|
 |
669cf7 |
diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
|
|
|
1b6f66 |
--- ./lib/ssl/ssl3con.c.dhe_and_sha384 2016-02-14 07:51:49.910312410 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/ssl3con.c 2016-02-14 08:03:31.562277561 -0800
|
|
|
1b6f66 |
@@ -68,6 +68,8 @@ static SECStatus ssl3_ComputeHandshakeHa
|
|
|
1b6f66 |
SSL3Hashes *hashes,
|
|
|
1b6f66 |
PRUint32 sender);
|
|
|
1b6f66 |
static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
|
|
|
1b6f66 |
+static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid);
|
|
|
1b6f66 |
+static CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss);
|
|
|
1b6f66 |
|
|
|
1b6f66 |
static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
|
|
|
1b6f66 |
int maxOutputLen, const unsigned char *input,
|
|
|
1b6f66 |
@@ -95,23 +97,37 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
1b6f66 |
/* cipher_suite policy enabled isPresent */
|
|
|
669cf7 |
|
|
|
669cf7 |
#ifndef NSS_DISABLE_ECC
|
|
|
1b6f66 |
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
|
|
1b6f66 |
- * bug 946147.
|
|
|
1b6f66 |
- */
|
|
|
1b6f66 |
+ /* Ephemeral ECDH */
|
|
|
1b6f66 |
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must be before TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
|
|
1b6f66 |
+ * to workaround bug 946147.
|
|
|
1b6f66 |
+ */
|
|
|
669cf7 |
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
669cf7 |
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
1b6f66 |
+ /* Ephemeral Finite Field DH */
|
|
|
1b6f66 |
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
@@ -120,17 +136,12 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
1b6f66 |
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
|
|
|
1b6f66 |
#ifndef NSS_DISABLE_ECC
|
|
|
1b6f66 |
+ /* Non ephemeral ECDH */
|
|
|
1b6f66 |
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
@@ -142,18 +153,19 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
669cf7 |
/* RSA */
|
|
|
1b6f66 |
+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
669cf7 |
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
{ TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
1b6f66 |
+ { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
|
|
|
1b6f66 |
/* 56-bit DES "domestic" cipher suites */
|
|
|
1b6f66 |
{ TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
@@ -292,6 +304,7 @@ static const ssl3BulkCipherDef bulk_ciph
|
|
|
669cf7 |
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
|
|
|
669cf7 |
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
|
|
|
669cf7 |
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
|
|
|
669cf7 |
+ {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8},
|
|
|
669cf7 |
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
|
|
|
669cf7 |
};
|
|
|
669cf7 |
|
|
|
1b6f66 |
@@ -300,8 +313,8 @@ static const ssl3KEADef kea_defs[] =
|
|
|
1b6f66 |
/* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */
|
|
|
1b6f66 |
{kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
- {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
+ {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE},
|
|
|
1b6f66 |
+ {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE},
|
|
|
1b6f66 |
{kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
{kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE},
|
|
|
1b6f66 |
@@ -327,135 +340,149 @@ static const ssl3CipherSuiteDef cipher_s
|
|
|
669cf7 |
{
|
|
|
669cf7 |
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
|
|
|
669cf7 |
|
|
|
669cf7 |
- {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
|
|
|
669cf7 |
- {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
|
|
|
669cf7 |
- {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
|
|
|
669cf7 |
+ {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
|
|
669cf7 |
- cipher_rc2_40, mac_md5, kea_rsa_export},
|
|
|
669cf7 |
+ cipher_rc2_40, mac_md5, kea_rsa_export, 0},
|
|
|
669cf7 |
#if 0 /* not implemented */
|
|
|
669cf7 |
- {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_rsa_export},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_rsa_export, 0},
|
|
|
669cf7 |
#endif
|
|
|
669cf7 |
- {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
|
|
|
669cf7 |
- {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
|
|
669cf7 |
- cipher_3des, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
- {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
+ cipher_3des, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
#if 0 /* not implemented */
|
|
|
669cf7 |
{TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_dh_dss_export},
|
|
|
669cf7 |
- {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
|
|
|
669cf7 |
- {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_dh_dss_export, 0},
|
|
|
669cf7 |
+ {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, 0},
|
|
|
669cf7 |
+ {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, 0},
|
|
|
669cf7 |
{TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_dh_rsa_export},
|
|
|
669cf7 |
- {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
|
|
|
669cf7 |
- {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_dh_rsa_export, 0},
|
|
|
669cf7 |
+ {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, 0},
|
|
|
669cf7 |
{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_dh_dss_export},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_dh_dss_export, 0},
|
|
|
669cf7 |
{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_dh_rsa_export},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_dh_rsa_export, 0},
|
|
|
669cf7 |
#endif
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
669cf7 |
- cipher_3des, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
+ cipher_3des, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
#if 0
|
|
|
669cf7 |
- {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
|
|
|
669cf7 |
+ {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, 0},
|
|
|
669cf7 |
{TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
|
|
|
669cf7 |
- cipher_des40, mac_sha, kea_dh_anon_export},
|
|
|
669cf7 |
- {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
|
|
|
669cf7 |
- {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
|
|
|
669cf7 |
+ cipher_des40, mac_sha, kea_dh_anon_export, 0},
|
|
|
669cf7 |
+ {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, 0},
|
|
|
669cf7 |
+ {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, 0},
|
|
|
669cf7 |
#endif
|
|
|
669cf7 |
|
|
|
669cf7 |
|
|
|
669cf7 |
/* New TLS cipher suites */
|
|
|
669cf7 |
- {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa},
|
|
|
669cf7 |
- {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa},
|
|
|
669cf7 |
- {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_256},
|
|
|
669cf7 |
#if 0
|
|
|
669cf7 |
- {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss},
|
|
|
669cf7 |
- {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa},
|
|
|
669cf7 |
- {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
|
|
|
669cf7 |
- {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss},
|
|
|
669cf7 |
- {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa},
|
|
|
669cf7 |
- {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
|
|
|
669cf7 |
+ {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, 0},
|
|
|
669cf7 |
+ {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, 0},
|
|
|
669cf7 |
+ {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, 0},
|
|
|
669cf7 |
+ {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, 0},
|
|
|
669cf7 |
#endif
|
|
|
669cf7 |
|
|
|
669cf7 |
- {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
- {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
{TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
|
|
669cf7 |
- cipher_camellia_128, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
+ cipher_camellia_128, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
{TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
|
669cf7 |
- cipher_camellia_128, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa},
|
|
|
669cf7 |
+ cipher_camellia_128, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, 0},
|
|
|
669cf7 |
{TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
669cf7 |
- cipher_camellia_256, mac_sha, kea_dhe_dss},
|
|
|
669cf7 |
+ cipher_camellia_256, mac_sha, kea_dhe_dss, 0},
|
|
|
669cf7 |
{TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
669cf7 |
- cipher_camellia_256, mac_sha, kea_dhe_rsa},
|
|
|
669cf7 |
+ cipher_camellia_256, mac_sha, kea_dhe_rsa, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
|
|
669cf7 |
- cipher_des, mac_sha,kea_rsa_export_1024},
|
|
|
669cf7 |
+ cipher_des, mac_sha,kea_rsa_export_1024, 0},
|
|
|
669cf7 |
{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
|
|
669cf7 |
- cipher_rc4_56, mac_sha,kea_rsa_export_1024},
|
|
|
669cf7 |
+ cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
- {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips},
|
|
|
669cf7 |
- {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips},
|
|
|
669cf7 |
+ {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0},
|
|
|
669cf7 |
+ {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
- {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa},
|
|
|
669cf7 |
- {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256},
|
|
|
669cf7 |
+#ifndef NSS_DISABLE_ECC
|
|
|
669cf7 |
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
|
|
|
669cf7 |
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
|
|
1b6f66 |
-
|
|
|
1b6f66 |
- {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
|
|
|
1b6f66 |
- {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
|
|
|
1b6f66 |
- {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, prf_384},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384},
|
|
|
669cf7 |
+#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
+ {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, prf_384},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_256},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_384},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256},
|
|
|
669cf7 |
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256},
|
|
|
669cf7 |
+ {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384},
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, 0},
|
|
|
1b6f66 |
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, 0},
|
|
|
1b6f66 |
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
#ifndef NSS_DISABLE_ECC
|
|
|
669cf7 |
- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa},
|
|
|
669cf7 |
-
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
- {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa},
|
|
|
669cf7 |
-
|
|
|
669cf7 |
- {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa},
|
|
|
669cf7 |
- {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa},
|
|
|
669cf7 |
- {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa},
|
|
|
669cf7 |
- {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa},
|
|
|
669cf7 |
- {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa},
|
|
|
669cf7 |
-
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa},
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa},
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa},
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa},
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa},
|
|
|
669cf7 |
- {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa},
|
|
|
669cf7 |
+ {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, 0},
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_256},
|
|
|
669cf7 |
+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, 0},
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, 0},
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, 0},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_256},
|
|
|
669cf7 |
+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, 0},
|
|
|
669cf7 |
|
|
|
669cf7 |
#if 0
|
|
|
669cf7 |
- {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon},
|
|
|
669cf7 |
- {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon},
|
|
|
669cf7 |
- {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon},
|
|
|
669cf7 |
- {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon},
|
|
|
669cf7 |
- {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon},
|
|
|
669cf7 |
+ {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, 0},
|
|
|
669cf7 |
+ {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, 0},
|
|
|
669cf7 |
#endif
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
};
|
|
|
1b6f66 |
@@ -496,6 +523,7 @@ static const SSLCipher2Mech alg2Mech[] =
|
|
|
669cf7 |
#define mmech_md5_hmac CKM_MD5_HMAC
|
|
|
669cf7 |
#define mmech_sha_hmac CKM_SHA_1_HMAC
|
|
|
669cf7 |
#define mmech_sha256_hmac CKM_SHA256_HMAC
|
|
|
669cf7 |
+#define mmech_sha384_hmac CKM_SHA384_HMAC
|
|
|
669cf7 |
|
|
|
669cf7 |
static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
|
|
|
669cf7 |
/* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
|
|
|
1b6f66 |
@@ -507,6 +535,7 @@ static const ssl3MACDef mac_defs[] = { /
|
|
|
669cf7 |
{hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH},
|
|
|
669cf7 |
{hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH},
|
|
|
669cf7 |
{ mac_aead, mmech_invalid, 0, 0 },
|
|
|
669cf7 |
+ {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH}
|
|
|
669cf7 |
};
|
|
|
669cf7 |
|
|
|
669cf7 |
/* indexed by SSL3BulkCipher */
|
|
|
1b6f66 |
@@ -655,19 +684,26 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
|
|
669cf7 |
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
|
|
|
669cf7 |
case TLS_RSA_WITH_AES_256_CBC_SHA256:
|
|
|
669cf7 |
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
|
|
|
669cf7 |
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
|
|
|
669cf7 |
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
|
|
|
669cf7 |
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
|
|
|
669cf7 |
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
|
|
669cf7 |
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
|
|
669cf7 |
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
|
|
669cf7 |
+ case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
|
|
1b6f66 |
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
|
|
|
1b6f66 |
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
|
|
|
669cf7 |
case TLS_RSA_WITH_NULL_SHA256:
|
|
|
669cf7 |
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
669cf7 |
|
|
|
669cf7 |
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
|
|
669cf7 |
+ case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
|
|
|
669cf7 |
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
|
669cf7 |
+ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
|
|
669cf7 |
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
|
669cf7 |
+ case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
|
|
|
1b6f66 |
case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
|
|
|
669cf7 |
+ case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
|
|
|
669cf7 |
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
|
|
|
669cf7 |
|
|
|
669cf7 |
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
|
|
|
1b6f66 |
@@ -2348,6 +2384,9 @@ ssl3_ComputeRecordMAC(
|
|
|
669cf7 |
case ssl_hmac_sha256: /* used with TLS */
|
|
|
669cf7 |
hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
|
|
|
669cf7 |
break;
|
|
|
669cf7 |
+ case ssl_hmac_sha384: /* used with TLS */
|
|
|
669cf7 |
+ hashObj = HASH_GetRawHashObject(HASH_AlgSHA384);
|
|
|
669cf7 |
+ break;
|
|
|
669cf7 |
default:
|
|
|
669cf7 |
break;
|
|
|
669cf7 |
}
|
|
|
1b6f66 |
@@ -3592,6 +3631,18 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
|
|
|
669cf7 |
return SECSuccess;
|
|
|
669cf7 |
}
|
|
|
669cf7 |
|
|
|
669cf7 |
+static CK_MECHANISM_TYPE
|
|
|
669cf7 |
+ssl3_GetPrfHashMechanism(sslSocket *ss)
|
|
|
669cf7 |
+{
|
|
|
669cf7 |
+ SSL3PRF prf_alg = ss->ssl3.hs.suite_def->prf_alg;
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ if (prf_alg == 0)
|
|
|
669cf7 |
+ return CKM_SHA256;
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ return prf_alg;
|
|
|
669cf7 |
+}
|
|
|
669cf7 |
+
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
/* This method completes the derivation of the MS from the PMS.
|
|
|
1b6f66 |
**
|
|
|
1b6f66 |
** 1. Derive the MS, if possible, else return an error.
|
|
|
1b6f66 |
@@ -3682,6 +3733,9 @@ ssl3_ComputeMasterSecretInt(sslSocket *s
|
|
|
1b6f66 |
CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
|
|
|
1b6f66 |
unsigned int master_params_len;
|
|
|
1b6f66 |
|
|
|
1b6f66 |
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
|
|
1b6f66 |
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
|
|
|
1b6f66 |
+ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
|
|
|
669cf7 |
if (isTLS12) {
|
|
|
1b6f66 |
if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
|
|
|
1b6f66 |
else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
|
|
|
1b6f66 |
@@ -3709,7 +3763,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *s
|
|
|
1b6f66 |
master_params.RandomInfo.pServerRandom = sr;
|
|
|
1b6f66 |
master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
|
|
|
1b6f66 |
if (isTLS12) {
|
|
|
1b6f66 |
- master_params.prfHashMechanism = CKM_SHA256;
|
|
|
1b6f66 |
+ master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
|
|
|
1b6f66 |
master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
|
|
1b6f66 |
} else {
|
|
|
1b6f66 |
/* prfHashMechanism is not relevant with this PRF */
|
|
|
1b6f66 |
@@ -3845,7 +3899,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
|
|
|
1b6f66 |
rv = PK11_ExtractKeyValue(pwSpec->master_secret);
|
|
|
1b6f66 |
if (rv != SECSuccess) {
|
|
|
1b6f66 |
return rv;
|
|
|
1b6f66 |
- }
|
|
|
669cf7 |
+ }
|
|
|
1b6f66 |
/* This returns the address of the secItem inside the key struct,
|
|
|
1b6f66 |
* not a copy or a reference. So, there's no need to free it.
|
|
|
1b6f66 |
*/
|
|
|
1b6f66 |
@@ -3954,7 +4008,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
|
|
|
669cf7 |
|
|
|
669cf7 |
if (isTLS12) {
|
|
|
1b6f66 |
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
|
|
1b6f66 |
- key_material_params.prfHashMechanism = CKM_SHA256;
|
|
|
669cf7 |
+ key_material_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
|
|
|
1b6f66 |
key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
|
|
|
669cf7 |
} else if (isTLS) {
|
|
|
669cf7 |
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
|
|
|
1b6f66 |
@@ -4032,7 +4086,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
|
|
|
669cf7 |
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
|
1b6f66 |
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
|
|
1b6f66 |
* then this will need to be updated. */
|
|
|
1b6f66 |
- ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
|
|
|
1b6f66 |
+ HASH_HashType ht;
|
|
|
1b6f66 |
+ CK_MECHANISM_TYPE hm;
|
|
|
1b6f66 |
+ SECOidTag ot;
|
|
|
1b6f66 |
+ SECOidData *hashOid;
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
+ hm = ssl3_GetPrfHashMechanism(ss);
|
|
|
1b6f66 |
+ hashOid = SECOID_FindOIDByMechanism(hm);
|
|
|
1b6f66 |
+ if (hashOid == NULL) {
|
|
|
1b6f66 |
+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
|
|
1b6f66 |
+ return SECFailure;
|
|
|
1b6f66 |
+ }
|
|
|
1b6f66 |
+ ot = hashOid->offset;
|
|
|
1b6f66 |
+ ht = HASH_GetHashTypeByOidTag(ot);
|
|
|
1b6f66 |
+ ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht);
|
|
|
669cf7 |
if (!ss->ssl3.hs.sha_obj) {
|
|
|
669cf7 |
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
|
|
1b6f66 |
return SECFailure;
|
|
|
1b6f66 |
@@ -4055,9 +4122,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
|
|
|
669cf7 |
* that the master secret will wind up in ...
|
|
|
669cf7 |
*/
|
|
|
669cf7 |
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
|
669cf7 |
- /* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
|
|
669cf7 |
- * then this will need to be updated. */
|
|
|
669cf7 |
- ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256);
|
|
|
669cf7 |
+ /* determine the hash from the prf */
|
|
|
669cf7 |
+ const SECOidData *hash_oid;
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ PORT_Assert(ss->ssl3.hs.suite_def);
|
|
|
669cf7 |
+ /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg)
|
|
|
1b6f66 |
+ * Convert that to the OidTag. We can then use that OidTag to create our
|
|
|
1b6f66 |
+ * PK11Context */
|
|
|
669cf7 |
+ hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
|
|
|
1b6f66 |
+ PORT_Assert(hash_oid != NULL);
|
|
|
669cf7 |
+ if (hash_oid == NULL) {
|
|
|
669cf7 |
+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
|
|
669cf7 |
+ return SECFailure;
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
+ ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset);
|
|
|
669cf7 |
if (ss->ssl3.hs.sha == NULL) {
|
|
|
669cf7 |
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
|
|
669cf7 |
return SECFailure;
|
|
|
1b6f66 |
@@ -4378,6 +4456,11 @@ ssl3_AppendSignatureAndHashAlgorithm(
|
|
|
1b6f66 |
sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
|
|
|
1b6f66 |
{
|
|
|
1b6f66 |
PRUint8 serialized[2];
|
|
|
1b6f66 |
+ unsigned char hashAlg = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg);
|
|
|
1b6f66 |
+ if (hashAlg == 0) {
|
|
|
1b6f66 |
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
|
|
1b6f66 |
+ return SECFailure;
|
|
|
1b6f66 |
+ }
|
|
|
669cf7 |
|
|
|
1b6f66 |
serialized[0] = (PRUint8)sigAndHash->hashAlg;
|
|
|
1b6f66 |
serialized[1] = (PRUint8)sigAndHash->sigAlg;
|
|
|
1b6f66 |
@@ -4499,6 +4582,7 @@ static const struct {
|
|
|
1b6f66 |
SECOidTag oid;
|
|
|
1b6f66 |
} tlsHashOIDMap[] = {
|
|
|
1b6f66 |
{ ssl_hash_sha1, SEC_OID_SHA1 },
|
|
|
1b6f66 |
+ { ssl_hash_sha224, SEC_OID_SHA224 },
|
|
|
1b6f66 |
{ ssl_hash_sha256, SEC_OID_SHA256 },
|
|
|
1b6f66 |
{ ssl_hash_sha384, SEC_OID_SHA384 },
|
|
|
1b6f66 |
{ ssl_hash_sha512, SEC_OID_SHA512 }
|
|
|
1b6f66 |
@@ -4521,6 +4605,23 @@ ssl3_TLSHashAlgorithmToOID(SSLHashType h
|
|
|
1b6f66 |
return SEC_OID_UNKNOWN;
|
|
|
1b6f66 |
}
|
|
|
1b6f66 |
|
|
|
1b6f66 |
+/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm
|
|
|
1b6f66 |
+ * identifier. If the hash is not recognised, zero is returned.
|
|
|
1b6f66 |
+ *
|
|
|
1b6f66 |
+ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
|
1b6f66 |
+static int
|
|
|
1b6f66 |
+ssl3_OIDToTLSHashAlgorithm(SECOidTag oid)
|
|
|
1b6f66 |
+{
|
|
|
1b6f66 |
+ unsigned int i;
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
+ for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) {
|
|
|
1b6f66 |
+ if (oid == tlsHashOIDMap[i].oid) {
|
|
|
1b6f66 |
+ return tlsHashOIDMap[i].tlsHash;
|
|
|
1b6f66 |
+ }
|
|
|
1b6f66 |
+ }
|
|
|
1b6f66 |
+ return 0;
|
|
|
1b6f66 |
+}
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
/* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm
|
|
|
1b6f66 |
* identifier for a given KeyType. */
|
|
|
1b6f66 |
static SECStatus
|
|
|
1b6f66 |
@@ -4843,6 +4944,11 @@ tls12_loser:
|
|
|
1b6f66 |
unsigned char md5StackBuf[256];
|
|
|
1b6f66 |
unsigned char shaStackBuf[512];
|
|
|
1b6f66 |
|
|
|
1b6f66 |
+ if (!spec->master_secret) {
|
|
|
1b6f66 |
+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
|
|
|
1b6f66 |
+ return SECFailure;
|
|
|
1b6f66 |
+ }
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
|
|
|
1b6f66 |
sizeof md5StackBuf, &md5StateLen);
|
|
|
1b6f66 |
if (md5StateBuf == NULL) {
|
|
|
1b6f66 |
@@ -6568,6 +6674,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS
|
|
|
669cf7 |
}
|
|
|
669cf7 |
ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
|
|
|
669cf7 |
|
|
|
669cf7 |
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
|
|
|
669cf7 |
+ rv = ssl3_InitHandshakeHashes(ss);
|
|
|
669cf7 |
+ if (rv != SECSuccess) {
|
|
|
669cf7 |
+ desc = internal_error;
|
|
|
669cf7 |
+ errCode = PORT_GetError();
|
|
|
669cf7 |
+ goto alert_loser;
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
+
|
|
|
669cf7 |
/* Note that if !isTLS and the extra stuff is not extensions, we
|
|
|
669cf7 |
* do NOT goto alert_loser.
|
|
|
669cf7 |
* There are some old SSL 3.0 implementations that do send stuff
|
|
|
1b6f66 |
@@ -8287,6 +8401,14 @@ compression_found:
|
|
|
669cf7 |
suites.data = NULL;
|
|
|
669cf7 |
comps.data = NULL;
|
|
|
669cf7 |
|
|
|
669cf7 |
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
|
|
|
669cf7 |
+ rv = ssl3_InitHandshakeHashes(ss);
|
|
|
669cf7 |
+ if (rv != SECSuccess) {
|
|
|
669cf7 |
+ desc = internal_error;
|
|
|
669cf7 |
+ errCode = PORT_GetError();
|
|
|
669cf7 |
+ goto alert_loser;
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
+
|
|
|
669cf7 |
ss->sec.send = ssl3_SendApplicationData;
|
|
|
669cf7 |
|
|
|
669cf7 |
/* If there are any failures while processing the old sid,
|
|
|
1b6f66 |
@@ -8857,6 +8979,15 @@ suite_found:
|
|
|
669cf7 |
}
|
|
|
669cf7 |
|
|
|
669cf7 |
ss->ssl3.hs.compression = ssl_compression_null;
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
|
|
|
669cf7 |
+ rv = ssl3_InitHandshakeHashes(ss);
|
|
|
669cf7 |
+ if (rv != SECSuccess) {
|
|
|
669cf7 |
+ desc = internal_error;
|
|
|
669cf7 |
+ errCode = PORT_GetError();
|
|
|
669cf7 |
+ goto alert_loser;
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
+
|
|
|
669cf7 |
ss->sec.send = ssl3_SendApplicationData;
|
|
|
669cf7 |
|
|
|
669cf7 |
/* we don't even search for a cache hit here. It's just a miss. */
|
|
|
1b6f66 |
@@ -9388,7 +9519,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl
|
|
|
1b6f66 |
/* Note that we don't support a handshake hash with anything other than
|
|
|
1b6f66 |
* SHA-256, so asking for a signature from clients for something else
|
|
|
1b6f66 |
* would be inviting disaster. */
|
|
|
1b6f66 |
- if (alg->hashAlg == ssl_hash_sha256) {
|
|
|
1b6f66 |
+ if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) {
|
|
|
1b6f66 |
buf[(*len)++] = (PRUint8)alg->hashAlg;
|
|
|
1b6f66 |
buf[(*len)++] = (PRUint8)alg->sigAlg;
|
|
|
1b6f66 |
}
|
|
|
1b6f66 |
@@ -10841,7 +10972,7 @@ done:
|
|
|
669cf7 |
}
|
|
|
669cf7 |
|
|
|
669cf7 |
static SECStatus
|
|
|
669cf7 |
-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
|
|
|
1b6f66 |
+ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
|
|
|
669cf7 |
PRBool isServer,
|
|
|
669cf7 |
const SSL3Hashes * hashes,
|
|
|
669cf7 |
TLSFinished * tlsFinished)
|
|
|
1b6f66 |
@@ -10864,7 +10995,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *
|
|
|
1b6f66 |
if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
|
|
1b6f66 |
tls_mac_params.prfMechanism = CKM_TLS_PRF;
|
|
|
1b6f66 |
} else {
|
|
|
1b6f66 |
- tls_mac_params.prfMechanism = CKM_SHA256;
|
|
|
1b6f66 |
+ tls_mac_params.prfMechanism = ssl3_GetPrfHashMechanism(ss);
|
|
|
1b6f66 |
}
|
|
|
1b6f66 |
tls_mac_params.ulMacLength = 12;
|
|
|
1b6f66 |
tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
|
|
|
1b6f66 |
@@ -11066,7 +11197,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32
|
|
|
669cf7 |
isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
|
|
669cf7 |
rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
|
|
|
669cf7 |
if (isTLS && rv == SECSuccess) {
|
|
|
669cf7 |
- rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished);
|
|
|
669cf7 |
+ rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished);
|
|
|
669cf7 |
}
|
|
|
669cf7 |
ssl_ReleaseSpecReadLock(ss);
|
|
|
669cf7 |
if (rv != SECSuccess) {
|
|
|
1b6f66 |
@@ -11237,7 +11368,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
|
|
|
669cf7 |
PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
|
|
|
669cf7 |
return SECFailure;
|
|
|
669cf7 |
}
|
|
|
669cf7 |
- rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
|
|
|
669cf7 |
+ rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer,
|
|
|
669cf7 |
hashes, &tlsFinished);
|
|
|
669cf7 |
if (!isServer)
|
|
|
669cf7 |
ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
|
|
|
669cf7 |
diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
|
|
|
1b6f66 |
--- ./lib/ssl/ssl3ecc.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/ssl3ecc.c 2016-02-14 07:51:49.915312514 -0800
|
|
|
1b6f66 |
@@ -919,7 +919,9 @@ static const ssl3CipherSuite ecdhe_ecdsa
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
669cf7 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
669cf7 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
0 /* end of list marker */
|
|
|
1b6f66 |
@@ -930,7 +932,9 @@ static const ssl3CipherSuite ecdhe_rsa_s
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
669cf7 |
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
669cf7 |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
0 /* end of list marker */
|
|
|
1b6f66 |
@@ -945,11 +949,15 @@ static const ssl3CipherSuite ecSuites[]
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
|
|
669cf7 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
669cf7 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
669cf7 |
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
669cf7 |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
|
|
669cf7 |
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
diff -up ./lib/ssl/ssl3prot.h.dhe_and_sha384 ./lib/ssl/ssl3prot.h
|
|
|
1b6f66 |
--- ./lib/ssl/ssl3prot.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/ssl3prot.h 2016-02-14 07:51:49.915312514 -0800
|
|
|
1b6f66 |
@@ -217,6 +217,32 @@ typedef struct {
|
|
|
1b6f66 |
} u;
|
|
|
1b6f66 |
} SSL3ServerParams;
|
|
|
1b6f66 |
|
|
|
1b6f66 |
+/* This enum reflects HashAlgorithm enum from
|
|
|
1b6f66 |
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
|
1b6f66 |
+ *
|
|
|
1b6f66 |
+ * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */
|
|
|
1b6f66 |
+typedef enum {
|
|
|
1b6f66 |
+ tls_hash_md5 = 1,
|
|
|
1b6f66 |
+ tls_hash_sha1 = 2,
|
|
|
1b6f66 |
+ tls_hash_sha224 = 3,
|
|
|
1b6f66 |
+ tls_hash_sha256 = 4,
|
|
|
1b6f66 |
+ tls_hash_sha384 = 5,
|
|
|
1b6f66 |
+ tls_hash_sha512 = 6
|
|
|
1b6f66 |
+} TLSHashAlgorithm;
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
+/* This enum reflects SignatureAlgorithm enum from
|
|
|
1b6f66 |
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
|
|
|
1b6f66 |
+typedef enum {
|
|
|
1b6f66 |
+ tls_sig_rsa = 1,
|
|
|
1b6f66 |
+ tls_sig_dsa = 2,
|
|
|
1b6f66 |
+ tls_sig_ecdsa = 3
|
|
|
1b6f66 |
+} TLSSignatureAlgorithm;
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
+typedef struct {
|
|
|
1b6f66 |
+ SECOidTag hashAlg;
|
|
|
1b6f66 |
+ TLSSignatureAlgorithm sigAlg;
|
|
|
1b6f66 |
+} SSL3SignatureAndHashAlgorithm;
|
|
|
1b6f66 |
+
|
|
|
1b6f66 |
/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
|
|
|
1b6f66 |
* prior to 1.2. */
|
|
|
1b6f66 |
typedef struct {
|
|
|
669cf7 |
diff -up ./lib/ssl/sslenum.c.dhe_and_sha384 ./lib/ssl/sslenum.c
|
|
|
1b6f66 |
--- ./lib/ssl/sslenum.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslenum.c 2016-02-14 07:51:49.915312514 -0800
|
|
|
1b6f66 |
@@ -48,23 +48,37 @@
|
|
|
1b6f66 |
*/
|
|
|
669cf7 |
const PRUint16 SSL_ImplementedCiphers[] = {
|
|
|
669cf7 |
#ifndef NSS_DISABLE_ECC
|
|
|
1b6f66 |
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
1b6f66 |
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
1b6f66 |
+ /* Ephemeral ECDH */
|
|
|
669cf7 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
1b6f66 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
669cf7 |
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
|
|
|
669cf7 |
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
|
|
|
669cf7 |
*/
|
|
|
1b6f66 |
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
1b6f66 |
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
1b6f66 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
|
1b6f66 |
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
1b6f66 |
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
1b6f66 |
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
1b6f66 |
+ /* Ephemeral Finite Field DH */
|
|
|
1b6f66 |
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
1b6f66 |
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
|
|
|
1b6f66 |
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
669cf7 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
1b6f66 |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
|
|
|
669cf7 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
@@ -73,17 +87,12 @@ const PRUint16 SSL_ImplementedCiphers[]
|
|
|
1b6f66 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
|
|
|
669cf7 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
|
669cf7 |
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
|
|
1b6f66 |
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
1b6f66 |
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
669cf7 |
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
|
|
1b6f66 |
|
|
|
1b6f66 |
#ifndef NSS_DISABLE_ECC
|
|
|
1b6f66 |
+ /* Non ephemeral ECDH */
|
|
|
1b6f66 |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
|
|
1b6f66 |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
@@ -94,18 +103,20 @@ const PRUint16 SSL_ImplementedCiphers[]
|
|
|
669cf7 |
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
1b6f66 |
+ /* RSA */
|
|
|
669cf7 |
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
1b6f66 |
+ TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
669cf7 |
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
669cf7 |
TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
669cf7 |
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
|
|
1b6f66 |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
|
1b6f66 |
- TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
1b6f66 |
- TLS_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
1b6f66 |
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
|
1b6f66 |
TLS_RSA_WITH_SEED_CBC_SHA,
|
|
|
1b6f66 |
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
TLS_RSA_WITH_RC4_128_SHA,
|
|
|
1b6f66 |
TLS_RSA_WITH_RC4_128_MD5,
|
|
|
1b6f66 |
+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
|
|
1b6f66 |
|
|
|
1b6f66 |
/* 56-bit DES "domestic" cipher suites */
|
|
|
1b6f66 |
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
|
|
669cf7 |
diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
|
|
|
1b6f66 |
--- ./lib/ssl/sslimpl.h.dhe_and_sha384 2016-02-14 07:51:49.911312431 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslimpl.h 2016-02-14 07:51:49.915312514 -0800
|
|
|
1b6f66 |
@@ -64,6 +64,7 @@ typedef SSLSignType SSL3SignType;
|
|
|
669cf7 |
#define hmac_md5 ssl_hmac_md5
|
|
|
669cf7 |
#define hmac_sha ssl_hmac_sha
|
|
|
669cf7 |
#define hmac_sha256 ssl_hmac_sha256
|
|
|
669cf7 |
+#define hmac_sha384 ssl_hmac_sha384
|
|
|
669cf7 |
#define mac_aead ssl_mac_aead
|
|
|
669cf7 |
|
|
|
669cf7 |
#define SET_ERROR_CODE /* reminder */
|
|
|
1b6f66 |
@@ -300,9 +301,9 @@ typedef struct {
|
|
|
669cf7 |
} ssl3CipherSuiteCfg;
|
|
|
669cf7 |
|
|
|
669cf7 |
#ifndef NSS_DISABLE_ECC
|
|
|
1b6f66 |
-#define ssl_V3_SUITES_IMPLEMENTED 64
|
|
|
669cf7 |
+#define ssl_V3_SUITES_IMPLEMENTED 71
|
|
|
669cf7 |
#else
|
|
|
1b6f66 |
-#define ssl_V3_SUITES_IMPLEMENTED 40
|
|
|
669cf7 |
+#define ssl_V3_SUITES_IMPLEMENTED 43
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
669cf7 |
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
|
|
1b6f66 |
@@ -486,10 +487,18 @@ typedef enum {
|
|
|
669cf7 |
cipher_camellia_256,
|
|
|
669cf7 |
cipher_seed,
|
|
|
669cf7 |
cipher_aes_128_gcm,
|
|
|
669cf7 |
+ cipher_aes_256_gcm,
|
|
|
669cf7 |
cipher_missing /* reserved for no such supported cipher */
|
|
|
669cf7 |
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
|
|
|
669cf7 |
} SSL3BulkCipher;
|
|
|
669cf7 |
|
|
|
669cf7 |
+/* The TLS PRF definition */
|
|
|
669cf7 |
+typedef enum {
|
|
|
669cf7 |
+ prf_null = 0, /* use default prf */
|
|
|
669cf7 |
+ prf_256 = CKM_SHA256,
|
|
|
669cf7 |
+ prf_384 = CKM_SHA384
|
|
|
669cf7 |
+} SSL3PRF;
|
|
|
669cf7 |
+
|
|
|
669cf7 |
typedef enum { type_stream, type_block, type_aead } CipherType;
|
|
|
669cf7 |
|
|
|
669cf7 |
#define MAX_IV_LENGTH 24
|
|
|
1b6f66 |
@@ -736,6 +745,7 @@ typedef struct ssl3CipherSuiteDefStr {
|
|
|
669cf7 |
SSL3BulkCipher bulk_cipher_alg;
|
|
|
669cf7 |
SSL3MACAlgorithm mac_alg;
|
|
|
669cf7 |
SSL3KeyExchangeAlgorithm key_exchange_alg;
|
|
|
669cf7 |
+ SSL3PRF prf_alg;
|
|
|
669cf7 |
} ssl3CipherSuiteDef;
|
|
|
669cf7 |
|
|
|
669cf7 |
/*
|
|
|
669cf7 |
diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c
|
|
|
1b6f66 |
--- ./lib/ssl/sslinfo.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslinfo.c 2016-02-14 07:51:49.915312514 -0800
|
|
|
1b6f66 |
@@ -160,6 +160,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc
|
|
|
669cf7 |
|
|
|
669cf7 |
#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
|
|
|
669cf7 |
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
|
|
|
669cf7 |
+#define M_SHA384 "SHA384", ssl_hmac_sha384, 384
|
|
|
669cf7 |
#define M_SHA "SHA1", ssl_mac_sha, 160
|
|
|
669cf7 |
#define M_MD5 "MD5", ssl_mac_md5, 128
|
|
|
669cf7 |
#define M_NULL "NULL", ssl_mac_null, 0
|
|
|
1b6f66 |
@@ -242,8 +243,21 @@ static const SSLCipherSuiteInfo suiteInf
|
|
|
669cf7 |
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
|
|
669cf7 |
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
|
|
669cf7 |
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
|
|
669cf7 |
+
|
|
|
669cf7 |
+{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0, },
|
|
|
669cf7 |
+
|
|
|
669cf7 |
#endif /* NSS_DISABLE_ECC */
|
|
|
669cf7 |
|
|
|
669cf7 |
+{0,CS(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
|
|
669cf7 |
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
|
|
|
1b6f66 |
+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
|
|
669cf7 |
+
|
|
|
669cf7 |
/* SSL 2 table */
|
|
|
669cf7 |
{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
|
|
669cf7 |
{0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, },
|
|
|
669cf7 |
diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h
|
|
|
1b6f66 |
--- ./lib/ssl/sslproto.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslproto.h 2016-02-14 07:51:49.916312535 -0800
|
|
|
1b6f66 |
@@ -205,8 +205,11 @@
|
|
|
669cf7 |
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
|
|
|
669cf7 |
|
|
|
669cf7 |
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
|
|
|
669cf7 |
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
|
|
|
669cf7 |
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
|
|
|
669cf7 |
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
|
|
|
669cf7 |
#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
|
|
|
669cf7 |
+#define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3
|
|
|
669cf7 |
|
|
|
669cf7 |
/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
|
|
|
669cf7 |
* Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
|
|
|
1b6f66 |
@@ -253,11 +256,15 @@
|
|
|
669cf7 |
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
|
|
|
669cf7 |
|
|
|
669cf7 |
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
|
|
|
669cf7 |
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
|
|
|
669cf7 |
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
|
|
|
669cf7 |
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
|
|
|
669cf7 |
|
|
|
669cf7 |
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
|
|
|
669cf7 |
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
|
|
|
669cf7 |
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
|
|
|
669cf7 |
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
|
|
669cf7 |
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
|
|
669cf7 |
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
|
|
|
669cf7 |
|
|
|
669cf7 |
/* Netscape "experimental" cipher suites. */
|
|
|
669cf7 |
diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c
|
|
|
1b6f66 |
--- ./lib/ssl/sslsecur.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslsecur.c 2016-02-14 07:51:49.916312535 -0800
|
|
|
1b6f66 |
@@ -808,6 +808,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE
|
|
|
669cf7 |
goto loser;
|
|
|
669cf7 |
}
|
|
|
1b6f66 |
}
|
|
|
669cf7 |
+ if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
|
|
|
669cf7 |
+ if (ssl3_SelectDHParams(ss) != SECSuccess) {
|
|
|
669cf7 |
+ goto loser;
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
+ }
|
|
|
669cf7 |
return SECSuccess;
|
|
|
669cf7 |
|
|
|
669cf7 |
loser:
|
|
|
669cf7 |
diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h
|
|
|
1b6f66 |
--- ./lib/ssl/sslt.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800
|
|
|
1b6f66 |
+++ ./lib/ssl/sslt.h 2016-02-14 07:51:49.916312535 -0800
|
|
|
1b6f66 |
@@ -114,7 +114,8 @@ typedef enum {
|
|
|
669cf7 |
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
|
|
669cf7 |
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
|
|
669cf7 |
ssl_hmac_sha256 = 5,
|
|
|
669cf7 |
- ssl_mac_aead = 6
|
|
|
669cf7 |
+ ssl_mac_aead = 6,
|
|
|
669cf7 |
+ ssl_hmac_sha384 = 7
|
|
|
669cf7 |
} SSLMACAlgorithm;
|
|
|
669cf7 |
|
|
|
669cf7 |
typedef enum {
|