diff -up ./cmd/certutil/keystuff.c.dhe_and_sha384 ./cmd/certutil/keystuff.c
--- ./cmd/certutil/keystuff.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./cmd/certutil/keystuff.c 2015-06-24 23:06:00.450872604 +0200
@@ -133,64 +133,92 @@ UpdateRNG(void)
}
static const unsigned char P[] = { 0,
- 0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44,
- 0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c,
- 0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb,
- 0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04,
- 0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f,
- 0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f,
- 0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69,
- 0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a,
- 0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8,
- 0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad,
- 0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3,
- 0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65,
- 0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52,
- 0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe,
- 0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb,
- 0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d };
+ 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
+ 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
+ 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
+ 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
+ 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
+ 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
+ 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
+ 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
+ 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
+ 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
+ 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
+ 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
+ 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
+ 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
+ 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
+ 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
+ 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
+ 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
+ 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
+ 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
+ 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
+ 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
+ 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
+ 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
+ 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
+ 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
+ 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
+ 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
+ 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
+ 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
+ 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
+ 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
static const unsigned char Q[] = { 0,
- 0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33,
- 0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1,
- 0x76, 0x27, 0x03, 0x81 };
+ 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
+ 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
+ 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
+ 0x3a, 0x95, 0xf4, 0xf1 };
static const unsigned char G[] = {
- 0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5,
- 0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04,
- 0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47,
- 0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c,
- 0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35,
- 0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50,
- 0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30,
- 0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e,
- 0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd,
- 0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b,
- 0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95,
- 0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87,
- 0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20,
- 0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb,
- 0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37,
- 0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 };
+ 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
+ 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
+ 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
+ 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
+ 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
+ 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
+ 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
+ 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
+ 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
+ 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
+ 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
+ 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
+ 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
+ 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
+ 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
+ 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
+ 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
+ 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
+ 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
+ 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
+ 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
+ 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
+ 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
+ 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
+ 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
+ 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
+ 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
+ 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
+ 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
+ 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
+ 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
+ 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 };
-/* h:
- * 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72:
- * c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f:
- * bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92:
- * 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77:
- * aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0:
- * b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42:
- * db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa:
- * 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e
- * SEED:
- * b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2:
- * 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16:
- * 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89:
- * f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd:
- * 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7:
- * 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b:
- * ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52:
- * af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1
- * g: 1024
- * counter: 1003
+
+/* P, Q, G have been generated using the NSS makepqg utility:
+ * makepqg -l 2048 -g 224 -r
+ * (see also: bug 1170322)
+ *
+ * h: 1 (0x1)
+ * SEED:
+ * d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:
+ * 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63:
+ * 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:
+ * e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36:
+ * b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c:
+ * 7c:9e:aa:3e
+ * g: 672
+ * counter: 0
*/
static const SECKEYPQGParams default_pqg_params = {
diff -up ./cmd/selfserv/selfserv.c.dhe_and_sha384 ./cmd/selfserv/selfserv.c
--- ./cmd/selfserv/selfserv.c.dhe_and_sha384 2015-06-24 23:06:00.423873110 +0200
+++ ./cmd/selfserv/selfserv.c 2015-06-24 23:06:00.453872547 +0200
@@ -119,16 +119,16 @@ const int ssl3CipherSuites[] = {
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
TLS_RSA_WITH_RC4_128_SHA, /* n */
- -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */
- -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */
- -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */
- -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */
- -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */
- -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */
- -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */
+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */
+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */
TLS_RSA_WITH_AES_128_CBC_SHA, /* v */
- -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */
- -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */
TLS_RSA_WITH_AES_256_CBC_SHA, /* y */
TLS_RSA_WITH_NULL_SHA, /* z */
0
@@ -141,6 +141,9 @@ static PRBool noDelay;
static int requestCert;
static int verbose;
static SECItem bigBuf;
+static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
+static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/
+static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/
static PRThread * acceptorThread;
@@ -160,11 +163,12 @@ PrintUsageHeader(const char *progName)
" [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
" [-V [min-version]:[max-version]] [-a sni_name]\n"
" [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
+" [-C SSLCacheEntries] [-S dsa_nickname]"
#ifndef NSS_DISABLE_ECC
-" [-C SSLCacheEntries] [-e ec_nickname]\n"
-#else
-" [-C SSLCacheEntries]\n"
+ " [-e ec_nickname]"
#endif /* NSS_DISABLE_ECC */
+"\n"
+" -U [0|1] -H [0|1] -W [0|1]\n"
,progName);
}
@@ -216,6 +220,9 @@ PrintParameterUsage()
" good, revoked, unknown, failure, badsig, corrupted\n"
" ocsp: fetch from external OCSP server using AIA, or none\n"
"-A <ca> Nickname of a CA used to sign a stapled cert status\n"
+"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
+"-H override default DHE server support, 0: disable, 1: enable\n"
+"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
"-c Restrict ciphers\n"
"-Y prints cipher values allowed for parameter -c and exits\n"
, stderr);
@@ -252,7 +259,16 @@ PrintCipherUsage(const char *progName)
"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
"n SSL3 RSA WITH RC4 128 SHA\n"
+"o TLS_DHE_DSS_WITH_RC4_128_SHA\n"
+"p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n"
+"q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n"
+"r TLS_DHE_RSA_WITH_DES_CBC_SHA\n"
+"s TLS_DHE_DSS_WITH_DES_CBC_SHA\n"
+"t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n"
+"u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n"
"v SSL3 RSA WITH AES 128 CBC SHA\n"
+"w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n"
+"x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n"
"y SSL3 RSA WITH AES 256 CBC SHA\n"
"z SSL3 RSA WITH NULL SHA\n"
"\n"
@@ -1909,6 +1925,18 @@ server_main(
}
}
+ if (configureDHE > -1) {
+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0));
+ }
+
+ if (configureReuseECDHE > -1) {
+ rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0));
+ }
+
+ if (configureWeakDHE > -1) {
+ rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0));
+ }
+
for (kea = kt_rsa; kea < kt_kea_size; kea++) {
if (cert[kea] != NULL) {
secStatus = SSL_ConfigSecureServer(model_sock,
@@ -2140,6 +2168,7 @@ main(int argc, char **argv)
#ifndef NSS_DISABLE_ECC
char * ecNickName = NULL;
#endif
+ char * dsaNickName = NULL;
const char * fileName = NULL;
char * cipherString= NULL;
const char * dir = ".";
@@ -2184,7 +2213,7 @@ main(int argc, char **argv)
** numbers, then capital letters, then lower case, alphabetical.
*/
optstate = PL_CreateOptState(argc, argv,
- "2:A:BC:DEL:M:NP:RT:V:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
+ "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
++optionsFound;
switch(optstate->option) {
@@ -2198,6 +2227,7 @@ main(int argc, char **argv)
case 'D': noDelay = PR_TRUE; break;
case 'E': disableStepDown = PR_TRUE; break;
+ case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break;
case 'I': /* reserved for OCSP multi-stapling */ break;
@@ -2221,6 +2251,8 @@ main(int argc, char **argv)
case 'R': disableRollBack = PR_TRUE; break;
+ case 'S': dsaNickName = PORT_Strdup(optstate->value); break;
+
case 'T':
if (enableOCSPStapling(optstate->value) != SECSuccess) {
fprintf(stderr, "Invalid OCSP stapling mode.\n");
@@ -2229,6 +2261,8 @@ main(int argc, char **argv)
}
break;
+ case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break;
+
case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
enabledVersions, enableSSL2,
&enabledVersions, &enableSSL2) != SECSuccess) {
@@ -2236,6 +2270,8 @@ main(int argc, char **argv)
}
break;
+ case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break;
+
case 'Y': PrintCipherUsage(progName); exit(0); break;
case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) {
@@ -2366,6 +2402,7 @@ main(int argc, char **argv)
}
if ((nickName == NULL)
+ && (dsaNickName == NULL)
#ifndef NSS_DISABLE_ECC
&& (ecNickName == NULL)
#endif
@@ -2597,6 +2634,33 @@ main(int argc, char **argv)
setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa,
&pwdata);
}
+ if (dsaNickName) {
+ /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa.
+ * See bug 102794.*/
+ cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata);
+ if (cert[ssl_kea_dh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName);
+ exit(12);
+ }
+ privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata);
+ if (privKey[ssl_kea_dh] == NULL) {
+ fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
+ dsaNickName);
+ exit(11);
+ }
+ if (testbypass) {
+ PRBool bypassOK;
+ if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist,
+ nciphers, &bypassOK, &pwdata) != SECSuccess) {
+ SECU_PrintError(progName, "Bypass test failed %s\n", nickName);
+ exit(14);
+ }
+ fprintf(stderr, "selfserv: %s can%s bypass\n", nickName,
+ bypassOK ? "" : "not");
+ }
+ setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh,
+ &pwdata);
+ }
#ifndef NSS_DISABLE_ECC
if (ecNickName) {
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata);
@@ -2629,6 +2693,13 @@ main(int argc, char **argv)
if (testbypass)
goto cleanup;
+ if (configureWeakDHE > 0) {
+ fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
+ rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
+ fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
+ }
+
+
/* allocate the array of thread slots, and launch the worker threads. */
rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
diff -up ./cmd/tstclnt/tstclnt.c.dhe_and_sha384 ./cmd/tstclnt/tstclnt.c
--- ./cmd/tstclnt/tstclnt.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./cmd/tstclnt/tstclnt.c 2015-06-24 23:06:00.454872529 +0200
@@ -212,7 +212,7 @@ static void PrintParameterUsage(void)
fprintf(stderr,
"%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
"%-20s All versions are enabled by default.\n"
- "%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
+ "%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
"%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
"-V [min]:[max]", "", "", "");
fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
@@ -911,7 +911,7 @@ int main(int argc, char **argv)
int npds;
int override = 0;
SSLVersionRange enabledVersions;
- PRBool enableSSL2 = PR_TRUE;
+ PRBool enableSSL2 = PR_FALSE;
int bypassPKCS11 = 0;
int disableLocking = 0;
int useExportPolicy = 0;
diff -up ./lib/ssl/dhe-param.c.dhe_and_sha384 ./lib/ssl/dhe-param.c
--- ./lib/ssl/dhe-param.c.dhe_and_sha384 2015-06-24 23:06:00.454872529 +0200
+++ ./lib/ssl/dhe-param.c 2015-06-24 23:06:00.454872529 +0200
@@ -0,0 +1,413 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+static const unsigned char ff_dhe_g2[] = { 2 };
+
+static const unsigned char ff_dhe_2048_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_2048 = {
+ { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_3072_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_3072 = {
+ { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_4096_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_4096 = {
+ { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_6144_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+ 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_6144 = {
+ { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_8192_p[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+ 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
+ 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
+ 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
+ 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
+ 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
+ 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
+ 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
+ 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
+ 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
+ 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
+ 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
+ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
+ 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
+ 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
+ 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
+ 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
+ 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
+ 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
+ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
+ 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
+ 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
+ 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_8192 = {
+ { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) },
+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c
--- ./lib/ssl/ssl3con.c.dhe_and_sha384 2015-06-24 23:06:00.448872641 +0200
+++ ./lib/ssl/ssl3con.c 2015-06-24 23:06:00.456872491 +0200
@@ -91,7 +91,11 @@ static ssl3CipherSuiteCfg cipherSuites[s
#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
* bug 946147.
*/
@@ -108,14 +112,19 @@ static ssl3CipherSuiteCfg cipherSuites[s
#endif /* NSS_DISABLE_ECC */
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -134,6 +143,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
#endif /* NSS_DISABLE_ECC */
/* RSA */
+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
@@ -281,6 +291,7 @@ static const ssl3BulkCipherDef bulk_ciph
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
+ {cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8},
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
};
@@ -316,131 +327,145 @@ static const ssl3CipherSuiteDef cipher_s
{
/* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */
- {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null},
- {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa},
- {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa},
- {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa},
- {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
- {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa},
- {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa},
+ {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, 0},
+ {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, 0},
+ {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, 0},
+ {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_256},
+ {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, 0},
+ {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, 0},
+ {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, 0},
{TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
- cipher_rc2_40, mac_md5, kea_rsa_export},
+ cipher_rc2_40, mac_md5, kea_rsa_export, 0},
#if 0 /* not implemented */
- {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa},
+ {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, 0},
{TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_rsa_export},
+ cipher_des40, mac_sha, kea_rsa_export, 0},
#endif
- {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa},
- {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa},
- {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss},
+ {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, 0},
+ {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, 0},
+ {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, 0},
{TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
- cipher_3des, mac_sha, kea_dhe_dss},
- {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss},
+ cipher_3des, mac_sha, kea_dhe_dss, 0},
+ {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, 0},
#if 0 /* not implemented */
{TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_dss_export},
- {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss},
- {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss},
+ cipher_des40, mac_sha, kea_dh_dss_export, 0},
+ {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, 0},
+ {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, 0},
{TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_rsa_export},
- {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa},
- {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa},
+ cipher_des40, mac_sha, kea_dh_rsa_export, 0},
+ {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, 0},
+ {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, 0},
{TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_dss_export},
+ cipher_des40, mac_sha, kea_dh_dss_export, 0},
{TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_rsa_export},
+ cipher_des40, mac_sha, kea_dh_rsa_export, 0},
#endif
- {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa},
+ {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, 0},
{TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
- cipher_3des, mac_sha, kea_dhe_rsa},
+ cipher_3des, mac_sha, kea_dhe_rsa, 0},
#if 0
- {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
+ {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, 0},
{TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
- cipher_des40, mac_sha, kea_dh_anon_export},
- {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon},
- {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon},
+ cipher_des40, mac_sha, kea_dh_anon_export, 0},
+ {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, 0},
+ {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, 0},
#endif
/* New TLS cipher suites */
- {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa},
- {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa},
- {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss},
- {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa},
- {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa},
- {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa},
- {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa},
- {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss},
- {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa},
- {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa},
+ {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, 0},
+ {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, prf_256},
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, 0},
+ {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, 0},
+ {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_256},
+ {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, 0},
+ {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_256},
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, 0},
+ {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, 0},
+ {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_256},
#if 0
- {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss},
- {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa},
- {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon},
- {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss},
- {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa},
- {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
+ {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, 0},
+ {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, 0},
+ {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, 0},
+ {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, 0},
+ {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, 0},
+ {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, 0},
#endif
- {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa},
+ {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa, 0},
- {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
+ {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, 0},
{TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- cipher_camellia_128, mac_sha, kea_dhe_dss},
+ cipher_camellia_128, mac_sha, kea_dhe_dss, 0},
{TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- cipher_camellia_128, mac_sha, kea_dhe_rsa},
- {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa},
+ cipher_camellia_128, mac_sha, kea_dhe_rsa, 0},
+ {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, 0},
{TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- cipher_camellia_256, mac_sha, kea_dhe_dss},
+ cipher_camellia_256, mac_sha, kea_dhe_dss, 0},
{TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- cipher_camellia_256, mac_sha, kea_dhe_rsa},
+ cipher_camellia_256, mac_sha, kea_dhe_rsa, 0},
{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- cipher_des, mac_sha,kea_rsa_export_1024},
+ cipher_des, mac_sha,kea_rsa_export_1024, 0},
{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
- cipher_rc4_56, mac_sha,kea_rsa_export_1024},
+ cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0},
- {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips},
- {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips},
+ {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0},
+ {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, 0},
- {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa},
- {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
+ {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256},
+ {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256},
+#ifndef NSS_DISABLE_ECC
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
+ {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256},
+ {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256},
+ {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384},
+ {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384},
+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, prf_384},
+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384},
+#endif /* NSS_DISABLE_ECC */
+ {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, prf_384},
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_256},
+ {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_384},
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256},
+ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256},
+ {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384},
#ifndef NSS_DISABLE_ECC
- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},
- {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa},
- {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa},
- {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa},
- {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa},
-
- {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa},
- {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa},
- {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa},
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa},
- {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa},
- {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa},
-
- {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa},
- {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa},
- {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa},
- {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa},
- {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa},
-
- {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa},
- {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa},
- {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa},
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa},
- {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa},
- {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa},
+ {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, 0},
+ {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, 0},
+ {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, 0},
+ {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, 0},
+ {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, 0},
+
+ {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, 0},
+ {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, 0},
+ {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, 0},
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, 0},
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_256},
+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, 0},
+
+ {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, 0},
+ {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, 0},
+ {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, 0},
+ {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, 0},
+ {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, 0},
+
+ {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, 0},
+ {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, 0},
+ {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, 0},
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, 0},
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_256},
+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, 0},
#if 0
- {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon},
- {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon},
- {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon},
- {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon},
- {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon},
+ {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, 0},
+ {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, 0},
+ {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, 0},
+ {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, 0},
+ {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, 0},
#endif
#endif /* NSS_DISABLE_ECC */
};
@@ -481,6 +506,7 @@ static const SSLCipher2Mech alg2Mech[] =
#define mmech_md5_hmac CKM_MD5_HMAC
#define mmech_sha_hmac CKM_SHA_1_HMAC
#define mmech_sha256_hmac CKM_SHA256_HMAC
+#define mmech_sha384_hmac CKM_SHA384_HMAC
static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
/* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
@@ -492,6 +518,7 @@ static const ssl3MACDef mac_defs[] = { /
{hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH},
{hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH},
{ mac_aead, mmech_invalid, 0, 0 },
+ {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH}
};
/* indexed by SSL3BulkCipher */
@@ -640,16 +667,26 @@ ssl3_CipherSuiteAllowedForVersionRange(
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_AES_256_CBC_SHA256:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+ case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_CBC_SHA256:
case TLS_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_RSA_WITH_AES_256_GCM_SHA384:
+ case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+ case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
case TLS_RSA_WITH_NULL_SHA256:
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+ case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+ case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+ case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
/* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
@@ -772,16 +809,11 @@ ssl3_config_match_init(sslSocket *ss)
* that the server uses an RSA cert for (EC)DHE-RSA.
*/
switch (cipher_def->key_exchange_alg) {
+ case kea_dhe_dss:
+ svrAuth = ss->serverCerts + ssl_kea_dh;
+ break;
case kea_ecdhe_rsa:
-#if NSS_SERVER_DHE_IMPLEMENTED
- /* XXX NSS does not yet implement the server side of _DHE_
- * cipher suites. Correcting the computation for svrAuth,
- * as the case below does, causes NSS SSL servers to begin to
- * negotiate cipher suites they do not implement. So, until
- * server side _DHE_ is implemented, keep this disabled.
- */
case kea_dhe_rsa:
-#endif
svrAuth = ss->serverCerts + kt_rsa;
break;
case kea_ecdh_ecdsa:
@@ -793,6 +825,8 @@ ssl3_config_match_init(sslSocket *ss)
* simultaneously. For now, both of them use
* whatever is in the certificate slot for kt_ecdh
*/
+ case kea_dhe_dss_export:
+ case kea_dhe_rsa_export:
default:
svrAuth = ss->serverCerts + exchKeyType;
break;
@@ -829,11 +863,22 @@ ssl3_config_match_init(sslSocket *ss)
* cipher suite. */
static PRBool
config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
- const SSLVersionRange *vrange)
+ const SSLVersionRange *vrange, const sslSocket *ss)
{
+ const ssl3CipherSuiteDef *cipher_def;
+
PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
if (policy == SSL_NOT_ALLOWED || !enabled)
- return PR_FALSE;
+ return PR_FALSE;
+
+ cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
+ PORT_Assert(cipher_def != NULL);
+
+ PORT_Assert(ss != NULL);
+ if (ss->sec.isServer && !ss->opt.enableServerDhe &&
+ kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh)
+ return PR_FALSE;
+
return (PRBool)(suite->enabled &&
suite->isPresent &&
suite->policy != SSL_NOT_ALLOWED &&
@@ -854,7 +899,7 @@ count_cipher_suites(sslSocket *ss, int p
return 0;
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
- if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
+ if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss))
count++;
}
if (count <= 0) {
@@ -2321,6 +2366,9 @@ ssl3_ComputeRecordMAC(
case ssl_hmac_sha256: /* used with TLS */
hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
break;
+ case ssl_hmac_sha384: /* used with TLS */
+ hashObj = HASH_GetRawHashObject(HASH_AlgSHA384);
+ break;
default:
break;
}
@@ -3563,6 +3611,17 @@ ssl3_HandleChangeCipherSpecs(sslSocket *
return SECSuccess;
}
+static CK_MECHANISM_TYPE
+ssl3_GetPrfHashMechanism(sslSocket *ss)
+{
+ SSL3PRF prf_alg = ss->ssl3.hs.suite_def->prf_alg;
+
+ if (prf_alg == 0)
+ return CKM_SHA256;
+
+ return prf_alg;
+}
+
/* This method uses PKCS11 to derive the MS from the PMS, where PMS
** is a PKCS11 symkey. This is used in all cases except the
** "triple bypass" with RSA key exchange.
@@ -3592,15 +3651,17 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
SECItem params;
CK_FLAGS keyFlags;
CK_VERSION pms_version;
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
+ /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+ unsigned int master_params_len;
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
if (isTLS12) {
- if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
- else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+ else master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
keyFlags = CKF_SIGN | CKF_VERIFY;
} else if (isTLS) {
if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
@@ -3624,6 +3685,12 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P
master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
master_params.RandomInfo.pServerRandom = sr;
master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+ if (isTLS12) {
+ master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+ master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
+ } else {
+ master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
+ }
params.data = (unsigned char *) &master_params;
params.len = sizeof master_params;
@@ -3756,7 +3823,9 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
PK11SymKey * symKey = NULL;
void * pwArg = ss->pkcs11PinArg;
int keySize;
- CK_SSL3_KEY_MAT_PARAMS key_material_params;
+ CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
+ * CK_SSL3_KEY_MAT_PARAMS */
+ unsigned int key_material_params_len;
CK_SSL3_KEY_MAT_OUT returnedKeys;
CK_MECHANISM_TYPE key_derive;
CK_MECHANISM_TYPE bulk_mechanism;
@@ -3810,17 +3879,21 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke
PORT_Assert( alg2Mech[calg].calg == calg);
bulk_mechanism = alg2Mech[calg].cmech;
- params.data = (unsigned char *)&key_material_params;
- params.len = sizeof(key_material_params);
-
if (isTLS12) {
- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+ key_material_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+ key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
} else if (isTLS) {
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
} else {
key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
}
+ params.data = (unsigned char *)&key_material_params;
+ params.len = key_material_params_len;
+
/* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
* DERIVE by DEFAULT */
symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms,
@@ -3883,9 +3956,9 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
#ifndef NO_PKCS11_BYPASS
if (ss->opt.bypassPKCS11) {
PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone);
+ /* If we ever support ciphersuites where the PRF hash isn't SHA-256
+ * then this will need to be updated. */
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
- /* If we ever support ciphersuites where the PRF hash isn't SHA-256
- * then this will need to be updated. */
ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
if (!ss->ssl3.hs.sha_obj) {
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
@@ -3909,9 +3982,19 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
* that the master secret will wind up in ...
*/
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
- /* If we ever support ciphersuites where the PRF hash isn't SHA-256
- * then this will need to be updated. */
- ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256);
+ /* determine the hash from the prf */
+ const SECOidData *hash_oid;
+
+ PORT_Assert(ss->ssl3.hs.suite_def);
+ /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg)
+ * Convert that to the OidTag.
+ * We can then use that OidTag to create our PK11Context */
+ hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
+ if (hash_oid == NULL) {
+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+ return SECFailure;
+ }
+ ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset);
if (ss->ssl3.hs.sha == NULL) {
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
return SECFailure;
@@ -5279,7 +5362,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
}
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) {
actual_count++;
if (actual_count > num_suites) {
if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
@@ -6305,13 +6388,6 @@ ssl3_HandleServerHello(sslSocket *ss, SS
}
isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
- rv = ssl3_InitHandshakeHashes(ss);
- if (rv != SECSuccess) {
- desc = internal_error;
- errCode = PORT_GetError();
- goto alert_loser;
- }
-
rv = ssl3_ConsumeHandshake(
ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
if (rv != SECSuccess) {
@@ -6338,7 +6414,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
if (temp == suite->cipher_suite) {
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
/* config_match already checks whether the cipher suite is
* acceptable for the version, but the check is repeated here
* in order to give a more precise error code. */
@@ -6390,6 +6466,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS
}
ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
+ rv = ssl3_InitHandshakeHashes(ss);
+ if (rv != SECSuccess) {
+ desc = internal_error;
+ errCode = PORT_GetError();
+ goto alert_loser;
+ }
+
/* Note that if !isTLS and the extra stuff is not extensions, we
* do NOT goto alert_loser.
* There are some old SSL 3.0 implementations that do send stuff
@@ -7609,6 +7693,22 @@ ssl3_SendServerHelloSequence(sslSocket *
/* An empty TLS Renegotiation Info (RI) extension */
static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00};
+static PRBool
+ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea)
+{
+ switch (kea) {
+ case kea_dhe_dss:
+ case kea_dhe_dss_export:
+ case kea_dh_dss_export:
+ case kea_dh_dss:
+ /* TODO: Fix session tickets for DSS. The server code rejects the
+ * session ticket received from the client. Bug 1174677 */
+ return PR_FALSE;
+ default:
+ return PR_TRUE;
+ };
+}
+
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 Client Hello message.
* Caller must hold Handshake and RecvBuf locks.
@@ -7631,6 +7731,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
SECItem comps = {siBuffer, NULL, 0};
PRBool haveSpecWriteLock = PR_FALSE;
PRBool haveXmitBufLock = PR_FALSE;
+ PRBool canOfferSessionTicket = PR_FALSE;
SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
SSL_GETPID(), ss->fd));
@@ -7704,13 +7805,6 @@ ssl3_HandleClientHello(sslSocket *ss, SS
goto alert_loser;
}
- rv = ssl3_InitHandshakeHashes(ss);
- if (rv != SECSuccess) {
- desc = internal_error;
- errCode = PORT_GetError();
- goto alert_loser;
- }
-
/* grab the client random data. */
rv = ssl3_ConsumeHandshake(
ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
@@ -7870,8 +7964,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
* resuming.)
*/
if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) {
- ssl3_RegisterServerHelloExtensionSender(ss,
- ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
+ canOfferSessionTicket = PR_TRUE;
}
if (sid != NULL) {
@@ -7950,7 +8043,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
* The product policy won't change during the process lifetime.
* Implemented ("isPresent") shouldn't change for servers.
*/
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange))
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss))
break;
#else
if (!suite->enabled)
@@ -7999,7 +8092,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
continue;
}
for (i = 0; i + 1 < suites.len; i += 2) {
@@ -8016,6 +8109,15 @@ ssl3_HandleClientHello(sslSocket *ss, SS
goto alert_loser;
suite_found:
+ if (canOfferSessionTicket)
+ canOfferSessionTicket = ssl3_KEAAllowsSessionTicket(
+ ss->ssl3.hs.suite_def->key_exchange_alg);
+
+ if (canOfferSessionTicket) {
+ ssl3_RegisterServerHelloExtensionSender(ss,
+ ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn);
+ }
+
/* Select a compression algorithm. */
for (i = 0; i < comps.len; i++) {
if (!compressionEnabled(ss, comps.data[i]))
@@ -8036,6 +8138,14 @@ compression_found:
suites.data = NULL;
comps.data = NULL;
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
+ rv = ssl3_InitHandshakeHashes(ss);
+ if (rv != SECSuccess) {
+ desc = internal_error;
+ errCode = PORT_GetError();
+ goto alert_loser;
+ }
+
ss->sec.send = ssl3_SendApplicationData;
/* If there are any failures while processing the old sid,
@@ -8479,13 +8589,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
goto alert_loser;
}
- rv = ssl3_InitHandshakeHashes(ss);
- if (rv != SECSuccess) {
- desc = internal_error;
- errCode = PORT_GetError();
- goto alert_loser;
- }
-
/* if we get a non-zero SID, just ignore it. */
if (length !=
SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
@@ -8533,7 +8636,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss,
for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
SSLVersionRange vrange = {ss->version, ss->version};
- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) {
continue;
}
for (i = 0; i+2 < suite_length; i += 3) {
@@ -8572,6 +8675,15 @@ suite_found:
}
ss->ssl3.hs.compression = ssl_compression_null;
+
+ /* Wait until we've figured out the cipher suite before we initialize the handshake hashes */
+ rv = ssl3_InitHandshakeHashes(ss);
+ if (rv != SECSuccess) {
+ desc = internal_error;
+ errCode = PORT_GetError();
+ goto alert_loser;
+ }
+
ss->sec.send = ssl3_SendApplicationData;
/* we don't even search for a cache hit here. It's just a miss. */
@@ -8732,6 +8844,154 @@ ssl3_SendServerHello(sslSocket *ss)
return SECSuccess;
}
+static SECStatus
+ssl3_PickSignatureHashAlgorithm(sslSocket *ss,
+ SSL3SignatureAndHashAlgorithm* out);
+
+static SECStatus
+ssl3_SendDHServerKeyExchange(sslSocket *ss)
+{
+ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
+ SECStatus rv = SECFailure;
+ int length;
+ PRBool isTLS;
+ SECItem signed_hash = {siBuffer, NULL, 0};
+ SSL3Hashes hashes;
+ SSL3SignatureAndHashAlgorithm sigAndHash;
+ SECKEYDHParams dhParam;
+
+ ssl3KeyPair *keyPair = NULL;
+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */
+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
+ int certIndex = -1;
+
+ if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
+ /* TODO: Support DH_anon. It might be sufficient to drop the signature.
+ See bug 1170510. */
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ return SECFailure;
+ }
+
+ dhParam.prime.data = ss->dheParams->prime.data;
+ dhParam.prime.len = ss->dheParams->prime.len;
+ dhParam.base.data = ss->dheParams->base.data;
+ dhParam.base.len = ss->dheParams->base.len;
+
+ PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
+ dhParam.prime.len));
+ PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
+ dhParam.base.len));
+
+ /* Generate ephemeral DH keypair */
+ privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
+ if (!privKey || !pubKey) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ rv = SECFailure;
+ goto loser;
+ }
+
+ keyPair = ssl3_NewKeyPair(privKey, pubKey);
+ if (!keyPair) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ goto loser;
+ }
+
+ PRINT_BUF(50, (ss, "DH public value:",
+ pubKey->u.dh.publicValue.data,
+ pubKey->u.dh.publicValue.len));
+
+ if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) {
+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+ goto loser;
+ }
+
+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg,
+ pubKey->u.dh.prime,
+ pubKey->u.dh.base,
+ pubKey->u.dh.publicValue,
+ &ss->ssl3.hs.client_random,
+ &ss->ssl3.hs.server_random,
+ &hashes, ss->opt.bypassPKCS11);
+ if (rv != SECSuccess) {
+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
+ /* It has been suggested to test kea_def->signKeyType instead, and to use
+ * ssl_auth_* instead. Investigate what to do. See bug 102794. */
+ if (kea_def->kea == kea_dhe_rsa)
+ certIndex = ssl_kea_rsa;
+ else
+ certIndex = ssl_kea_dh;
+
+ isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY,
+ &signed_hash, isTLS);
+ if (rv != SECSuccess) {
+ goto loser; /* ssl3_SignHashes has set err. */
+ }
+ if (signed_hash.data == NULL) {
+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+ length = 2 + pubKey->u.dh.prime.len +
+ 2 + pubKey->u.dh.base.len +
+ 2 + pubKey->u.dh.publicValue.len +
+ 2 + signed_hash.len;
+
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ length += 2;
+ }
+
+ rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
+ pubKey->u.dh.prime.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
+ pubKey->u.dh.base.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data,
+ pubKey->u.dh.publicValue.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+
+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+ }
+
+ rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
+ signed_hash.len, 2);
+ if (rv != SECSuccess) {
+ goto loser; /* err set by AppendHandshake. */
+ }
+ PORT_Free(signed_hash.data);
+ ss->dheKeyPair = keyPair;
+ return SECSuccess;
+
+loser:
+ if (signed_hash.data)
+ PORT_Free(signed_hash.data);
+ if (privKey)
+ SECKEY_DestroyPrivateKey(privKey);
+ if (pubKey)
+ SECKEY_DestroyPublicKey(pubKey);
+ return SECFailure;
+}
+
/* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing
* elements of the handshake. (The negotiated cipher suite determines the
* signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always
@@ -8906,6 +9166,11 @@ ssl3_SendServerKeyExchange(sslSocket *ss
PORT_Free(signed_hash.data);
return SECSuccess;
+ case ssl_kea_dh: {
+ rv = ssl3_SendDHServerKeyExchange(ss);
+ return rv;
+ }
+
#ifndef NSS_DISABLE_ECC
case kt_ecdh: {
rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash);
@@ -8913,7 +9178,6 @@ ssl3_SendServerKeyExchange(sslSocket *ss
}
#endif /* NSS_DISABLE_ECC */
- case kt_dh:
case kt_null:
default:
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
@@ -9322,6 +9586,59 @@ double_bypass:
return SECSuccess;
}
+static SECStatus
+ssl3_HandleDHClientKeyExchange(sslSocket *ss,
+ SSL3Opaque *b,
+ PRUint32 length,
+ SECKEYPublicKey *srvrPubKey,
+ SECKEYPrivateKey *serverKey)
+{
+ PK11SymKey *pms;
+ SECStatus rv;
+ SECKEYPublicKey clntPubKey;
+ CK_MECHANISM_TYPE target;
+ PRBool isTLS;
+
+ PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
+ PORT_Assert( srvrPubKey );
+
+ clntPubKey.keyType = dhKey;
+ clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len;
+ clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data;
+ clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len;
+ clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data;
+
+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
+ 2, &b, &length);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+ if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+ else target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+
+ /* Determine the PMS */
+ pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL,
+ CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
+ if (pms == NULL) {
+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+ goto loser;
+ }
+
+ rv = ssl3_InitPendingCipherSpec(ss, pms);
+ PK11_FreeSymKey(pms); pms = NULL;
+
+loser:
+ if (ss->dheKeyPair) {
+ ssl3_FreeKeyPair(ss->dheKeyPair);
+ ss->dheKeyPair = NULL;
+ }
+ return rv;
+}
+
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 ClientKeyExchange message from the remote client
@@ -9334,9 +9651,7 @@ ssl3_HandleClientKeyExchange(sslSocket *
SECStatus rv;
const ssl3KEADef *kea_def;
ssl3KeyPair *serverKeyPair = NULL;
-#ifndef NSS_DISABLE_ECC
SECKEYPublicKey *serverPubKey = NULL;
-#endif /* NSS_DISABLE_ECC */
SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
SSL_GETPID(), ss->fd));
@@ -9366,6 +9681,16 @@ ssl3_HandleClientKeyExchange(sslSocket *
ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB;
} else
skip:
+ if (kea_def->kea == kea_dhe_dss ||
+ kea_def->kea == kea_dhe_rsa) {
+ if (ss->dheKeyPair) {
+ serverKeyPair = ss->dheKeyPair;
+ if (serverKeyPair->pubKey) {
+ ss->sec.keaKeyBits =
+ SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
+ }
+ }
+ } else
#ifndef NSS_DISABLE_ECC
/* XXX Using SSLKEAType to index server certifiates
* does not work for (EC)DHE ciphers. Until we have
@@ -9411,6 +9736,21 @@ skip:
}
break;
+ case ssl_kea_dh:
+ if (ss->dheKeyPair && ss->dheKeyPair->pubKey) {
+ serverPubKey = ss->dheKeyPair->pubKey;
+ }
+ if (!serverPubKey) {
+ PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+ return SECFailure;
+ }
+ rv = ssl3_HandleDHClientKeyExchange(ss, b, length,
+ serverPubKey, serverKey);
+ if (rv != SECSuccess) {
+ SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+ return SECFailure; /* error code set */
+ }
+ break;
#ifndef NSS_DISABLE_ECC
case kt_ecdh:
@@ -10181,21 +10521,39 @@ done:
}
static SECStatus
-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
+ssl3_ComputeTLSFinished(sslSocket *ss,
+ ssl3CipherSpec *spec,
PRBool isServer,
const SSL3Hashes * hashes,
TLSFinished * tlsFinished)
{
- const char * label;
- unsigned int len;
- SECStatus rv;
-
- label = isServer ? "server finished" : "client finished";
- len = 15;
-
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw,
- hashes->len, tlsFinished->verify_data,
- sizeof tlsFinished->verify_data);
+ SECStatus rv;
+ CK_TLS12_MAC_PARAMS tls12_mac_params;
+ SECItem param = {siBuffer, NULL, 0};
+ PK11Context *prf_context;
+ unsigned int retLen;
+
+ if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+ tls12_mac_params.prfHashMechanism = CKM_TLS_PRF;
+ } else {
+ tls12_mac_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+ }
+ tls12_mac_params.ulMacLength = 12;
+ tls12_mac_params.ulServerOrClient = isServer ? 1 : 2;
+ param.data = (unsigned char *)&tls12_mac_params;
+ param.len = sizeof(tls12_mac_params);
+ prf_context = PK11_CreateContextBySymKey(CKM_TLS12_MAC, CKA_SIGN,
+ spec->master_secret, ¶m);
+ if (!prf_context)
+ return SECFailure;
+
+ rv = PK11_DigestBegin(prf_context);
+ rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
+ rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
+ sizeof tlsFinished->verify_data);
+ PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
+
+ PK11_DestroyContext(prf_context, PR_TRUE);
return rv;
}
@@ -10380,7 +10738,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32
isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
if (isTLS && rv == SECSuccess) {
- rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished);
+ rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished);
}
ssl_ReleaseSpecReadLock(ss);
if (rv != SECSuccess) {
@@ -10544,7 +10902,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
return SECFailure;
}
- rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
+ rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer,
hashes, &tlsFinished);
if (!isServer)
ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
@@ -10590,7 +10948,8 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
* ServerHello message.)
*/
if (isServer && !ss->ssl3.hs.isResuming &&
- ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) {
+ ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
+ ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) {
/* RFC 5077 Section 3.3: "In the case of a full handshake, the
* server MUST verify the client's Finished message before sending
* the ticket." Presumably, this also means that the client's
@@ -10638,7 +10997,8 @@ xmit_loser:
return rv;
}
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
@@ -11856,8 +12216,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair)
}
}
-
-
/*
* Creates the public and private RSA keys for SSL Step down.
* Called from SSL_ConfigSecureServer in sslsecur.c
@@ -11889,7 +12247,6 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss
return rv;
}
-
/* record the export policy for this cipher suite */
SECStatus
ssl3_SetPolicy(ssl3CipherSuite which, int policy)
@@ -12022,7 +12379,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocke
/* ssl3_config_match_init was called by the caller of this function. */
for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
- if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) {
+ if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) {
if (cs != NULL) {
*cs++ = 0x00;
*cs++ = (suite->cipher_suite >> 8) & 0xFF;
@@ -12147,6 +12504,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
}
}
+ if (ss->ssl3.dheGroups) {
+ PORT_Free(ss->ssl3.dheGroups);
+ }
+
ss->ssl3.initialized = PR_FALSE;
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c
--- ./lib/ssl/ssl3ecc.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/ssl3ecc.c 2015-06-24 23:09:45.987637456 +0200
@@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket
pubKey->u.ec.publicValue.len));
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
@@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSock
isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
if (isTLS12) {
- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256;
+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
} else if (isTLS) {
target = CKM_TLS_MASTER_KEY_DERIVE_DH;
} else {
@@ -914,7 +914,9 @@ static const ssl3CipherSuite ecdhe_ecdsa
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
0 /* end of list marker */
@@ -925,7 +927,9 @@ static const ssl3CipherSuite ecdhe_rsa_s
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
0 /* end of list marker */
@@ -940,11 +944,15 @@ static const ssl3CipherSuite ecSuites[]
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
diff -up ./lib/ssl/ssl3ext.c.dhe_and_sha384 ./lib/ssl/ssl3ext.c
--- ./lib/ssl/ssl3ext.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/ssl3ext.c 2015-06-24 23:06:00.457872472 +0200
@@ -1125,7 +1125,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
sslSessionID sid;
PORT_Memset(&sid, 0, sizeof(sslSessionID));
- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) {
+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa ||
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) {
effectiveExchKeyType = kt_rsa;
} else {
effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType;
diff -up ./lib/ssl/ssl.def.dhe_and_sha384 ./lib/ssl/ssl.def
--- ./lib/ssl/ssl.def.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/ssl.def 2015-06-24 23:06:00.454872529 +0200
@@ -171,3 +171,13 @@ SSL_SetCanFalseStartCallback;
;+ local:
;+*;
;+};
+;+NSS_3.20 { # NSS 3.20 release
+;+ global:
+;+# If the 3.20 release includes any additional functions
+;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup
+;+# they should be labeled as NSS_3.20a
+SSL_DHEGroupPrefSet;
+SSL_EnableWeakDHEPrimeGroup;
+;+ local:
+;+*;
+;+};
diff -up ./lib/ssl/sslenum.c.dhe_and_sha384 ./lib/ssl/sslenum.c
--- ./lib/ssl/sslenum.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/sslenum.c 2015-06-24 23:06:00.457872472 +0200
@@ -49,7 +49,11 @@
const PRUint16 SSL_ImplementedCiphers[] = {
#ifndef NSS_DISABLE_ECC
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
*/
@@ -66,14 +70,19 @@ const PRUint16 SSL_ImplementedCiphers[]
#endif /* NSS_DISABLE_ECC */
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
@@ -91,6 +100,7 @@ const PRUint16 SSL_ImplementedCiphers[]
TLS_ECDH_RSA_WITH_RC4_128_SHA,
#endif /* NSS_DISABLE_ECC */
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
diff -up ./lib/ssl/ssl.h.dhe_and_sha384 ./lib/ssl/ssl.h
--- ./lib/ssl/ssl.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/ssl.h 2015-06-24 23:06:00.454872529 +0200
@@ -185,12 +185,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
* reused for multiple handshakes or generated each time.
* SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
+ * This socket option is for ECDHE, only. It is unrelated to DHE.
*/
#define SSL_REUSE_SERVER_ECDHE_KEY 27
#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in
* handshakes. */
+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
+ */
+#define SSL_ENABLE_SERVER_DHE 29
+
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
@@ -292,6 +297,46 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
+** parameters that can be used by NSS for the given server socket.
+** The first item in the array is used as the default group, if no other
+** selection criteria can be used by NSS.
+** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
+** If more than one group identifier is provided, NSS will select the one to use.
+** For example, a TLS extension sent by the client might indicate a preference.
+*/
+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ SSLDHEGroupType *groups,
+ PRUint16 num_groups);
+
+/* Enable the use of a DHE group that's smaller than the library default,
+** for backwards compatibility reasons. The DH parameters will be created
+** at the time this function is called, which might take a very long time.
+** The function will block until generation is completed.
+** The intention is to enforce that fresh and safe parameters are generated
+** each time a process is started.
+** At the time this API was initially implemented, the API will enable the
+** use of 1024 bit DHE parameters. This value might get increased in future
+** versions of NSS.
+**
+** It is allowed to call this API will a NULL value for parameter fd,
+** which will prepare the global parameters that NSS will reuse for the remainder
+** of the process lifetime. This can be used early after startup of a process,
+** to avoid a delay when handling incoming client connections.
+** This preparation with a NULL for parameter fd will NOT enable the weak group
+** on sockets. The function needs to be called again for every socket that
+** should use the weak group.
+**
+** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API.
+** If both APIs have been called, the weakest group will be used,
+** unless it is certain that the client supports larger group parameters.
+** The weak group will be used as the default group, overriding the preference
+** for the first group potentially set with a call to SSL_DHEGroupPrefSet
+** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but
+** it's no longer the default group.)
+*/
+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
+
/* SSL Version Range API
**
** This API should be used to control SSL 3.0 & TLS support instead of the
diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h
--- ./lib/ssl/sslimpl.h.dhe_and_sha384 2015-06-24 23:06:00.449872622 +0200
+++ ./lib/ssl/sslimpl.h 2015-06-24 23:06:00.457872472 +0200
@@ -62,6 +62,7 @@ typedef SSLSignType SSL3SignType;
#define hmac_md5 ssl_hmac_md5
#define hmac_sha ssl_hmac_sha
#define hmac_sha256 ssl_hmac_sha256
+#define hmac_sha384 ssl_hmac_sha384
#define mac_aead ssl_mac_aead
#define SET_ERROR_CODE /* reminder */
@@ -179,6 +180,7 @@ typedef struct ssl3CertNodeStr
typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
typedef struct ssl3MACDefStr ssl3MACDef;
typedef struct ssl3KeyPairStr ssl3KeyPair;
+typedef struct ssl3DHParamsStr ssl3DHParams;
struct ssl3CertNodeStr {
struct ssl3CertNodeStr *next;
@@ -298,9 +300,9 @@ typedef struct {
} ssl3CipherSuiteCfg;
#ifndef NSS_DISABLE_ECC
-#define ssl_V3_SUITES_IMPLEMENTED 61
+#define ssl_V3_SUITES_IMPLEMENTED 71
#else
-#define ssl_V3_SUITES_IMPLEMENTED 37
+#define ssl_V3_SUITES_IMPLEMENTED 43
#endif /* NSS_DISABLE_ECC */
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
@@ -337,6 +339,7 @@ typedef struct sslOptionsStr {
unsigned int enableALPN : 1; /* 27 */
unsigned int reuseServerECDHEKey : 1; /* 28 */
unsigned int enableFallbackSCSV : 1; /* 29 */
+ unsigned int enableServerDhe : 1; /* 30 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@@ -476,10 +479,18 @@ typedef enum {
cipher_camellia_256,
cipher_seed,
cipher_aes_128_gcm,
+ cipher_aes_256_gcm,
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;
+/* The TLS PRF definition */
+typedef enum {
+ prf_null = 0, /* use default prf */
+ prf_256 = CKM_SHA256,
+ prf_384 = CKM_SHA384
+} SSL3PRF;
+
typedef enum { type_stream, type_block, type_aead } CipherType;
#define MAX_IV_LENGTH 24
@@ -725,6 +736,7 @@ typedef struct ssl3CipherSuiteDefStr {
SSL3BulkCipher bulk_cipher_alg;
SSL3MACAlgorithm mac_alg;
SSL3KeyExchangeAlgorithm key_exchange_alg;
+ SSL3PRF prf_alg;
} ssl3CipherSuiteDef;
/*
@@ -997,6 +1009,9 @@ struct ssl3StateStr {
PRUint16 dtlsSRTPCipherCount;
PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
PRBool fatalAlertSent;
+ PRUint16 numDHEGroups; /* used by server */
+ SSLDHEGroupType * dheGroups; /* used by server */
+ PRBool dheWeakGroupEnabled; /* used by server */
};
#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the
@@ -1016,6 +1031,11 @@ struct ssl3KeyPairStr {
PRInt32 refCount; /* use PR_Atomic calls for this. */
};
+struct ssl3DHParamsStr {
+ SECItem prime; /* p */
+ SECItem base; /* g */
+};
+
typedef struct SSLWrappedSymWrappingKeyStr {
SSL3Opaque wrappedSymmetricWrappingkey[512];
CK_MECHANISM_TYPE symWrapMechanism;
@@ -1224,6 +1244,9 @@ const unsigned char * preferredCipher;
ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */
+ const ssl3DHParams *dheParams; /* DHE param */
+ ssl3KeyPair * dheKeyPair; /* DHE keys */
+
/* Callbacks */
SSLAuthCertificate authCertificate;
void *authCertificateArg;
@@ -1616,6 +1639,8 @@ int ssl3_GatherCompleteHandshake(sslSock
*/
extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss);
+extern SECStatus ssl3_SelectDHParams(sslSocket *ss);
+
#ifndef NSS_DISABLE_ECC
extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
extern PRBool ssl3_IsECCEnabled(sslSocket *ss);
diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c
--- ./lib/ssl/sslinfo.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/sslinfo.c 2015-06-24 23:06:00.457872472 +0200
@@ -122,6 +122,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh
#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
+#define M_SHA384 "SHA384", ssl_hmac_sha384, 384
#define M_SHA "SHA1", ssl_mac_sha, 160
#define M_MD5 "MD5", ssl_mac_md5, 128
#define M_NULL "NULL", ssl_mac_null, 0
@@ -135,6 +136,7 @@ static const SSLCipherSuiteInfo suiteInf
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
@@ -145,7 +147,9 @@ static const SSLCipherSuiteInfo suiteInf
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
@@ -201,8 +205,21 @@ static const SSLCipherSuiteInfo suiteInf
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },
+
+{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
+{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
+{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0, },
+{0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0, },
+
#endif /* NSS_DISABLE_ECC */
+{0,CS(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_SHA384, 1, 0, 0, },
+
/* SSL 2 table */
{0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, },
diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h
--- ./lib/ssl/sslproto.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/sslproto.h 2015-06-24 23:06:00.457872472 +0200
@@ -177,6 +177,7 @@
#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C
#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
@@ -191,6 +192,7 @@
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
@@ -203,8 +205,11 @@
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
+#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009F
#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
+#define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00A3
/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
* Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending
@@ -251,11 +256,15 @@
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
/* Netscape "experimental" cipher suites. */
diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c
--- ./lib/ssl/sslsecur.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/sslsecur.c 2015-06-24 23:06:00.457872472 +0200
@@ -693,6 +693,7 @@ NSS_FindCertKEAType(CERTCertificate * ce
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
+ case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;
@@ -789,6 +790,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE
goto loser;
}
}
+ if (kea == ssl_kea_dh || kea == ssl_kea_rsa) {
+ if (ssl3_SelectDHParams(ss) != SECSuccess) {
+ goto loser;
+ }
+ }
return SECSuccess;
loser:
diff -up ./lib/ssl/sslsock.c.dhe_and_sha384 ./lib/ssl/sslsock.c
--- ./lib/ssl/sslsock.c.dhe_and_sha384 2015-06-24 23:06:00.446872679 +0200
+++ ./lib/ssl/sslsock.c 2015-06-24 23:06:00.458872453 +0200
@@ -18,6 +18,7 @@
#include "blapi.h"
#endif
#include "nss.h"
+#include "pk11pqg.h"
#define SET_ERROR_CODE /* reminder */
@@ -82,7 +83,8 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* enableNPN */
PR_FALSE, /* enableALPN */
PR_TRUE, /* reuseServerECDHEKey */
- PR_FALSE /* enableFallbackSCSV */
+ PR_FALSE, /* enableFallbackSCSV */
+ PR_FALSE, /* enableServerDhe */
};
/*
@@ -225,6 +227,20 @@ ssl_DupSocket(sslSocket *os)
sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+ ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
+ ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups;
+ if (os->ssl3.dheGroups) {
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType,
+ os->ssl3.numDHEGroups);
+ if (!ss->ssl3.dheGroups) {
+ goto loser;
+ }
+ PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups,
+ sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups);
+ } else {
+ ss->ssl3.dheGroups = NULL;
+ }
+
if (os->cipherSpecs) {
ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs);
if (ss->cipherSpecs)
@@ -267,6 +283,10 @@ ssl_DupSocket(sslSocket *os)
ssl3_GetKeyPairRef(os->stepDownKeyPair);
ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+ ss->dheKeyPair = !os->dheKeyPair ? NULL :
+ ssl3_GetKeyPairRef(os->dheKeyPair);
+ ss->dheParams = os->dheParams;
+
/*
* XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
* XXX We should detect this, and not just march on with NULL pointers.
@@ -384,6 +404,10 @@ ssl_DestroySocketContents(sslSocket *ss)
ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
ss->ephemeralECDHKeyPair = NULL;
}
+ if (ss->dheKeyPair) {
+ ssl3_FreeKeyPair(ss->dheKeyPair);
+ ss->dheKeyPair = NULL;
+ }
SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
PORT_Assert(!ss->xtnData.sniNameArr);
if (ss->xtnData.sniNameArr) {
@@ -815,6 +839,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.enableFallbackSCSV = on;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ ss->opt.enableServerDhe = on;
+ break;
+
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@@ -890,6 +918,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
case SSL_REUSE_SERVER_ECDHE_KEY:
on = ss->opt.reuseServerECDHEKey; break;
case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break;
+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -959,6 +988,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
case SSL_ENABLE_FALLBACK_SCSV:
on = ssl_defaults.enableFallbackSCSV;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ on = ssl_defaults.enableServerDhe;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1142,6 +1174,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
ssl_defaults.enableFallbackSCSV = on;
break;
+ case SSL_ENABLE_SERVER_DHE:
+ ssl_defaults.enableServerDhe = on;
+ break;
+
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -1365,7 +1401,204 @@ NSS_SetFrancePolicy(void)
return NSS_SetDomesticPolicy();
}
+SECStatus
+SSL_DHEGroupPrefSet(PRFileDesc *fd,
+ SSLDHEGroupType *groups,
+ PRUint16 num_groups)
+{
+ sslSocket *ss;
+
+ if ((num_groups && !groups) || (!num_groups && groups)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ if (ss->ssl3.dheGroups) {
+ PORT_Free(ss->ssl3.dheGroups);
+ ss->ssl3.dheGroups = NULL;
+ ss->ssl3.numDHEGroups = 0;
+ }
+
+ if (groups) {
+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups);
+ if (!ss->ssl3.dheGroups) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
+ }
+ PORT_Memcpy(ss->ssl3.dheGroups, groups,
+ sizeof(SSLDHEGroupType) * num_groups);
+ }
+ return SECSuccess;
+}
+
+
+PRCallOnceType gWeakDHParamsRegisterOnce;
+int gWeakDHParamsRegisterError;
+
+PRCallOnceType gWeakDHParamsOnce;
+int gWeakDHParamsError;
+/* As our code allocates type PQGParams, we'll keep it around,
+ * even though we only make use of it's parameters through gWeakDHParam. */
+static PQGParams *gWeakParamsPQG;
+static ssl3DHParams *gWeakDHParams;
+
+static PRStatus
+ssl3_CreateWeakDHParams()
+{
+ PQGVerify *vfy;
+ SECStatus rv, passed;
+
+ PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
+
+ rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/,
+ &gWeakParamsPQG, &vfy);
+ if (rv != SECSuccess) {
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
+ if (rv != SECSuccess || passed != SECSuccess) {
+ SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
+ SSL_GETPID()));
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
+ if (!gWeakDHParams) {
+ gWeakDHParamsError = PORT_GetError();
+ return PR_FAILURE;
+ }
+
+ gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
+ gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
+ gWeakDHParams->base.data = gWeakParamsPQG->base.data;
+ gWeakDHParams->base.len = gWeakParamsPQG->base.len;
+
+ PK11_PQG_DestroyVerify(vfy);
+ return PR_SUCCESS;
+}
+
+static SECStatus
+ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
+{
+ if (gWeakParamsPQG) {
+ PK11_PQG_DestroyParams(gWeakParamsPQG);
+ gWeakParamsPQG = NULL;
+ gWeakDHParams = NULL;
+ }
+ return SECSuccess;
+}
+
+static PRStatus
+ssl3_WeakDHParamsRegisterShutdown(void)
+{
+ SECStatus rv;
+ rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
+ if (rv != SECSuccess) {
+ gWeakDHParamsRegisterError = PORT_GetError();
+ }
+ return (PRStatus)rv;
+}
+
+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
+SECStatus
+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
+{
+ sslSocket *ss;
+ PRStatus status;
+
+ if (enabled) {
+ status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
+ ssl3_WeakDHParamsRegisterShutdown);
+ if (status != PR_SUCCESS) {
+ PORT_SetError(gWeakDHParamsRegisterError);
+ return SECFailure;
+ }
+
+ status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
+ if (status != PR_SUCCESS) {
+ PORT_SetError(gWeakDHParamsError);
+ return SECFailure;
+ }
+ }
+
+ if (!fd)
+ return SECSuccess;
+
+ ss = ssl_FindSocket(fd);
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ ss->ssl3.dheWeakGroupEnabled = enabled;
+ return SECSuccess;
+}
+
+#include "dhe-param.c"
+
+static const SSLDHEGroupType ssl_default_dhe_groups[] = {
+ ssl_ff_dhe_2048_group
+};
+
+/* Keep this array synchronized with the index definitions in SSLDHEGroupType */
+static const ssl3DHParams *all_ssl3DHParams[] = {
+ NULL, /* ssl_dhe_group_none */
+ &ff_dhe_2048,
+ &ff_dhe_3072,
+ &ff_dhe_4096,
+ &ff_dhe_6144,
+ &ff_dhe_8192,
+};
+
+static SSLDHEGroupType
+selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups)
+{
+ if (!groups || !num_groups)
+ return ssl_dhe_group_none;
+
+ /* We don't have automatic group parameter selection yet
+ * (potentially) based on socket parameters, e.g. key sizes.
+ * For now, we return the first available group from the allowed list. */
+ return groups[0];
+}
+
+/* Ensure DH parameters have been selected */
+SECStatus
+ssl3_SelectDHParams(sslSocket *ss)
+{
+ SSLDHEGroupType selectedGroup = ssl_dhe_group_none;
+
+ if (ss->ssl3.dheWeakGroupEnabled) {
+ ss->dheParams = gWeakDHParams;
+ } else {
+ if (ss->ssl3.dheGroups) {
+ selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups,
+ ss->ssl3.numDHEGroups);
+ } else {
+ size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups);
+ selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups,
+ number_of_default_groups);
+ }
+
+ if (selectedGroup == ssl_dhe_group_none ||
+ selectedGroup >= ssl_dhe_group_max) {
+ return SECFailure;
+ }
+
+ ss->dheParams = all_ssl3DHParams[selectedGroup];
+ }
+ return SECSuccess;
+}
/* LOCKS ??? XXX */
static PRFileDesc *
@@ -2992,6 +3225,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
ss->certStatusArray[i] = NULL;
}
ss->stepDownKeyPair = NULL;
+
+ ss->dheParams = NULL;
+ ss->dheKeyPair = NULL;
+
ss->dbHandle = CERT_GetDefaultCertDB();
/* Provide default implementation of hooks */
diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h
--- ./lib/ssl/sslt.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./lib/ssl/sslt.h 2015-06-24 23:06:00.458872453 +0200
@@ -91,7 +91,8 @@ typedef enum {
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
ssl_hmac_sha256 = 5,
- ssl_mac_aead = 6
+ ssl_mac_aead = 6,
+ ssl_hmac_sha384 = 7
} SSLMACAlgorithm;
typedef enum {
@@ -197,4 +198,14 @@ typedef enum {
#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
+typedef enum {
+ ssl_dhe_group_none = 0,
+ ssl_ff_dhe_2048_group = 1,
+ ssl_ff_dhe_3072_group = 2,
+ ssl_ff_dhe_4096_group = 3,
+ ssl_ff_dhe_6144_group = 4,
+ ssl_ff_dhe_8192_group = 5,
+ ssl_dhe_group_max
+} SSLDHEGroupType;
+
#endif /* __sslt_h_ */
diff -up ./tests/cert/cert.sh.dhe_and_sha384 ./tests/cert/cert.sh
--- ./tests/cert/cert.sh.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./tests/cert/cert.sh 2015-06-24 23:06:00.458872453 +0200
@@ -292,6 +292,14 @@ cert_create_cert()
return $RET
fi
+ CU_ACTION="Import DSA Root CA for $CERTNAME"
+ certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \
+ -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Import EC Root CA for $CERTNAME"
certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
@@ -338,6 +346,60 @@ cert_add_cert()
cert_log "SUCCESS: $CERTNAME's Cert Created"
#
+# Generate and add DSA cert
+#
+ CU_ACTION="Generate DSA Cert Request for $CERTNAME"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+
+ CU_ACTION="Sign ${CERTNAME}'s DSA Request"
+ certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+
+ CU_ACTION="Import $CERTNAME's DSA Cert"
+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+ cert_log "SUCCESS: $CERTNAME's DSA Cert Created"
+
+# Generate DSA certificate signed with RSA
+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+
+ CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA"
+# Avoid conflicting serial numbers with TestCA issuer by keeping
+# this set far away. A smaller number risks colliding with the
+# extended ssl user certificates.
+ NEWSERIAL=`expr ${CERTSERIAL} + 20000`
+ certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \
+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+
+ CU_ACTION="Import $CERTNAME's mixed DSA Cert"
+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+ if [ "$RET" -ne 0 ]; then
+ return $RET
+ fi
+ cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created"
+
+#
# Generate and add EC cert
#
if [ -z "$NSS_DISABLE_ECC" ] ; then
@@ -430,6 +492,34 @@ cert_all_CA()
# root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last
# in the chain
+
+#
+# Create DSA version of TestCA
+ ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1"
+#
+# Create DSA versions of the intermediate CA certs
+ ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
+ ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3"
+ ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4"
+
+ ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
+ ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6"
+ ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+ cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7"
+
+ rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert
+# dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last
+# in the chain
+
+
+
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Create EC version of TestCA
@@ -540,6 +630,76 @@ CERTSCRIPT
cp root.cert ${NICKNAME}.ca.cert
}
+
+
+
+
+################################ cert_dsa_CA #############################
+# local shell function to build the Temp. Certificate Authority (CA)
+# used for testing purposes, creating a CA Certificate and a root cert
+# This is the ECC version of cert_CA.
+##########################################################################
+cert_dsa_CA()
+{
+ CUR_CADIR=$1
+ NICKNAME=$2
+ SIGNER=$3
+ TRUSTARG=$4
+ DOMAIN=$5
+ CERTSERIAL=$6
+
+ echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
+
+ if [ ! -d "${CUR_CADIR}" ]; then
+ mkdir -p "${CUR_CADIR}"
+ fi
+ cd ${CUR_CADIR}
+ pwd
+
+ LPROFILE=.
+ if [ -n "${MULTIACCESS_DBM}" ]; then
+ LPROFILE="multiaccess:${DOMAIN}"
+ fi
+
+ ################# Creating an DSA CA Cert ###############################
+ #
+ CU_ACTION="Creating DSA CA Cert $NICKNAME "
+ CU_SUBJECT=$ALL_CU_SUBJECT
+ certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \
+ -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
+ -m $CERTSERIAL 2>&1 <<CERTSCRIPT
+5
+6
+9
+n
+y
+-1
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+ if [ "$RET" -ne 0 ]; then
+ echo "return value is $RET"
+ Exit 6 "Fatal - failed to create DSA CA cert"
+ fi
+
+ ################# Exporting DSA Root Cert ###############################
+ #
+ CU_ACTION="Exporting DSA Root Cert"
+ certu -L -n $NICKNAME -r -d ${LPROFILE} -o dsaroot.cert
+ if [ "$RET" -ne 0 ]; then
+ Exit 7 "Fatal - failed to export dsa root cert"
+ fi
+ cp dsaroot.cert ${NICKNAME}.ca.cert
+}
+
+
+
+
################################ cert_ec_CA ##############################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
@@ -742,6 +902,50 @@ cert_extended_ssl()
certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
+#
+# Repeat the above for DSA certs
+#
+ CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+
+ CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
+ cp ${CERTDIR}/req ${SERVER_CADIR}
+ certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
+
+ CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)"
+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+
+ CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)"
+ certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+ -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1
+#
+# done with DSA certs
+#
+# Repeat again for mixed DSA certs
+#
+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+
+ CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
+ cp ${CERTDIR}/req ${SERVER_CADIR}
+ certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \
+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
+
+ CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)"
+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+
+# CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)"
+# certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \
+# -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \
+# 2>&1
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Repeat the above for EC certs
@@ -794,7 +998,7 @@ cert_extended_ssl()
for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
do
N=`basename $CA | sed -e "s/.ca.cert//"`
- if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then
+ if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then
T="-t C,C,C"
else
T="-t u,u,u"
@@ -830,6 +1034,53 @@ cert_extended_ssl()
certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
-i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
+#
+# Repeat the above for DSA certs
+#
+ CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+
+ CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
+ cp ${CERTDIR}/req ${CLIENT_CADIR}
+ certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
+
+ CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)"
+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+
+ CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
+ certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
+ -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
+#
+# done with DSA certs
+#
+#
+# Repeat the above for mixed DSA certs
+#
+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+ -z "${R_NOISE_FILE}" -o req 2>&1
+
+ CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
+ cp ${CERTDIR}/req ${CLIENT_CADIR}
+ certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \
+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
+
+ CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)"
+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+
+# CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
+# certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
+# -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
+#
+# done with mixed DSA certs
+#
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
#
# Repeat the above for EC certs
@@ -883,7 +1134,7 @@ cert_extended_ssl()
for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
do
N=`basename $CA | sed -e "s/.ca.cert//"`
- if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then
+ if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then
T="-t T,C,C"
else
T="-t u,u,u"
@@ -920,6 +1171,10 @@ cert_ssl()
cert_add_cert
CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+
+ CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC"
+ certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
@@ -1467,6 +1722,24 @@ EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_1}_or
+
+ CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority"
+
+# Until Bug 292285 is resolved, do not encode x400 Addresses. After
+# the bug is resolved, reintroduce "x400Address:x400Address" within
+# addext issuerAltNames ...
+ crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \
+ -o ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
+addext reasonCode 0 4
+addext issuerAltNames 0 "rfc822Name:ca-dsaemail@ca.com|dnsName:ca-dsa.com|directoryName:CN=NSS Test CA (DSA),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-dsa.com|ipAddress:192.168.0.1|registerID=reg CA (DSA)"
+EOF_CRLINI
+ CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+ chmod 600 ${CRL_FILE_GRP_1}_or-dsa
+
+
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
@@ -1500,6 +1773,19 @@ EOF_CRLINI
CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
chmod 600 ${CRL_FILE_GRP_1}_or1
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
+
+
+ CU_ACTION="Modify CRL (DSA) by adding one more cert"
+ crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1-dsa \
+ -i ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_END} $CRL_GRP_DATE
+EOF_CRLINI
+ CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+ chmod 600 ${CRL_FILE_GRP_1}_or1-dsa
+ TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-dsa"
+
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify CRL (ECC) by adding one more cert"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
@@ -1524,6 +1810,21 @@ rmcert ${UNREVOKED_CERT_GRP_1}
EOF_CRLINI
chmod 600 ${CRL_FILE_GRP_1}
TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
+
+
+ CU_ACTION="Modify CRL (DSA) by removing one cert"
+ sleep 2
+ CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+ crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
+ -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
+update=$CRLUPDATE
+rmcert ${UNREVOKED_CERT_GRP_1}
+EOF_CRLINI
+ chmod 600 ${CRL_FILE_GRP_1}
+ TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-dsa"
+
+
+
if [ -z "$NSS_DISABLE_ECC" ] ; then
CU_ACTION="Modify CRL (ECC) by removing one cert"
crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
diff -up ./tests/ssl/sslcov.txt.dhe_and_sha384 ./tests/ssl/sslcov.txt
--- ./tests/ssl/sslcov.txt.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./tests/ssl/sslcov.txt 2015-06-24 23:06:00.459872435 +0200
@@ -35,6 +35,9 @@
noECC SSL3 v SSL3_RSA_WITH_AES_128_CBC_SHA
noECC SSL3 y SSL3_RSA_WITH_AES_256_CBC_SHA
noECC SSL3 z SSL3_RSA_WITH_NULL_SHA
+ noECC TLS12 :009F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ noECC TLS12 :00A3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
+ noECC TLS12 :009D TLS_RSA_WITH_AES_256_GCM_SHA384
# noECC SSL3 :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# noECC SSL3 :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#
@@ -86,10 +89,21 @@
noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA
noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA
noECC TLS12 z TLS12_RSA_WITH_NULL_SHA
+ noECC TLS12 :0016 TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ noECC TLS12 :0032 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA
+ noECC TLS12 :0033 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA
+ noECC TLS12 :0038 TLS12_DHE_DSS_WITH_AES_256_CBC_SHA
+ noECC TLS12 :0039 TLS12_DHE_RSA_WITH_AES_256_CBC_SHA
noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256
noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256
noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256
+ noECC TLS12 :0040 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256
+ noECC TLS12 :0067 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256
+ noECC TLS12 :006A TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256
+ noECC TLS12 :006B TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256
noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256
+ noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256
+ noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256
#
# ECC ciphers (TLS)
#
@@ -156,6 +170,10 @@
ECC TLS12 :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECC TLS12 :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECC TLS12 :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ ECC TLS12 :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ ECC TLS12 :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECC TLS12 :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ ECC TLS12 :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384
ECC TLS12 :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ ECC TLS12 :0030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384
diff -up ./tests/ssl/ssl.sh.dhe_and_sha384 ./tests/ssl/ssl.sh
--- ./tests/ssl/ssl.sh.dhe_and_sha384 2015-06-24 23:06:00.442872754 +0200
+++ ./tests/ssl/ssl.sh 2015-06-24 23:06:00.459872435 +0200
@@ -92,8 +92,8 @@ ssl_init()
ECC_STRING=""
fi
- CSHORT="-c ABCDEF:003B:003C:003D:0041:0084:009Ccdefgijklmnvyz"
- CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:003B:003C:003D:0041:0084:009Ccdefgijklmnvyz"
+ CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
+ CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz"
if [ "${OS_ARCH}" != "WINNT" ]; then
ulimit -n 1000 # make sure we have enough file descriptors
@@ -225,15 +225,16 @@ start_selfserv()
fi
echo "selfserv starting at `date`"
echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
- echo " ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &"
+ echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
+ echo " $verbose -H 1 &"
if [ ${fileout} -eq 1 ]; then
${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
- ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose \
+ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \
> ${SERVEROUTFILE} 2>&1 &
RET=$?
else
${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
- ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose &
+ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 &
RET=$?
fi
diff -up ./tests/ssl/sslstress.txt.dhe_and_sha384 ./tests/ssl/sslstress.txt
--- ./tests/ssl/sslstress.txt.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200
+++ ./tests/ssl/sslstress.txt 2015-06-24 23:06:00.459872435 +0200
@@ -44,6 +44,7 @@
ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256
ECC 0 -c_:C02F -V_ssl3:_-c_1000_-C_:C02F Stress TLS ECDHE-RSA AES 128 GCM
ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket)
+ ECC 0 -c_:C009_-u -V_ssl3:_-c_100_-C_:C009_-u Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (session ticket)
#
# add client auth versions here...
#
@@ -53,3 +54,33 @@
ECC 0 -r_-r_-c_:C00E -V_ssl3:_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
ECC 0 -r_-r_-c_:C013 -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)
ECC 0 -r_-r_-c_:C013_-u -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth)
+
+#
+# ############################ DHE ciphers ############################
+#
+ noECC 0 -c_:0016 -V_ssl3:_-c_100_-C_:0016_-N Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse)
+ noECC 0 -c_:0033 -V_ssl3:_-c_1000_-C_:0033 Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA
+
+
+ noECC 0 -c_:0039 -V_ssl3:_-c_100_-C_:0039_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse)
+ noECC 0 -c_:0040 -V_ssl3:_-c_100_-C_:0040_-N Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse)
+
+# noECC 0 -c_:0038_-u -V_ssl3:_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket)
+# use the above session ticket test, once session tickets with DHE_DSS are working
+ noECC 0 -c_:0038 -V_ssl3:_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse)
+
+# noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256
+# use the above reuse test, once the session cache with DHE_DSS is working
+ noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse
+
+ noECC 0 -c_:006B -V_ssl3:_-c_100_-C_:006B_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse)
+ noECC 0 -c_:009E -V_ssl3:_-c_100_-C_:009E_-N Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse)
+#
+# add client auth versions here...
+#
+ noECC 0 -r_-r_-c_:0032 -V_ssl3:_-c_100_-C_:0032_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth)
+ noECC 0 -r_-r_-c_:0067 -V_ssl3:_-c_1000_-C_:0067_-n_TestUser-dsamixed Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth)
+
+# noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth)
+# use the above session ticket test, once session tickets with DHE_DSS are working
+ noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth)