*/
-const char __nss_ssl_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING
- " " _DATE_AND_TIME " $";
-const char __nss_ssl_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING
- " " _DATE_AND_TIME;
+const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;