diff --git a/.gitignore b/.gitignore index 55cb85a..fadcdf8 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,7 @@ SOURCES/cert8.db.xml SOURCES/cert9.db.xml SOURCES/key3.db.xml SOURCES/key4.db.xml -SOURCES/nss-3.19.1.tar.gz +SOURCES/nss-3.21.0.tar.gz SOURCES/nss-config.xml SOURCES/nss-pem-20140125.tar.bz2 SOURCES/secmod.db.xml diff --git a/.nss.metadata b/.nss.metadata index 07697ae..473c632 100644 --- a/.nss.metadata +++ b/.nss.metadata @@ -9,7 +9,7 @@ bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db 7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml 24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml -9e20dee2137265e61ce8a70daaf44fe0315fdb81 SOURCES/nss-3.19.1.tar.gz +d42285342e5c27c9f884b3d569c865c09c1d6538 SOURCES/nss-3.21.0.tar.gz 2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml 66f2060c35f4e97bdfa163e8bd7cb2ef5e8125d8 SOURCES/nss-pem-20140125.tar.bz2 ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch index 07a7eb1..fd29f44 100644 --- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch +++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch @@ -1,31 +1,31 @@ diff --git a/lib/ssl/config.mk b/lib/ssl/config.mk --- a/lib/ssl/config.mk +++ b/lib/ssl/config.mk -@@ -2,16 +2,20 @@ - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - - ifdef NISCC_TEST +@@ -7,16 +7,20 @@ ifdef NISCC_TEST DEFINES += -DNISCC_TEST endif -+ifdef NSS_NO_SSL2 -+DEFINES += -DNSS_NO_SSL2 -+endif -+ # Allow build-time configuration of TLS 1.3 (Experimental) ifdef NSS_ENABLE_TLS_1_3 DEFINES += -DNSS_ENABLE_TLS_1_3 endif ++ifdef NSS_NO_SSL2 ++DEFINES += -DNSS_NO_SSL2 ++endif ++ ifdef NSS_NO_PKCS11_BYPASS DEFINES += -DNO_PKCS11_BYPASS else + CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) + + EXTRA_LIBS += \ + $(CRYPTOLIB) \ + $(NULL) diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c -@@ -650,16 +650,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh +@@ -678,16 +678,22 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh if (ss->cipherSpecs) { PORT_Free(ss->cipherSpecs); ss->cipherSpecs = NULL; @@ -48,7 +48,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c break; } ss->opt.enableSSL2 = on; -@@ -667,52 +673,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh +@@ -695,52 +701,67 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh ss->opt.v2CompatibleHello = on; } ss->preferredCipher = NULL; @@ -116,7 +116,7 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c rv = SECFailure; } else { if (PR_FALSE != on) { -@@ -1127,16 +1148,23 @@ SSL_OptionSetDefault(PRInt32 which, PRBo +@@ -1180,16 +1201,32 @@ SSL_OptionSetDefault(PRInt32 which, PRBo } return SECSuccess; } @@ -129,8 +129,17 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c + /* both ssl2 and export cipher suites disabled */ + if (SSL_IS_SSL2_CIPHER(suite)) + return PR_TRUE; -+ if (SSL_IsExportCipherSuite(suite)) -+ return PR_TRUE; ++ if (SSL_IsExportCipherSuite(suite)) { ++ SSLCipherSuiteInfo csdef; ++ if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess) { ++ /* failure to retrieve info, disable */ ++ return PR_TRUE; ++ } ++ if (csdef.symCipher != ssl_calg_null) { ++ /* disable all except NULL ciphersuites */ ++ return PR_TRUE; ++ } ++ } +#endif /* NSS_NO_SSL2_NO_EXPORT */ switch (suite) { case SSL_FORTEZZA_DMS_WITH_NULL_SHA: diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch index 6690a46..4479ab1 100644 --- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch +++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch @@ -1,18 +1,11 @@ -diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh ---- a/tests/ssl/ssl.sh -+++ b/tests/ssl/ssl.sh -@@ -57,19 +57,23 @@ ssl_init() - fi - - PORT=${PORT-8443} - NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal} - nss_ssl_run="stapling cov auth stress" +diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.disableSSL2tests 2015-11-08 21:12:59.000000000 -0800 ++++ ./tests/ssl/ssl.sh 2016-02-19 21:36:48.900345950 -0800 +@@ -62,9 +62,14 @@ ssl_init() NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} # Test case files - SSLCOV=${QADIR}/ssl/sslcov.txt -- SSLAUTH=${QADIR}/ssl/sslauth.txt -- SSLSTRESS=${QADIR}/ssl/sslstress.txt + if [ "${NSS_NO_SSL2}" = "1" ]; then + SSLCOV=${QADIR}/ssl/sslcov.noSSL2orExport.txt + SSLSTRESS=${QADIR}/ssl/sslstress.noSSL2orExport.txt @@ -20,24 +13,16 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh + SSLCOV=${QADIR}/ssl/sslcov.txt + SSLSTRESS=${QADIR}/ssl/sslstress.txt + fi + SSLAUTH=${QADIR}/ssl/sslauth.txt +- SSLSTRESS=${QADIR}/ssl/sslstress.txt REQUEST_FILE=${QADIR}/ssl/sslreq.dat #temparary files - SERVEROUTFILE=${TMP}/tests_server.$$ - SERVERPID=${TMP}/tests_pid.$$ - - R_SERVERPID=../tests_pid.$$ - -@@ -115,17 +119,21 @@ is_selfserv_alive() - if [ "${OS_ARCH}" = "WINNT" ] && \ - [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then - PID=${SHELL_SERVERPID} - else - PID=`cat ${SERVERPID}` +@@ -120,7 +125,11 @@ is_selfserv_alive() fi echo "kill -0 ${PID} >/dev/null 2>/dev/null" -+ if [[ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]]; then ++ if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then + echo "No server to kill" + else kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" @@ -45,21 +30,11 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh echo "selfserv with PID ${PID} found at `date`" } - - ########################### wait_for_selfserv ########################## - # local shell function to wait until selfserver is running and initialized - ######################################################################## - wait_for_selfserv() -@@ -138,17 +146,21 @@ wait_for_selfserv() - if [ $? -ne 0 ]; then - sleep 5 - echo "retrying to connect to selfserv at `date`" - echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\" - echo " -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE}" +@@ -143,7 +152,11 @@ wait_for_selfserv() ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE} if [ $? -ne 0 ]; then -+ if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then ++ if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then + html_passed "Server never started" + else html_failed "Waiting for Server" @@ -67,28 +42,45 @@ diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh fi fi is_selfserv_alive - } +@@ -214,15 +227,16 @@ start_selfserv() + echo "selfserv starting at `date`" + echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\" + echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\" +- echo " $verbose -H 1 &" ++ echo " $verbose -H 1 -V ssl3: &" + if [ ${fileout} -eq 1 ]; then + ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ + ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \ +- > ${SERVEROUTFILE} 2>&1 & ++ -V ssl3:> ${SERVEROUTFILE} 2>&1 & + RET=$? + else + ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ +- ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 & ++ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \ ++ -V ssl3: & + RET=$? + fi + +@@ -269,7 +283,7 @@ ssl_cov() + start_selfserv # Launch the server - ########################### kill_selfserv ############################## - # local shell function to kill the selfserver after the tests are done - ######################################################################## -@@ -273,16 +285,19 @@ ssl_cov() + VMIN="ssl2" +- VMAX="tls1.1" ++ VMAX="tls1.2" + exec < ${SSLCOV} while read ectype testmax param testname - do - echo "${testname}" | grep "EXPORT" > /dev/null - EXP=$? +@@ -279,6 +293,12 @@ ssl_cov() echo "${testname}" | grep "SSL2" > /dev/null SSL2=$? + # skip export and ssl2 tests when build has disabled SSL2 -+ [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ] && continue ++ if [ "${NSS_NO_SSL2}" = "1" ] && [[ ${EXP} -eq 0 || ${SSL2} -eq 0 ]]; then ++ echo "exp/ssl2 test skipped: (NSS_NO_SSL2,EXP,SSL2)=(${NSS_NO_SSL2},${EXP},${SSL2})" ++ continue ++ fi + if [ "${SSL2}" -eq 0 ] ; then # We cannot use asynchronous cert verification with SSL2 SSL2_FLAGS=-O - VMIN="ssl2" - else - # Do not enable SSL2 for non-SSL2-specific tests. SSL2 is disabled by - # default in libssl but it is enabled by default in tstclnt; we want - # to test the libssl default whenever possible. diff --git a/SOURCES/additional-cipher-suites-enabled-by-default.patch b/SOURCES/additional-cipher-suites-enabled-by-default.patch deleted file mode 100644 index 0e28419..0000000 --- a/SOURCES/additional-cipher-suites-enabled-by-default.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff -up ./nss/lib/ssl/ssl3con.c.1245627 ./nss/lib/ssl/ssl3con.c ---- ./nss/lib/ssl/ssl3con.c.1245627 2015-08-10 15:42:24.831988193 -0700 -+++ ./nss/lib/ssl/ssl3con.c 2015-08-10 17:03:05.674965691 -0700 -@@ -90,21 +90,24 @@ static ssl3CipherSuiteCfg cipherSuites[s - /* cipher_suite policy enabled isPresent */ - - #ifndef NSS_DISABLE_ECC -- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ /* Switched order of two previous to meet Suite B requirements -+ * but implemented by default yet. -+ */ -+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around - * bug 946147. - */ -- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -@@ -119,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -143,7 +146,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - #endif /* NSS_DISABLE_ECC */ - - /* RSA */ -- { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -diff -up ./nss/lib/ssl/sslenum.c.1245627 ./nss/lib/ssl/sslenum.c ---- ./nss/lib/ssl/sslenum.c.1245627 2015-08-10 15:42:24.809988026 -0700 -+++ ./nss/lib/ssl/sslenum.c 2015-08-10 15:42:24.846988306 -0700 -@@ -48,8 +48,8 @@ - */ - const PRUint16 SSL_ImplementedCiphers[] = { - #ifndef NSS_DISABLE_ECC -- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, diff --git a/SOURCES/client_auth_for_sha384_prf_support.patch b/SOURCES/client_auth_for_sha384_prf_support.patch new file mode 100644 index 0000000..de0d1aa --- /dev/null +++ b/SOURCES/client_auth_for_sha384_prf_support.patch @@ -0,0 +1,159 @@ +diff -up ./lib/ssl/ssl3con.c.client_auth_prf ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.client_auth_prf 2016-02-14 09:14:32.821182333 -0800 ++++ ./lib/ssl/ssl3con.c 2016-02-14 09:52:47.506071502 -0800 +@@ -270,6 +270,27 @@ static const /*SSL3ClientCertificateType + ct_DSS_sign, + }; + ++/* This block is the contents of the supported_signature_algorithms field of ++ * our TLS 1.2 CertificateRequest message, in wire format. See ++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 ++ * ++ * We only support TLS 1.2 ++ * CertificateVerify messages that use the handshake PRF hash. */ ++static const PRUint8 supported_signature_algorithms_sha256[] = { ++ tls_hash_sha256, tls_sig_rsa, ++#ifndef NSS_DISABLE_ECC ++ tls_hash_sha256, tls_sig_ecdsa, ++#endif ++ tls_hash_sha256, tls_sig_dsa, ++}; ++static const PRUint8 supported_signature_algorithms_sha384[] = { ++ tls_hash_sha384, tls_sig_rsa, ++#ifndef NSS_DISABLE_ECC ++ tls_hash_sha384, tls_sig_ecdsa, ++#endif ++ tls_hash_sha384, tls_sig_dsa, ++}; ++ + #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ + + +@@ -4904,6 +4925,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * + unsigned int stateLen; + unsigned char stackBuf[1024]; + unsigned char *stateBuf = NULL; ++ SECOidData *hashOid; + + h = ss->ssl3.hs.sha; + stateBuf = PK11_SaveContextAlloc(h, stackBuf, +@@ -4919,9 +4941,25 @@ ssl3_ComputeHandshakeHashes(sslSocket * + rv = SECFailure; + goto tls12_loser; + } +- /* If we ever support ciphersuites where the PRF hash isn't SHA-256 +- * then this will need to be updated. */ +- hashes->hashAlg = ssl_hash_sha256; ++ ++ /* updated in support of ciphersuites where the PRF hash ++ * could be SHA-256 or SHA-384 */ ++ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); ++ if (hashOid == NULL) { ++ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); ++ rv = SECFailure; ++ goto tls12_loser; ++ } ++ hashes->hashAlg = hashOid->offset; ++ PORT_Assert(hashes->hashAlg == ssl_hash_sha256 || ++ hashes->hashAlg == ssl_hash_sha384); ++ if (hashes->hashAlg != ssl_hash_sha256 && ++ hashes->hashAlg != ssl_hash_sha384) { ++ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); ++ rv = SECFailure; ++ goto tls12_loser; ++ } ++ + rv = SECSuccess; + + tls12_loser: +@@ -7242,7 +7280,7 @@ done: + /* Destroys the backup handshake hash context if we don't need it. Note that + * this function selects the hash algorithm for client authentication + * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash +- * to determine whether to use SHA-1 or SHA-256. */ ++ * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */ + static void + ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, + const SECItem *algorithms) +@@ -7251,9 +7289,12 @@ ssl3_DestroyBackupHandshakeHashIfNotNeed + SSLSignType sigAlg; + PRBool preferSha1; + PRBool supportsSha1 = PR_FALSE; +- PRBool supportsSha256 = PR_FALSE; ++ PRBool supportsHandshakeHash = PR_FALSE; + PRBool needBackupHash = PR_FALSE; + unsigned int i; ++ SECOidData *hashOid; ++ TLSHashAlgorithm suitePRFHash; ++ PRBool suitePRFIs256Or384 = PR_FALSE; + + #ifndef NO_PKCS11_BYPASS + /* Backup handshake hash is not supported in PKCS #11 bypass mode. */ +@@ -7270,20 +7311,35 @@ ssl3_DestroyBackupHandshakeHashIfNotNeed + goto done; + } + ++ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); ++ if (hashOid == NULL) { ++ rv = SECFailure; ++ goto done; ++ } ++ ++ if (hashOid->offset == SEC_OID_SHA256) { ++ suitePRFHash = tls_hash_sha256; ++ suitePRFIs256Or384 = PR_TRUE; ++ } else if (hashOid->offset == SEC_OID_SHA384) { ++ suitePRFHash = tls_hash_sha384; ++ suitePRFIs256Or384 = PR_TRUE; ++ } ++ + /* Determine the server's hash support for that signature algorithm. */ + for (i = 0; i < algorithms->len; i += 2) { + if (algorithms->data[i+1] == sigAlg) { + if (algorithms->data[i] == ssl_hash_sha1) { + supportsSha1 = PR_TRUE; +- } else if (algorithms->data[i] == ssl_hash_sha256) { +- supportsSha256 = PR_TRUE; ++ } else if (suitePRFIs256Or384 && ++ algorithms->data[i] == suitePRFHash) { ++ supportsHandshakeHash = PR_TRUE; + } + } + } + + /* If either the server does not support SHA-256 or the client key prefers + * SHA-1, leave the backup hash. */ +- if (supportsSha1 && (preferSha1 || !supportsSha256)) { ++ if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) { + needBackupHash = PR_TRUE; + } + +@@ -9548,6 +9604,7 @@ ssl3_SendCertificateRequest(sslSocket *s + int certTypesLength; + PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; + unsigned int sigAlgsLength = 0; ++ SECOidData *hashOid; + + SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", + SSL_GETPID(), ss->fd)); +@@ -9575,6 +9632,20 @@ ssl3_SendCertificateRequest(sslSocket *s + certTypes = certificate_types; + certTypesLength = sizeof certificate_types; + ++ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); ++ if (hashOid == NULL) { ++ return SECFailure; /* err set by AppendHandshake. */ ++ } ++ if (hashOid->offset == SEC_OID_SHA256) { ++ sigAlgsLength = sizeof supported_signature_algorithms_sha256; ++ PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha256, sigAlgsLength); ++ } else if (hashOid->offset == SEC_OID_SHA384) { ++ sigAlgsLength = sizeof supported_signature_algorithms_sha384; ++ PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha384, sigAlgsLength); ++ } else { ++ return SECFailure; /* err set by AppendHandshake. */ ++ } ++ + length = 1 + certTypesLength + 2 + calen; + if (isTLS12) { + rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), diff --git a/SOURCES/cve-2015-7575-minimal.patch b/SOURCES/cve-2015-7575-minimal.patch deleted file mode 100644 index 96d09b4..0000000 --- a/SOURCES/cve-2015-7575-minimal.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c -+++ b/lib/ssl/ssl3con.c -@@ -4345,17 +4345,16 @@ ssl3_ConsumeHandshakeVariable(sslSocket - } - - /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the - * SECOidTag used internally by NSS. */ - static const struct { - int tlsHash; - SECOidTag oid; - } tlsHashOIDMap[] = { -- { tls_hash_md5, SEC_OID_MD5 }, - { tls_hash_sha1, SEC_OID_SHA1 }, - { tls_hash_sha224, SEC_OID_SHA224 }, - { tls_hash_sha256, SEC_OID_SHA256 }, - { tls_hash_sha384, SEC_OID_SHA384 }, - { tls_hash_sha512, SEC_OID_SHA512 } - }; - - /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value. diff --git a/SOURCES/dhe-sha384-dss-support.patch b/SOURCES/dhe-sha384-dss-support.patch index 3474df4..834c7c1 100644 --- a/SOURCES/dhe-sha384-dss-support.patch +++ b/SOURCES/dhe-sha384-dss-support.patch @@ -1,845 +1,107 @@ -diff -up ./cmd/certutil/keystuff.c.dhe_and_sha384 ./cmd/certutil/keystuff.c ---- ./cmd/certutil/keystuff.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./cmd/certutil/keystuff.c 2015-06-24 23:06:00.450872604 +0200 -@@ -133,64 +133,92 @@ UpdateRNG(void) - } - - static const unsigned char P[] = { 0, -- 0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44, -- 0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c, -- 0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb, -- 0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04, -- 0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f, -- 0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f, -- 0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69, -- 0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a, -- 0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8, -- 0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad, -- 0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3, -- 0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65, -- 0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52, -- 0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe, -- 0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb, -- 0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d }; -+ 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65, -+ 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd, -+ 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66, -+ 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08, -+ 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b, -+ 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b, -+ 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6, -+ 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83, -+ 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13, -+ 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9, -+ 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5, -+ 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8, -+ 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe, -+ 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63, -+ 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c, -+ 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef, -+ 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e, -+ 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3, -+ 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47, -+ 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f, -+ 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb, -+ 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97, -+ 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d, -+ 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81, -+ 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20, -+ 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c, -+ 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93, -+ 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9, -+ 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60, -+ 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32, -+ 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42, -+ 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 }; - static const unsigned char Q[] = { 0, -- 0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33, -- 0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1, -- 0x76, 0x27, 0x03, 0x81 }; -+ 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3, -+ 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03, -+ 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d, -+ 0x3a, 0x95, 0xf4, 0xf1 }; - static const unsigned char G[] = { -- 0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5, -- 0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04, -- 0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47, -- 0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c, -- 0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35, -- 0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50, -- 0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30, -- 0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e, -- 0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd, -- 0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b, -- 0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95, -- 0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87, -- 0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20, -- 0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb, -- 0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37, -- 0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 }; -+ 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62, -+ 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79, -+ 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7, -+ 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc, -+ 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1, -+ 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e, -+ 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54, -+ 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6, -+ 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a, -+ 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8, -+ 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f, -+ 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93, -+ 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83, -+ 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae, -+ 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3, -+ 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb, -+ 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e, -+ 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4, -+ 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58, -+ 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac, -+ 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e, -+ 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1, -+ 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d, -+ 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c, -+ 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a, -+ 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03, -+ 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5, -+ 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac, -+ 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d, -+ 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa, -+ 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd, -+ 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 }; - --/* h: -- * 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72: -- * c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f: -- * bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92: -- * 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77: -- * aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0: -- * b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42: -- * db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa: -- * 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e -- * SEED: -- * b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2: -- * 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16: -- * 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89: -- * f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd: -- * 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7: -- * 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b: -- * ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52: -- * af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1 -- * g: 1024 -- * counter: 1003 -+ -+/* P, Q, G have been generated using the NSS makepqg utility: -+ * makepqg -l 2048 -g 224 -r -+ * (see also: bug 1170322) -+ * -+ * h: 1 (0x1) -+ * SEED: -+ * d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f: -+ * 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63: -+ * 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38: -+ * e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36: -+ * b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c: -+ * 7c:9e:aa:3e -+ * g: 672 -+ * counter: 0 - */ - - static const SECKEYPQGParams default_pqg_params = { -diff -up ./cmd/selfserv/selfserv.c.dhe_and_sha384 ./cmd/selfserv/selfserv.c ---- ./cmd/selfserv/selfserv.c.dhe_and_sha384 2015-06-24 23:06:00.423873110 +0200 -+++ ./cmd/selfserv/selfserv.c 2015-06-24 23:06:00.453872547 +0200 -@@ -119,16 +119,16 @@ const int ssl3CipherSuites[] = { - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - TLS_RSA_WITH_RC4_128_SHA, /* n */ -- -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ -- -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ -- -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ -- -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */ -- -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */ -- -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ -- -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ -+ TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ -+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ -+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ -+ TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ -+ TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ -+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ -+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ - TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ -- -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ -- -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ -+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ -+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ - TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ - TLS_RSA_WITH_NULL_SHA, /* z */ - 0 -@@ -141,6 +141,9 @@ static PRBool noDelay; - static int requestCert; - static int verbose; - static SECItem bigBuf; -+static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ -+static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/ -+static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ - - static PRThread * acceptorThread; - -@@ -160,11 +163,12 @@ PrintUsageHeader(const char *progName) - " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" - " [-V [min-version]:[max-version]] [-a sni_name]\n" - " [ T ] [-A ca]\n" -+" [-C SSLCacheEntries] [-S dsa_nickname]" - #ifndef NSS_DISABLE_ECC --" [-C SSLCacheEntries] [-e ec_nickname]\n" --#else --" [-C SSLCacheEntries]\n" -+ " [-e ec_nickname]" - #endif /* NSS_DISABLE_ECC */ -+"\n" -+" -U [0|1] -H [0|1] -W [0|1]\n" - ,progName); - } - -@@ -216,6 +220,9 @@ PrintParameterUsage() - " good, revoked, unknown, failure, badsig, corrupted\n" - " ocsp: fetch from external OCSP server using AIA, or none\n" - "-A Nickname of a CA used to sign a stapled cert status\n" -+"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n" -+"-H override default DHE server support, 0: disable, 1: enable\n" -+"-W override default DHE server weak parameters support, 0: disable, 1: enable\n" - "-c Restrict ciphers\n" - "-Y prints cipher values allowed for parameter -c and exits\n" - , stderr); -@@ -252,7 +259,16 @@ PrintCipherUsage(const char *progName) - "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" - "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" - "n SSL3 RSA WITH RC4 128 SHA\n" -+"o TLS_DHE_DSS_WITH_RC4_128_SHA\n" -+"p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n" -+"q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n" -+"r TLS_DHE_RSA_WITH_DES_CBC_SHA\n" -+"s TLS_DHE_DSS_WITH_DES_CBC_SHA\n" -+"t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n" -+"u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n" - "v SSL3 RSA WITH AES 128 CBC SHA\n" -+"w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n" -+"x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n" - "y SSL3 RSA WITH AES 256 CBC SHA\n" - "z SSL3 RSA WITH NULL SHA\n" - "\n" -@@ -1909,6 +1925,18 @@ server_main( - } - } - -+ if (configureDHE > -1) { -+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0)); -+ } -+ -+ if (configureReuseECDHE > -1) { -+ rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0)); -+ } -+ -+ if (configureWeakDHE > -1) { -+ rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0)); -+ } -+ - for (kea = kt_rsa; kea < kt_kea_size; kea++) { - if (cert[kea] != NULL) { - secStatus = SSL_ConfigSecureServer(model_sock, -@@ -2140,6 +2168,7 @@ main(int argc, char **argv) - #ifndef NSS_DISABLE_ECC - char * ecNickName = NULL; - #endif -+ char * dsaNickName = NULL; - const char * fileName = NULL; - char * cipherString= NULL; - const char * dir = "."; -@@ -2184,7 +2213,7 @@ main(int argc, char **argv) - ** numbers, then capital letters, then lower case, alphabetical. - */ - optstate = PL_CreateOptState(argc, argv, -- "2:A:BC:DEL:M:NP:RT:V:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); -+ "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - ++optionsFound; - switch(optstate->option) { -@@ -2198,6 +2227,7 @@ main(int argc, char **argv) - - case 'D': noDelay = PR_TRUE; break; - case 'E': disableStepDown = PR_TRUE; break; -+ case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; - - case 'I': /* reserved for OCSP multi-stapling */ break; - -@@ -2221,6 +2251,8 @@ main(int argc, char **argv) - - case 'R': disableRollBack = PR_TRUE; break; - -+ case 'S': dsaNickName = PORT_Strdup(optstate->value); break; -+ - case 'T': - if (enableOCSPStapling(optstate->value) != SECSuccess) { - fprintf(stderr, "Invalid OCSP stapling mode.\n"); -@@ -2229,6 +2261,8 @@ main(int argc, char **argv) - } - break; - -+ case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break; -+ - case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value, - enabledVersions, enableSSL2, - &enabledVersions, &enableSSL2) != SECSuccess) { -@@ -2236,6 +2270,8 @@ main(int argc, char **argv) - } - break; - -+ case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break; -+ - case 'Y': PrintCipherUsage(progName); exit(0); break; - - case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) { -@@ -2366,6 +2402,7 @@ main(int argc, char **argv) - } - - if ((nickName == NULL) -+ && (dsaNickName == NULL) - #ifndef NSS_DISABLE_ECC - && (ecNickName == NULL) - #endif -@@ -2597,6 +2634,33 @@ main(int argc, char **argv) - setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, - &pwdata); - } -+ if (dsaNickName) { -+ /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa. -+ * See bug 102794.*/ -+ cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata); -+ if (cert[ssl_kea_dh] == NULL) { -+ fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName); -+ exit(12); -+ } -+ privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata); -+ if (privKey[ssl_kea_dh] == NULL) { -+ fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n", -+ dsaNickName); -+ exit(11); -+ } -+ if (testbypass) { -+ PRBool bypassOK; -+ if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist, -+ nciphers, &bypassOK, &pwdata) != SECSuccess) { -+ SECU_PrintError(progName, "Bypass test failed %s\n", nickName); -+ exit(14); -+ } -+ fprintf(stderr, "selfserv: %s can%s bypass\n", nickName, -+ bypassOK ? "" : "not"); -+ } -+ setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh, -+ &pwdata); -+ } - #ifndef NSS_DISABLE_ECC - if (ecNickName) { - cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); -@@ -2629,6 +2693,13 @@ main(int argc, char **argv) - if (testbypass) - goto cleanup; - -+ if (configureWeakDHE > 0) { -+ fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n"); -+ rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE); -+ fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n"); -+ } -+ -+ - /* allocate the array of thread slots, and launch the worker threads. */ - rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads); - -diff -up ./cmd/tstclnt/tstclnt.c.dhe_and_sha384 ./cmd/tstclnt/tstclnt.c ---- ./cmd/tstclnt/tstclnt.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./cmd/tstclnt/tstclnt.c 2015-06-24 23:06:00.454872529 +0200 -@@ -212,7 +212,7 @@ static void PrintParameterUsage(void) - fprintf(stderr, - "%-20s Restricts the set of enabled SSL/TLS protocols versions.\n" - "%-20s All versions are enabled by default.\n" -- "%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n" -+ "%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n" - "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n", - "-V [min]:[max]", "", "", ""); - fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K"); -@@ -911,7 +911,7 @@ int main(int argc, char **argv) - int npds; - int override = 0; - SSLVersionRange enabledVersions; -- PRBool enableSSL2 = PR_TRUE; -+ PRBool enableSSL2 = PR_FALSE; - int bypassPKCS11 = 0; - int disableLocking = 0; - int useExportPolicy = 0; -diff -up ./lib/ssl/dhe-param.c.dhe_and_sha384 ./lib/ssl/dhe-param.c ---- ./lib/ssl/dhe-param.c.dhe_and_sha384 2015-06-24 23:06:00.454872529 +0200 -+++ ./lib/ssl/dhe-param.c 2015-06-24 23:06:00.454872529 +0200 -@@ -0,0 +1,413 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+static const unsigned char ff_dhe_g2[] = { 2 }; -+ -+static const unsigned char ff_dhe_2048_p[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, -+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, -+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, -+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, -+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, -+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, -+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, -+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, -+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, -+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, -+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, -+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, -+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, -+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, -+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, -+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, -+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, -+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, -+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, -+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; -+ -+static const ssl3DHParams ff_dhe_2048 = { -+ { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) }, -+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, -+}; -+ -+static const unsigned char ff_dhe_3072_p[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, -+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, -+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, -+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, -+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, -+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, -+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, -+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, -+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, -+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, -+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, -+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, -+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, -+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, -+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, -+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, -+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, -+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, -+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, -+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, -+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, -+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, -+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, -+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, -+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, -+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, -+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, -+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, -+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, -+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, -+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; -+ -+static const ssl3DHParams ff_dhe_3072 = { -+ { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) }, -+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, -+}; -+ -+static const unsigned char ff_dhe_4096_p[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, -+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, -+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, -+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, -+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, -+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, -+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, -+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, -+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, -+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, -+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, -+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, -+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, -+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, -+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, -+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, -+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, -+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, -+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, -+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, -+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, -+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, -+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, -+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, -+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, -+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, -+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, -+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, -+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, -+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, -+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, -+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, -+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, -+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, -+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, -+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, -+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, -+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, -+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, -+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, -+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, -+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; -+ -+static const ssl3DHParams ff_dhe_4096 = { -+ { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) }, -+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, -+}; -+ -+static const unsigned char ff_dhe_6144_p[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, -+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, -+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, -+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, -+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, -+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, -+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, -+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, -+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, -+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, -+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, -+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, -+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, -+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, -+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, -+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, -+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, -+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, -+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, -+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, -+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, -+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, -+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, -+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, -+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, -+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, -+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, -+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, -+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, -+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, -+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, -+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, -+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, -+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, -+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, -+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, -+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, -+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, -+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, -+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, -+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, -+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, -+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, -+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, -+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, -+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, -+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, -+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, -+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, -+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, -+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, -+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, -+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, -+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, -+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, -+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, -+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, -+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, -+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, -+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, -+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, -+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, -+ 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; -+ -+static const ssl3DHParams ff_dhe_6144 = { -+ { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) }, -+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, -+}; -+ -+static const unsigned char ff_dhe_8192_p[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, -+ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, -+ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, -+ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, -+ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, -+ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, -+ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, -+ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, -+ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, -+ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, -+ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, -+ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, -+ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, -+ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, -+ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, -+ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, -+ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, -+ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, -+ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, -+ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, -+ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, -+ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, -+ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, -+ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, -+ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, -+ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, -+ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, -+ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, -+ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, -+ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, -+ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, -+ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, -+ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, -+ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, -+ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, -+ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, -+ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, -+ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, -+ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, -+ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, -+ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, -+ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, -+ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, -+ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, -+ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, -+ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, -+ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, -+ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, -+ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, -+ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, -+ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, -+ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, -+ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, -+ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, -+ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, -+ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, -+ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, -+ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, -+ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, -+ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, -+ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, -+ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, -+ 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, -+ 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, -+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, -+ 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, -+ 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, -+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, -+ 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, -+ 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, -+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, -+ 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, -+ 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, -+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, -+ 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, -+ 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, -+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, -+ 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, -+ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, -+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, -+ 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, -+ 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, -+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, -+ 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, -+ 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, -+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, -+ 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, -+ 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, -+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, -+ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, -+ 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, -+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, -+ 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, -+ 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, -+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+}; -+ -+static const ssl3DHParams ff_dhe_8192 = { -+ { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) }, -+ { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, -+}; diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.dhe_and_sha384 2015-06-24 23:06:00.448872641 +0200 -+++ ./lib/ssl/ssl3con.c 2015-06-24 23:06:00.456872491 +0200 -@@ -91,7 +91,11 @@ static ssl3CipherSuiteCfg cipherSuites[s +--- ./lib/ssl/ssl3con.c.dhe_and_sha384 2016-02-14 07:51:49.910312410 -0800 ++++ ./lib/ssl/ssl3con.c 2016-02-14 08:03:31.562277561 -0800 +@@ -68,6 +68,8 @@ static SECStatus ssl3_ComputeHandshakeHa + SSL3Hashes *hashes, + PRUint32 sender); + static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); ++static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); ++static CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss); + + static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, + int maxOutputLen, const unsigned char *input, +@@ -95,23 +97,37 @@ static ssl3CipherSuiteCfg cipherSuites[s + /* cipher_suite policy enabled isPresent */ #ifndef NSS_DISABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around +- * bug 946147. +- */ ++ /* Ephemeral ECDH */ ++ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must be before TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ++ * to workaround bug 946147. ++ */ + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around - * bug 946147. - */ -@@ -108,14 +112,19 @@ static ssl3CipherSuiteCfg cipherSuites[s ++ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, #endif /* NSS_DISABLE_ECC */ ++ /* Ephemeral Finite Field DH */ ++ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +@@ -120,17 +136,12 @@ static ssl3CipherSuiteCfg cipherSuites[s + { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -134,6 +143,7 @@ static ssl3CipherSuiteCfg cipherSuites[s + { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + + #ifndef NSS_DISABLE_ECC ++ /* Non ephemeral ECDH */ + { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +@@ -142,18 +153,19 @@ static ssl3CipherSuiteCfg cipherSuites[s #endif /* NSS_DISABLE_ECC */ /* RSA */ -+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -281,6 +291,7 @@ static const ssl3BulkCipherDef bulk_ciph + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, ++ { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + + /* 56-bit DES "domestic" cipher suites */ + { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +@@ -292,6 +304,7 @@ static const ssl3BulkCipherDef bulk_ciph {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, @@ -847,7 +109,18 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; -@@ -316,131 +327,145 @@ static const ssl3CipherSuiteDef cipher_s +@@ -300,8 +313,8 @@ static const ssl3KEADef kea_defs[] = + /* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */ + {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, +- {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, +- {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE}, ++ {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, ++ {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE}, + {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, +@@ -327,135 +340,149 @@ static const ssl3CipherSuiteDef cipher_s { /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg */ @@ -1001,6 +274,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c +#ifndef NSS_DISABLE_ECC {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, +- +- {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss}, +- {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, +- {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384}, @@ -1014,6 +291,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384}, ++ ++ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, 0}, ++ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, 0}, ++ {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, 0}, #ifndef NSS_DISABLE_ECC - {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, @@ -1081,7 +362,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c #endif #endif /* NSS_DISABLE_ECC */ }; -@@ -481,6 +506,7 @@ static const SSLCipher2Mech alg2Mech[] = +@@ -496,6 +523,7 @@ static const SSLCipher2Mech alg2Mech[] = #define mmech_md5_hmac CKM_MD5_HMAC #define mmech_sha_hmac CKM_SHA_1_HMAC #define mmech_sha256_hmac CKM_SHA256_HMAC @@ -1089,7 +370,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */ /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */ -@@ -492,6 +518,7 @@ static const ssl3MACDef mac_defs[] = { / +@@ -507,6 +535,7 @@ static const ssl3MACDef mac_defs[] = { / {hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH}, {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH}, { mac_aead, mmech_invalid, 0, 0 }, @@ -1097,7 +378,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c }; /* indexed by SSL3BulkCipher */ -@@ -640,16 +667,26 @@ ssl3_CipherSuiteAllowedForVersionRange( +@@ -655,19 +684,26 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_AES_256_CBC_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: @@ -1108,8 +389,8 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c case TLS_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_GCM_SHA256: + case TLS_RSA_WITH_AES_256_GCM_SHA384: -+ case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: -+ case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: + case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: + case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; @@ -1119,75 +400,12 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: -+ case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and -@@ -772,16 +809,11 @@ ssl3_config_match_init(sslSocket *ss) - * that the server uses an RSA cert for (EC)DHE-RSA. - */ - switch (cipher_def->key_exchange_alg) { -+ case kea_dhe_dss: -+ svrAuth = ss->serverCerts + ssl_kea_dh; -+ break; - case kea_ecdhe_rsa: --#if NSS_SERVER_DHE_IMPLEMENTED -- /* XXX NSS does not yet implement the server side of _DHE_ -- * cipher suites. Correcting the computation for svrAuth, -- * as the case below does, causes NSS SSL servers to begin to -- * negotiate cipher suites they do not implement. So, until -- * server side _DHE_ is implemented, keep this disabled. -- */ - case kea_dhe_rsa: --#endif - svrAuth = ss->serverCerts + kt_rsa; - break; - case kea_ecdh_ecdsa: -@@ -793,6 +825,8 @@ ssl3_config_match_init(sslSocket *ss) - * simultaneously. For now, both of them use - * whatever is in the certificate slot for kt_ecdh - */ -+ case kea_dhe_dss_export: -+ case kea_dhe_rsa_export: - default: - svrAuth = ss->serverCerts + exchKeyType; - break; -@@ -829,11 +863,22 @@ ssl3_config_match_init(sslSocket *ss) - * cipher suite. */ - static PRBool - config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, -- const SSLVersionRange *vrange) -+ const SSLVersionRange *vrange, const sslSocket *ss) - { -+ const ssl3CipherSuiteDef *cipher_def; -+ - PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); - if (policy == SSL_NOT_ALLOWED || !enabled) -- return PR_FALSE; -+ return PR_FALSE; -+ -+ cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite); -+ PORT_Assert(cipher_def != NULL); -+ -+ PORT_Assert(ss != NULL); -+ if (ss->sec.isServer && !ss->opt.enableServerDhe && -+ kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh) -+ return PR_FALSE; -+ - return (PRBool)(suite->enabled && - suite->isPresent && - suite->policy != SSL_NOT_ALLOWED && -@@ -854,7 +899,7 @@ count_cipher_suites(sslSocket *ss, int p - return 0; - } - for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { -- if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange)) -+ if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss)) - count++; - } - if (count <= 0) { -@@ -2321,6 +2366,9 @@ ssl3_ComputeRecordMAC( +@@ -2348,6 +2384,9 @@ ssl3_ComputeRecordMAC( case ssl_hmac_sha256: /* used with TLS */ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); break; @@ -1197,7 +415,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c default: break; } -@@ -3563,6 +3611,17 @@ ssl3_HandleChangeCipherSpecs(sslSocket * +@@ -3592,6 +3631,18 @@ ssl3_HandleChangeCipherSpecs(sslSocket * return SECSuccess; } @@ -1212,94 +430,70 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c + return prf_alg; +} + - /* This method uses PKCS11 to derive the MS from the PMS, where PMS - ** is a PKCS11 symkey. This is used in all cases except the - ** "triple bypass" with RSA key exchange. -@@ -3592,15 +3651,17 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P - SECItem params; - CK_FLAGS keyFlags; - CK_VERSION pms_version; -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; -+ /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; -+ unsigned int master_params_len; - - PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); - PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); ++ + /* This method completes the derivation of the MS from the PMS. + ** + ** 1. Derive the MS, if possible, else return an error. +@@ -3682,6 +3733,9 @@ ssl3_ComputeMasterSecretInt(sslSocket *s + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; + ++ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); ++ PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); ++ PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { -- if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; -- else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; -- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; -+ if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; -+ else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; -+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - keyFlags = CKF_SIGN | CKF_VERIFY; - } else if (isTLS) { - if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; -@@ -3624,6 +3685,12 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P - master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; - master_params.RandomInfo.pServerRandom = sr; - master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; -+ if (isTLS12) { -+ master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss); -+ master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); -+ } else { -+ master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); + if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; + else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; +@@ -3709,7 +3763,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *s + master_params.RandomInfo.pServerRandom = sr; + master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + if (isTLS12) { +- master_params.prfHashMechanism = CKM_SHA256; ++ master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss); + master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + } else { + /* prfHashMechanism is not relevant with this PRF */ +@@ -3845,7 +3899,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P + rv = PK11_ExtractKeyValue(pwSpec->master_secret); + if (rv != SECSuccess) { + return rv; +- } + } + /* This returns the address of the secItem inside the key struct, + * not a copy or a reference. So, there's no need to free it. + */ +@@ -3954,7 +4008,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke - params.data = (unsigned char *) &master_params; - params.len = sizeof master_params; -@@ -3756,7 +3823,9 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke - PK11SymKey * symKey = NULL; - void * pwArg = ss->pkcs11PinArg; - int keySize; -- CK_SSL3_KEY_MAT_PARAMS key_material_params; -+ CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a -+ * CK_SSL3_KEY_MAT_PARAMS */ -+ unsigned int key_material_params_len; - CK_SSL3_KEY_MAT_OUT returnedKeys; - CK_MECHANISM_TYPE key_derive; - CK_MECHANISM_TYPE bulk_mechanism; -@@ -3810,17 +3879,21 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke - PORT_Assert( alg2Mech[calg].calg == calg); - bulk_mechanism = alg2Mech[calg].cmech; - -- params.data = (unsigned char *)&key_material_params; -- params.len = sizeof(key_material_params); -- if (isTLS12) { -- key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; -+ key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; +- key_material_params.prfHashMechanism = CKM_SHA256; + key_material_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss); -+ key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); + key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; -+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); - } else { - key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; -+ key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); - } - -+ params.data = (unsigned char *)&key_material_params; -+ params.len = key_material_params_len; -+ - /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and - * DERIVE by DEFAULT */ - symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms, -@@ -3883,9 +3956,9 @@ ssl3_InitHandshakeHashes(sslSocket *ss) - #ifndef NO_PKCS11_BYPASS - if (ss->opt.bypassPKCS11) { - PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone); -+ /* If we ever support ciphersuites where the PRF hash isn't SHA-256 -+ * then this will need to be updated. */ +@@ -4032,7 +4086,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss) if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { -- /* If we ever support ciphersuites where the PRF hash isn't SHA-256 -- * then this will need to be updated. */ - ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); + /* If we ever support ciphersuites where the PRF hash isn't SHA-256 + * then this will need to be updated. */ +- ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); ++ HASH_HashType ht; ++ CK_MECHANISM_TYPE hm; ++ SECOidTag ot; ++ SECOidData *hashOid; ++ ++ hm = ssl3_GetPrfHashMechanism(ss); ++ hashOid = SECOID_FindOIDByMechanism(hm); ++ if (hashOid == NULL) { ++ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); ++ return SECFailure; ++ } ++ ot = hashOid->offset; ++ ht = HASH_GetHashTypeByOidTag(ot); ++ ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht); if (!ss->ssl3.hs.sha_obj) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); -@@ -3909,9 +3982,19 @@ ssl3_InitHandshakeHashes(sslSocket *ss) + return SECFailure; +@@ -4055,9 +4122,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss) * that the master secret will wind up in ... */ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { @@ -1311,9 +505,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c + + PORT_Assert(ss->ssl3.hs.suite_def); + /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg) -+ * Convert that to the OidTag. -+ * We can then use that OidTag to create our PK11Context */ ++ * Convert that to the OidTag. We can then use that OidTag to create our ++ * PK11Context */ + hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); ++ PORT_Assert(hash_oid != NULL); + if (hash_oid == NULL) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + return SECFailure; @@ -1322,39 +517,63 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c if (ss->ssl3.hs.sha == NULL) { ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); return SECFailure; -@@ -5279,7 +5362,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo - } - for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; -- if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { -+ if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) { - actual_count++; - if (actual_count > num_suites) { - if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } -@@ -6305,13 +6388,6 @@ ssl3_HandleServerHello(sslSocket *ss, SS - } - isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); +@@ -4378,6 +4456,11 @@ ssl3_AppendSignatureAndHashAlgorithm( + sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) + { + PRUint8 serialized[2]; ++ unsigned char hashAlg = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg); ++ if (hashAlg == 0) { ++ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); ++ return SECFailure; ++ } -- rv = ssl3_InitHandshakeHashes(ss); -- if (rv != SECSuccess) { -- desc = internal_error; -- errCode = PORT_GetError(); -- goto alert_loser; -- } -- - rv = ssl3_ConsumeHandshake( - ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); - if (rv != SECSuccess) { -@@ -6338,7 +6414,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (temp == suite->cipher_suite) { - SSLVersionRange vrange = {ss->version, ss->version}; -- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { -+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { - /* config_match already checks whether the cipher suite is - * acceptable for the version, but the check is repeated here - * in order to give a more precise error code. */ -@@ -6390,6 +6466,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS + serialized[0] = (PRUint8)sigAndHash->hashAlg; + serialized[1] = (PRUint8)sigAndHash->sigAlg; +@@ -4499,6 +4582,7 @@ static const struct { + SECOidTag oid; + } tlsHashOIDMap[] = { + { ssl_hash_sha1, SEC_OID_SHA1 }, ++ { ssl_hash_sha224, SEC_OID_SHA224 }, + { ssl_hash_sha256, SEC_OID_SHA256 }, + { ssl_hash_sha384, SEC_OID_SHA384 }, + { ssl_hash_sha512, SEC_OID_SHA512 } +@@ -4521,6 +4605,23 @@ ssl3_TLSHashAlgorithmToOID(SSLHashType h + return SEC_OID_UNKNOWN; + } + ++/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm ++ * identifier. If the hash is not recognised, zero is returned. ++ * ++ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ ++static int ++ssl3_OIDToTLSHashAlgorithm(SECOidTag oid) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) { ++ if (oid == tlsHashOIDMap[i].oid) { ++ return tlsHashOIDMap[i].tlsHash; ++ } ++ } ++ return 0; ++} ++ + /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm + * identifier for a given KeyType. */ + static SECStatus +@@ -4843,6 +4944,11 @@ tls12_loser: + unsigned char md5StackBuf[256]; + unsigned char shaStackBuf[512]; + ++ if (!spec->master_secret) { ++ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); ++ return SECFailure; ++ } ++ + md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf, + sizeof md5StackBuf, &md5StateLen); + if (md5StateBuf == NULL) { +@@ -6568,6 +6674,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS } ss->ssl3.hs.compression = (SSLCompressionMethod)temp; @@ -1369,96 +588,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c /* Note that if !isTLS and the extra stuff is not extensions, we * do NOT goto alert_loser. * There are some old SSL 3.0 implementations that do send stuff -@@ -7609,6 +7693,22 @@ ssl3_SendServerHelloSequence(sslSocket * - /* An empty TLS Renegotiation Info (RI) extension */ - static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00}; - -+static PRBool -+ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea) -+{ -+ switch (kea) { -+ case kea_dhe_dss: -+ case kea_dhe_dss_export: -+ case kea_dh_dss_export: -+ case kea_dh_dss: -+ /* TODO: Fix session tickets for DSS. The server code rejects the -+ * session ticket received from the client. Bug 1174677 */ -+ return PR_FALSE; -+ default: -+ return PR_TRUE; -+ }; -+} -+ - /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete - * ssl3 Client Hello message. - * Caller must hold Handshake and RecvBuf locks. -@@ -7631,6 +7731,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS - SECItem comps = {siBuffer, NULL, 0}; - PRBool haveSpecWriteLock = PR_FALSE; - PRBool haveXmitBufLock = PR_FALSE; -+ PRBool canOfferSessionTicket = PR_FALSE; - - SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", - SSL_GETPID(), ss->fd)); -@@ -7704,13 +7805,6 @@ ssl3_HandleClientHello(sslSocket *ss, SS - goto alert_loser; - } - -- rv = ssl3_InitHandshakeHashes(ss); -- if (rv != SECSuccess) { -- desc = internal_error; -- errCode = PORT_GetError(); -- goto alert_loser; -- } -- - /* grab the client random data. */ - rv = ssl3_ConsumeHandshake( - ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length); -@@ -7870,8 +7964,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS - * resuming.) - */ - if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) { -- ssl3_RegisterServerHelloExtensionSender(ss, -- ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); -+ canOfferSessionTicket = PR_TRUE; - } - - if (sid != NULL) { -@@ -7950,7 +8043,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS - * The product policy won't change during the process lifetime. - * Implemented ("isPresent") shouldn't change for servers. - */ -- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) -+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) - break; - #else - if (!suite->enabled) -@@ -7999,7 +8092,7 @@ ssl3_HandleClientHello(sslSocket *ss, SS - for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; - SSLVersionRange vrange = {ss->version, ss->version}; -- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { -+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { - continue; - } - for (i = 0; i + 1 < suites.len; i += 2) { -@@ -8016,6 +8109,15 @@ ssl3_HandleClientHello(sslSocket *ss, SS - goto alert_loser; - - suite_found: -+ if (canOfferSessionTicket) -+ canOfferSessionTicket = ssl3_KEAAllowsSessionTicket( -+ ss->ssl3.hs.suite_def->key_exchange_alg); -+ -+ if (canOfferSessionTicket) { -+ ssl3_RegisterServerHelloExtensionSender(ss, -+ ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); -+ } -+ - /* Select a compression algorithm. */ - for (i = 0; i < comps.len; i++) { - if (!compressionEnabled(ss, comps.data[i])) -@@ -8036,6 +8138,14 @@ compression_found: +@@ -8287,6 +8401,14 @@ compression_found: suites.data = NULL; comps.data = NULL; @@ -1473,30 +603,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c ss->sec.send = ssl3_SendApplicationData; /* If there are any failures while processing the old sid, -@@ -8479,13 +8589,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, - goto alert_loser; - } - -- rv = ssl3_InitHandshakeHashes(ss); -- if (rv != SECSuccess) { -- desc = internal_error; -- errCode = PORT_GetError(); -- goto alert_loser; -- } -- - /* if we get a non-zero SID, just ignore it. */ - if (length != - SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) { -@@ -8533,7 +8636,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, - for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; - SSLVersionRange vrange = {ss->version, ss->version}; -- if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { -+ if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { - continue; - } - for (i = 0; i+2 < suite_length; i += 3) { -@@ -8572,6 +8675,15 @@ suite_found: +@@ -8857,6 +8979,15 @@ suite_found: } ss->ssl3.hs.compression = ssl_compression_null; @@ -1512,342 +619,34 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c ss->sec.send = ssl3_SendApplicationData; /* we don't even search for a cache hit here. It's just a miss. */ -@@ -8732,6 +8844,154 @@ ssl3_SendServerHello(sslSocket *ss) - return SECSuccess; - } - -+static SECStatus -+ssl3_PickSignatureHashAlgorithm(sslSocket *ss, -+ SSL3SignatureAndHashAlgorithm* out); -+ -+static SECStatus -+ssl3_SendDHServerKeyExchange(sslSocket *ss) -+{ -+ const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; -+ SECStatus rv = SECFailure; -+ int length; -+ PRBool isTLS; -+ SECItem signed_hash = {siBuffer, NULL, 0}; -+ SSL3Hashes hashes; -+ SSL3SignatureAndHashAlgorithm sigAndHash; -+ SECKEYDHParams dhParam; -+ -+ ssl3KeyPair *keyPair = NULL; -+ SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */ -+ SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */ -+ int certIndex = -1; -+ -+ if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) { -+ /* TODO: Support DH_anon. It might be sufficient to drop the signature. -+ See bug 1170510. */ -+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); -+ return SECFailure; -+ } -+ -+ dhParam.prime.data = ss->dheParams->prime.data; -+ dhParam.prime.len = ss->dheParams->prime.len; -+ dhParam.base.data = ss->dheParams->base.data; -+ dhParam.base.len = ss->dheParams->base.len; -+ -+ PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data, -+ dhParam.prime.len)); -+ PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data, -+ dhParam.base.len)); -+ -+ /* Generate ephemeral DH keypair */ -+ privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL); -+ if (!privKey || !pubKey) { -+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); -+ rv = SECFailure; -+ goto loser; -+ } -+ -+ keyPair = ssl3_NewKeyPair(privKey, pubKey); -+ if (!keyPair) { -+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); -+ goto loser; -+ } -+ -+ PRINT_BUF(50, (ss, "DH public value:", -+ pubKey->u.dh.publicValue.data, -+ pubKey->u.dh.publicValue.len)); -+ -+ if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) { -+ ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); -+ goto loser; -+ } -+ -+ rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, -+ pubKey->u.dh.prime, -+ pubKey->u.dh.base, -+ pubKey->u.dh.publicValue, -+ &ss->ssl3.hs.client_random, -+ &ss->ssl3.hs.server_random, -+ &hashes, ss->opt.bypassPKCS11); -+ if (rv != SECSuccess) { -+ ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); -+ goto loser; -+ } -+ -+ /* It has been suggested to test kea_def->signKeyType instead, and to use -+ * ssl_auth_* instead. Investigate what to do. See bug 102794. */ -+ if (kea_def->kea == kea_dhe_rsa) -+ certIndex = ssl_kea_rsa; -+ else -+ certIndex = ssl_kea_dh; -+ -+ isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); -+ rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, -+ &signed_hash, isTLS); -+ if (rv != SECSuccess) { -+ goto loser; /* ssl3_SignHashes has set err. */ -+ } -+ if (signed_hash.data == NULL) { -+ PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); -+ goto loser; -+ } -+ length = 2 + pubKey->u.dh.prime.len + -+ 2 + pubKey->u.dh.base.len + -+ 2 + pubKey->u.dh.publicValue.len + -+ 2 + signed_hash.len; -+ -+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { -+ length += 2; -+ } -+ -+ rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ -+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data, -+ pubKey->u.dh.prime.len, 2); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ -+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data, -+ pubKey->u.dh.base.len, 2); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ -+ rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data, -+ pubKey->u.dh.publicValue.len, 2); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ -+ if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { -+ rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ } -+ -+ rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, -+ signed_hash.len, 2); -+ if (rv != SECSuccess) { -+ goto loser; /* err set by AppendHandshake. */ -+ } -+ PORT_Free(signed_hash.data); -+ ss->dheKeyPair = keyPair; -+ return SECSuccess; -+ -+loser: -+ if (signed_hash.data) -+ PORT_Free(signed_hash.data); -+ if (privKey) -+ SECKEY_DestroyPrivateKey(privKey); -+ if (pubKey) -+ SECKEY_DestroyPublicKey(pubKey); -+ return SECFailure; -+} -+ - /* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing - * elements of the handshake. (The negotiated cipher suite determines the - * signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always -@@ -8906,6 +9166,11 @@ ssl3_SendServerKeyExchange(sslSocket *ss - PORT_Free(signed_hash.data); - return SECSuccess; - -+ case ssl_kea_dh: { -+ rv = ssl3_SendDHServerKeyExchange(ss); -+ return rv; -+ } -+ - #ifndef NSS_DISABLE_ECC - case kt_ecdh: { - rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); -@@ -8913,7 +9178,6 @@ ssl3_SendServerKeyExchange(sslSocket *ss - } - #endif /* NSS_DISABLE_ECC */ - -- case kt_dh: - case kt_null: - default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -@@ -9322,6 +9586,59 @@ double_bypass: - return SECSuccess; - } - -+static SECStatus -+ssl3_HandleDHClientKeyExchange(sslSocket *ss, -+ SSL3Opaque *b, -+ PRUint32 length, -+ SECKEYPublicKey *srvrPubKey, -+ SECKEYPrivateKey *serverKey) -+{ -+ PK11SymKey *pms; -+ SECStatus rv; -+ SECKEYPublicKey clntPubKey; -+ CK_MECHANISM_TYPE target; -+ PRBool isTLS; -+ -+ PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); -+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); -+ PORT_Assert( srvrPubKey ); -+ -+ clntPubKey.keyType = dhKey; -+ clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len; -+ clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data; -+ clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len; -+ clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data; -+ -+ rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue, -+ 2, &b, &length); -+ if (rv != SECSuccess) { -+ goto loser; -+ } -+ -+ isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); -+ -+ if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH; -+ else target = CKM_SSL3_MASTER_KEY_DERIVE_DH; -+ -+ /* Determine the PMS */ -+ pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL, -+ CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL); -+ if (pms == NULL) { -+ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); -+ goto loser; -+ } -+ -+ rv = ssl3_InitPendingCipherSpec(ss, pms); -+ PK11_FreeSymKey(pms); pms = NULL; -+ -+loser: -+ if (ss->dheKeyPair) { -+ ssl3_FreeKeyPair(ss->dheKeyPair); -+ ss->dheKeyPair = NULL; -+ } -+ return rv; -+} -+ - - /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete - * ssl3 ClientKeyExchange message from the remote client -@@ -9334,9 +9651,7 @@ ssl3_HandleClientKeyExchange(sslSocket * - SECStatus rv; - const ssl3KEADef *kea_def; - ssl3KeyPair *serverKeyPair = NULL; --#ifndef NSS_DISABLE_ECC - SECKEYPublicKey *serverPubKey = NULL; --#endif /* NSS_DISABLE_ECC */ - - SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", - SSL_GETPID(), ss->fd)); -@@ -9366,6 +9681,16 @@ ssl3_HandleClientKeyExchange(sslSocket * - ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; - } else - skip: -+ if (kea_def->kea == kea_dhe_dss || -+ kea_def->kea == kea_dhe_rsa) { -+ if (ss->dheKeyPair) { -+ serverKeyPair = ss->dheKeyPair; -+ if (serverKeyPair->pubKey) { -+ ss->sec.keaKeyBits = -+ SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey); -+ } -+ } -+ } else - #ifndef NSS_DISABLE_ECC - /* XXX Using SSLKEAType to index server certifiates - * does not work for (EC)DHE ciphers. Until we have -@@ -9411,6 +9736,21 @@ skip: - } - break; - -+ case ssl_kea_dh: -+ if (ss->dheKeyPair && ss->dheKeyPair->pubKey) { -+ serverPubKey = ss->dheKeyPair->pubKey; -+ } -+ if (!serverPubKey) { -+ PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); -+ return SECFailure; -+ } -+ rv = ssl3_HandleDHClientKeyExchange(ss, b, length, -+ serverPubKey, serverKey); -+ if (rv != SECSuccess) { -+ SSL3_SendAlert(ss, alert_fatal, handshake_failure); -+ return SECFailure; /* error code set */ -+ } -+ break; - - #ifndef NSS_DISABLE_ECC - case kt_ecdh: -@@ -10181,21 +10521,39 @@ done: +@@ -9388,7 +9519,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl + /* Note that we don't support a handshake hash with anything other than + * SHA-256, so asking for a signature from clients for something else + * would be inviting disaster. */ +- if (alg->hashAlg == ssl_hash_sha256) { ++ if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) { + buf[(*len)++] = (PRUint8)alg->hashAlg; + buf[(*len)++] = (PRUint8)alg->sigAlg; + } +@@ -10841,7 +10972,7 @@ done: } static SECStatus -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, -+ssl3_ComputeTLSFinished(sslSocket *ss, -+ ssl3CipherSpec *spec, ++ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec, PRBool isServer, const SSL3Hashes * hashes, TLSFinished * tlsFinished) - { -- const char * label; -- unsigned int len; -- SECStatus rv; -- -- label = isServer ? "server finished" : "client finished"; -- len = 15; -- -- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, -- hashes->len, tlsFinished->verify_data, -- sizeof tlsFinished->verify_data); -+ SECStatus rv; -+ CK_TLS12_MAC_PARAMS tls12_mac_params; -+ SECItem param = {siBuffer, NULL, 0}; -+ PK11Context *prf_context; -+ unsigned int retLen; -+ -+ if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { -+ tls12_mac_params.prfHashMechanism = CKM_TLS_PRF; -+ } else { -+ tls12_mac_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss); -+ } -+ tls12_mac_params.ulMacLength = 12; -+ tls12_mac_params.ulServerOrClient = isServer ? 1 : 2; -+ param.data = (unsigned char *)&tls12_mac_params; -+ param.len = sizeof(tls12_mac_params); -+ prf_context = PK11_CreateContextBySymKey(CKM_TLS12_MAC, CKA_SIGN, -+ spec->master_secret, ¶m); -+ if (!prf_context) -+ return SECFailure; -+ -+ rv = PK11_DigestBegin(prf_context); -+ rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len); -+ rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen, -+ sizeof tlsFinished->verify_data); -+ PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data); -+ -+ PK11_DestroyContext(prf_context, PR_TRUE); - - return rv; - } -@@ -10380,7 +10738,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 +@@ -10864,7 +10995,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec * + if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { + tls_mac_params.prfMechanism = CKM_TLS_PRF; + } else { +- tls_mac_params.prfMechanism = CKM_SHA256; ++ tls_mac_params.prfMechanism = ssl3_GetPrfHashMechanism(ss); + } + tls_mac_params.ulMacLength = 12; + tls_mac_params.ulServerOrClient = isServer ? 1 : 2; +@@ -11066,7 +11197,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender); if (isTLS && rv == SECSuccess) { @@ -1856,7 +655,7 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c } ssl_ReleaseSpecReadLock(ss); if (rv != SECSuccess) { -@@ -10544,7 +10902,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O +@@ -11237,7 +11368,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED); return SECFailure; } @@ -1865,85 +664,10 @@ diff -up ./lib/ssl/ssl3con.c.dhe_and_sha384 ./lib/ssl/ssl3con.c hashes, &tlsFinished); if (!isServer) ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished; -@@ -10590,7 +10948,8 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O - * ServerHello message.) - */ - if (isServer && !ss->ssl3.hs.isResuming && -- ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { -+ ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && -+ ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) { - /* RFC 5077 Section 3.3: "In the case of a full handshake, the - * server MUST verify the client's Finished message before sending - * the ticket." Presumably, this also means that the client's -@@ -10638,7 +10997,8 @@ xmit_loser: - return rv; - } - -- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { -+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { - effectiveExchKeyType = kt_rsa; - } else { - effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; -@@ -11856,8 +12216,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair) - } - } - -- -- - /* - * Creates the public and private RSA keys for SSL Step down. - * Called from SSL_ConfigSecureServer in sslsecur.c -@@ -11889,7 +12247,6 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss - return rv; - } - -- - /* record the export policy for this cipher suite */ - SECStatus - ssl3_SetPolicy(ssl3CipherSuite which, int policy) -@@ -12022,7 +12379,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocke - /* ssl3_config_match_init was called by the caller of this function. */ - for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { - ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; -- if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) { -+ if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) { - if (cs != NULL) { - *cs++ = 0x00; - *cs++ = (suite->cipher_suite >> 8) & 0xFF; -@@ -12147,6 +12504,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) - } - } - -+ if (ss->ssl3.dheGroups) { -+ PORT_Free(ss->ssl3.dheGroups); -+ } -+ - ss->ssl3.initialized = PR_FALSE; - - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c ---- ./lib/ssl/ssl3ecc.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/ssl3ecc.c 2015-06-24 23:09:45.987637456 +0200 -@@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket - pubKey->u.ec.publicValue.len)); - - if (isTLS12) { -- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; -+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH; - } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; - } else { -@@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSock - isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - - if (isTLS12) { -- target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; -+ target = CKM_TLS12_MASTER_KEY_DERIVE_DH; - } else if (isTLS) { - target = CKM_TLS_MASTER_KEY_DERIVE_DH; - } else { -@@ -914,7 +914,9 @@ static const ssl3CipherSuite ecdhe_ecdsa +--- ./lib/ssl/ssl3ecc.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/ssl3ecc.c 2016-02-14 07:51:49.915312514 -0800 +@@ -919,7 +919,9 @@ static const ssl3CipherSuite ecdhe_ecdsa TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -1953,7 +677,7 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -925,7 +927,9 @@ static const ssl3CipherSuite ecdhe_rsa_s +@@ -930,7 +932,9 @@ static const ssl3CipherSuite ecdhe_rsa_s TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, @@ -1963,7 +687,7 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -940,11 +944,15 @@ static const ssl3CipherSuite ecSuites[] +@@ -945,11 +949,15 @@ static const ssl3CipherSuite ecSuites[] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, @@ -1979,151 +703,138 @@ diff -up ./lib/ssl/ssl3ecc.c.dhe_and_sha384 ./lib/ssl/ssl3ecc.c TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, -diff -up ./lib/ssl/ssl3ext.c.dhe_and_sha384 ./lib/ssl/ssl3ext.c ---- ./lib/ssl/ssl3ext.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/ssl3ext.c 2015-06-24 23:06:00.457872472 +0200 -@@ -1125,7 +1125,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) - sslSessionID sid; - PORT_Memset(&sid, 0, sizeof(sslSessionID)); - -- if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { -+ if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { - effectiveExchKeyType = kt_rsa; - } else { - effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; -diff -up ./lib/ssl/ssl.def.dhe_and_sha384 ./lib/ssl/ssl.def ---- ./lib/ssl/ssl.def.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/ssl.def 2015-06-24 23:06:00.454872529 +0200 -@@ -171,3 +171,13 @@ SSL_SetCanFalseStartCallback; - ;+ local: - ;+*; - ;+}; -+;+NSS_3.20 { # NSS 3.20 release -+;+ global: -+;+# If the 3.20 release includes any additional functions -+;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup -+;+# they should be labeled as NSS_3.20a -+SSL_DHEGroupPrefSet; -+SSL_EnableWeakDHEPrimeGroup; -+;+ local: -+;+*; -+;+}; +diff -up ./lib/ssl/ssl3prot.h.dhe_and_sha384 ./lib/ssl/ssl3prot.h +--- ./lib/ssl/ssl3prot.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/ssl3prot.h 2016-02-14 07:51:49.915312514 -0800 +@@ -217,6 +217,32 @@ typedef struct { + } u; + } SSL3ServerParams; + ++/* This enum reflects HashAlgorithm enum from ++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 ++ * ++ * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ ++typedef enum { ++ tls_hash_md5 = 1, ++ tls_hash_sha1 = 2, ++ tls_hash_sha224 = 3, ++ tls_hash_sha256 = 4, ++ tls_hash_sha384 = 5, ++ tls_hash_sha512 = 6 ++} TLSHashAlgorithm; ++ ++/* This enum reflects SignatureAlgorithm enum from ++ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ ++typedef enum { ++ tls_sig_rsa = 1, ++ tls_sig_dsa = 2, ++ tls_sig_ecdsa = 3 ++} TLSSignatureAlgorithm; ++ ++typedef struct { ++ SECOidTag hashAlg; ++ TLSSignatureAlgorithm sigAlg; ++} SSL3SignatureAndHashAlgorithm; ++ + /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS + * prior to 1.2. */ + typedef struct { diff -up ./lib/ssl/sslenum.c.dhe_and_sha384 ./lib/ssl/sslenum.c ---- ./lib/ssl/sslenum.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/sslenum.c 2015-06-24 23:06:00.457872472 +0200 -@@ -49,7 +49,11 @@ +--- ./lib/ssl/sslenum.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/sslenum.c 2016-02-14 07:51:49.915312514 -0800 +@@ -48,23 +48,37 @@ + */ const PRUint16 SSL_ImplementedCiphers[] = { #ifndef NSS_DISABLE_ECC - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ++ /* Ephemeral ECDH */ + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, ++ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. */ -@@ -66,14 +70,19 @@ const PRUint16 SSL_ImplementedCiphers[] +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, ++ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, ++ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, +- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, ++ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, ++ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, ++ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, ++ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, #endif /* NSS_DISABLE_ECC */ ++ /* Ephemeral Finite Field DH */ ++ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, ++ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, ++ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, ++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, +@@ -73,17 +87,12 @@ const PRUint16 SSL_ImplementedCiphers[] + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, -+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA, +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA, +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, +- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, +- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, -@@ -91,6 +100,7 @@ const PRUint16 SSL_ImplementedCiphers[] + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + + #ifndef NSS_DISABLE_ECC ++ /* Non ephemeral ECDH */ + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, +@@ -94,18 +103,20 @@ const PRUint16 SSL_ImplementedCiphers[] TLS_ECDH_RSA_WITH_RC4_128_SHA, #endif /* NSS_DISABLE_ECC */ ++ /* RSA */ + TLS_RSA_WITH_AES_256_GCM_SHA384, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA256, ++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, -diff -up ./lib/ssl/ssl.h.dhe_and_sha384 ./lib/ssl/ssl.h ---- ./lib/ssl/ssl.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/ssl.h 2015-06-24 23:06:00.454872529 +0200 -@@ -185,12 +185,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF - /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is - * reused for multiple handshakes or generated each time. - * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default. -+ * This socket option is for ECDHE, only. It is unrelated to DHE. - */ - #define SSL_REUSE_SERVER_ECDHE_KEY 27 - - #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in - * handshakes. */ - -+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket. -+ */ -+#define SSL_ENABLE_SERVER_DHE 29 -+ - #ifdef SSL_DEPRECATED_FUNCTION - /* Old deprecated function names */ - SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); -@@ -292,6 +297,46 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe - SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); - SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); - -+/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group -+** parameters that can be used by NSS for the given server socket. -+** The first item in the array is used as the default group, if no other -+** selection criteria can be used by NSS. -+** The set is provided as an array of identifiers as defined by SSLDHEGroupType. -+** If more than one group identifier is provided, NSS will select the one to use. -+** For example, a TLS extension sent by the client might indicate a preference. -+*/ -+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, -+ SSLDHEGroupType *groups, -+ PRUint16 num_groups); -+ -+/* Enable the use of a DHE group that's smaller than the library default, -+** for backwards compatibility reasons. The DH parameters will be created -+** at the time this function is called, which might take a very long time. -+** The function will block until generation is completed. -+** The intention is to enforce that fresh and safe parameters are generated -+** each time a process is started. -+** At the time this API was initially implemented, the API will enable the -+** use of 1024 bit DHE parameters. This value might get increased in future -+** versions of NSS. -+** -+** It is allowed to call this API will a NULL value for parameter fd, -+** which will prepare the global parameters that NSS will reuse for the remainder -+** of the process lifetime. This can be used early after startup of a process, -+** to avoid a delay when handling incoming client connections. -+** This preparation with a NULL for parameter fd will NOT enable the weak group -+** on sockets. The function needs to be called again for every socket that -+** should use the weak group. -+** -+** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API. -+** If both APIs have been called, the weakest group will be used, -+** unless it is certain that the client supports larger group parameters. -+** The weak group will be used as the default group, overriding the preference -+** for the first group potentially set with a call to SSL_DHEGroupPrefSet -+** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but -+** it's no longer the default group.) -+*/ -+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled); -+ - /* SSL Version Range API - ** - ** This API should be used to control SSL 3.0 & TLS support instead of the + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, +- TLS_RSA_WITH_AES_256_CBC_SHA, +- TLS_RSA_WITH_AES_256_CBC_SHA256, +- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_RSA_WITH_SEED_CBC_SHA, +- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5, ++ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, + + /* 56-bit DES "domestic" cipher suites */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h ---- ./lib/ssl/sslimpl.h.dhe_and_sha384 2015-06-24 23:06:00.449872622 +0200 -+++ ./lib/ssl/sslimpl.h 2015-06-24 23:06:00.457872472 +0200 -@@ -62,6 +62,7 @@ typedef SSLSignType SSL3SignType; +--- ./lib/ssl/sslimpl.h.dhe_and_sha384 2016-02-14 07:51:49.911312431 -0800 ++++ ./lib/ssl/sslimpl.h 2016-02-14 07:51:49.915312514 -0800 +@@ -64,6 +64,7 @@ typedef SSLSignType SSL3SignType; #define hmac_md5 ssl_hmac_md5 #define hmac_sha ssl_hmac_sha #define hmac_sha256 ssl_hmac_sha256 @@ -2131,35 +842,19 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h #define mac_aead ssl_mac_aead #define SET_ERROR_CODE /* reminder */ -@@ -179,6 +180,7 @@ typedef struct ssl3CertNodeStr - typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; - typedef struct ssl3MACDefStr ssl3MACDef; - typedef struct ssl3KeyPairStr ssl3KeyPair; -+typedef struct ssl3DHParamsStr ssl3DHParams; - - struct ssl3CertNodeStr { - struct ssl3CertNodeStr *next; -@@ -298,9 +300,9 @@ typedef struct { +@@ -300,9 +301,9 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC --#define ssl_V3_SUITES_IMPLEMENTED 61 +-#define ssl_V3_SUITES_IMPLEMENTED 64 +#define ssl_V3_SUITES_IMPLEMENTED 71 #else --#define ssl_V3_SUITES_IMPLEMENTED 37 +-#define ssl_V3_SUITES_IMPLEMENTED 40 +#define ssl_V3_SUITES_IMPLEMENTED 43 #endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 -@@ -337,6 +339,7 @@ typedef struct sslOptionsStr { - unsigned int enableALPN : 1; /* 27 */ - unsigned int reuseServerECDHEKey : 1; /* 28 */ - unsigned int enableFallbackSCSV : 1; /* 29 */ -+ unsigned int enableServerDhe : 1; /* 30 */ - } sslOptions; - - typedef enum { sslHandshakingUndetermined = 0, -@@ -476,10 +479,18 @@ typedef enum { +@@ -486,10 +487,18 @@ typedef enum { cipher_camellia_256, cipher_seed, cipher_aes_128_gcm, @@ -2178,7 +873,7 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h typedef enum { type_stream, type_block, type_aead } CipherType; #define MAX_IV_LENGTH 24 -@@ -725,6 +736,7 @@ typedef struct ssl3CipherSuiteDefStr { +@@ -736,6 +745,7 @@ typedef struct ssl3CipherSuiteDefStr { SSL3BulkCipher bulk_cipher_alg; SSL3MACAlgorithm mac_alg; SSL3KeyExchangeAlgorithm key_exchange_alg; @@ -2186,51 +881,10 @@ diff -up ./lib/ssl/sslimpl.h.dhe_and_sha384 ./lib/ssl/sslimpl.h } ssl3CipherSuiteDef; /* -@@ -997,6 +1009,9 @@ struct ssl3StateStr { - PRUint16 dtlsSRTPCipherCount; - PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ - PRBool fatalAlertSent; -+ PRUint16 numDHEGroups; /* used by server */ -+ SSLDHEGroupType * dheGroups; /* used by server */ -+ PRBool dheWeakGroupEnabled; /* used by server */ - }; - - #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the -@@ -1016,6 +1031,11 @@ struct ssl3KeyPairStr { - PRInt32 refCount; /* use PR_Atomic calls for this. */ - }; - -+struct ssl3DHParamsStr { -+ SECItem prime; /* p */ -+ SECItem base; /* g */ -+}; -+ - typedef struct SSLWrappedSymWrappingKeyStr { - SSL3Opaque wrappedSymmetricWrappingkey[512]; - CK_MECHANISM_TYPE symWrapMechanism; -@@ -1224,6 +1244,9 @@ const unsigned char * preferredCipher; - - ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ - -+ const ssl3DHParams *dheParams; /* DHE param */ -+ ssl3KeyPair * dheKeyPair; /* DHE keys */ -+ - /* Callbacks */ - SSLAuthCertificate authCertificate; - void *authCertificateArg; -@@ -1616,6 +1639,8 @@ int ssl3_GatherCompleteHandshake(sslSock - */ - extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); - -+extern SECStatus ssl3_SelectDHParams(sslSocket *ss); -+ - #ifndef NSS_DISABLE_ECC - extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); - extern PRBool ssl3_IsECCEnabled(sslSocket *ss); diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c ---- ./lib/ssl/sslinfo.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/sslinfo.c 2015-06-24 23:06:00.457872472 +0200 -@@ -122,6 +122,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh +--- ./lib/ssl/sslinfo.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/sslinfo.c 2016-02-14 07:51:49.915312514 -0800 +@@ -160,6 +160,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc #define M_AEAD_128 "AEAD", ssl_mac_aead, 128 #define M_SHA256 "SHA256", ssl_hmac_sha256, 256 @@ -2238,25 +892,7 @@ diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c #define M_SHA "SHA1", ssl_mac_sha, 160 #define M_MD5 "MD5", ssl_mac_md5, 128 #define M_NULL "NULL", ssl_mac_null, 0 -@@ -135,6 +136,7 @@ static const SSLCipherSuiteInfo suiteInf - {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, - {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, -+{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, - {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, -@@ -145,7 +147,9 @@ static const SSLCipherSuiteInfo suiteInf - {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, - {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, -+{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, - {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, -+{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, - {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, - {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, -@@ -201,8 +205,21 @@ static const SSLCipherSuiteInfo suiteInf +@@ -242,8 +243,21 @@ static const SSLCipherSuiteInfo suiteInf {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, @@ -2273,31 +909,15 @@ diff -up ./lib/ssl/sslinfo.c.dhe_and_sha384 ./lib/ssl/sslinfo.c +{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, -+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_SHA384, 1, 0, 0, }, ++{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, }, + /* SSL 2 table */ {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CK(SSL_CK_RC2_128_CBC_WITH_MD5), S_RSA, K_RSA, C_RC2, B_128, M_MD5, 0, 0, 0, }, diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h ---- ./lib/ssl/sslproto.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/sslproto.h 2015-06-24 23:06:00.457872472 +0200 -@@ -177,6 +177,7 @@ - #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C - #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D - -+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 - #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 - #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 - #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 -@@ -191,6 +192,7 @@ - #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 - #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 - #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 -+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A - #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B - - #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 -@@ -203,8 +205,11 @@ +--- ./lib/ssl/sslproto.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/sslproto.h 2016-02-14 07:51:49.916312535 -0800 +@@ -205,8 +205,11 @@ #define TLS_RSA_WITH_SEED_CBC_SHA 0x0096 #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C @@ -2309,7 +929,7 @@ diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending -@@ -251,11 +256,15 @@ +@@ -253,11 +256,15 @@ #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 @@ -2326,20 +946,12 @@ diff -up ./lib/ssl/sslproto.h.dhe_and_sha384 ./lib/ssl/sslproto.h /* Netscape "experimental" cipher suites. */ diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c ---- ./lib/ssl/sslsecur.c.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/sslsecur.c 2015-06-24 23:06:00.457872472 +0200 -@@ -693,6 +693,7 @@ NSS_FindCertKEAType(CERTCertificate * ce - case SEC_OID_PKCS1_RSA_ENCRYPTION: - keaType = kt_rsa; - break; -+ case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */ - case SEC_OID_X942_DIFFIE_HELMAN_KEY: - keaType = kt_dh; - break; -@@ -789,6 +790,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE +--- ./lib/ssl/sslsecur.c.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/sslsecur.c 2016-02-14 07:51:49.916312535 -0800 +@@ -808,6 +808,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CE goto loser; } - } + } + if (kea == ssl_kea_dh || kea == ssl_kea_rsa) { + if (ssl3_SelectDHParams(ss) != SECSuccess) { + goto loser; @@ -2348,330 +960,10 @@ diff -up ./lib/ssl/sslsecur.c.dhe_and_sha384 ./lib/ssl/sslsecur.c return SECSuccess; loser: -diff -up ./lib/ssl/sslsock.c.dhe_and_sha384 ./lib/ssl/sslsock.c ---- ./lib/ssl/sslsock.c.dhe_and_sha384 2015-06-24 23:06:00.446872679 +0200 -+++ ./lib/ssl/sslsock.c 2015-06-24 23:06:00.458872453 +0200 -@@ -18,6 +18,7 @@ - #include "blapi.h" - #endif - #include "nss.h" -+#include "pk11pqg.h" - - #define SET_ERROR_CODE /* reminder */ - -@@ -82,7 +83,8 @@ static sslOptions ssl_defaults = { - PR_TRUE, /* enableNPN */ - PR_FALSE, /* enableALPN */ - PR_TRUE, /* reuseServerECDHEKey */ -- PR_FALSE /* enableFallbackSCSV */ -+ PR_FALSE, /* enableFallbackSCSV */ -+ PR_FALSE, /* enableServerDhe */ - }; - - /* -@@ -225,6 +227,20 @@ ssl_DupSocket(sslSocket *os) - sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); - ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; - -+ ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled; -+ ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups; -+ if (os->ssl3.dheGroups) { -+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, -+ os->ssl3.numDHEGroups); -+ if (!ss->ssl3.dheGroups) { -+ goto loser; -+ } -+ PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups, -+ sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups); -+ } else { -+ ss->ssl3.dheGroups = NULL; -+ } -+ - if (os->cipherSpecs) { - ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); - if (ss->cipherSpecs) -@@ -267,6 +283,10 @@ ssl_DupSocket(sslSocket *os) - ssl3_GetKeyPairRef(os->stepDownKeyPair); - ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : - ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); -+ ss->dheKeyPair = !os->dheKeyPair ? NULL : -+ ssl3_GetKeyPairRef(os->dheKeyPair); -+ ss->dheParams = os->dheParams; -+ - /* - * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. - * XXX We should detect this, and not just march on with NULL pointers. -@@ -384,6 +404,10 @@ ssl_DestroySocketContents(sslSocket *ss) - ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); - ss->ephemeralECDHKeyPair = NULL; - } -+ if (ss->dheKeyPair) { -+ ssl3_FreeKeyPair(ss->dheKeyPair); -+ ss->dheKeyPair = NULL; -+ } - SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); - PORT_Assert(!ss->xtnData.sniNameArr); - if (ss->xtnData.sniNameArr) { -@@ -815,6 +839,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - ss->opt.enableFallbackSCSV = on; - break; - -+ case SSL_ENABLE_SERVER_DHE: -+ ss->opt.enableServerDhe = on; -+ break; -+ - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; -@@ -890,6 +918,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh - case SSL_REUSE_SERVER_ECDHE_KEY: - on = ss->opt.reuseServerECDHEKey; break; - case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; -+ case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; - - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -959,6 +988,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo - case SSL_ENABLE_FALLBACK_SCSV: - on = ssl_defaults.enableFallbackSCSV; - break; -+ case SSL_ENABLE_SERVER_DHE: -+ on = ssl_defaults.enableServerDhe; -+ break; - - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -1142,6 +1174,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo - ssl_defaults.enableFallbackSCSV = on; - break; - -+ case SSL_ENABLE_SERVER_DHE: -+ ssl_defaults.enableServerDhe = on; -+ break; -+ - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -@@ -1365,7 +1401,204 @@ NSS_SetFrancePolicy(void) - return NSS_SetDomesticPolicy(); - } - -+SECStatus -+SSL_DHEGroupPrefSet(PRFileDesc *fd, -+ SSLDHEGroupType *groups, -+ PRUint16 num_groups) -+{ -+ sslSocket *ss; -+ -+ if ((num_groups && !groups) || (!num_groups && groups)) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ -+ ss = ssl_FindSocket(fd); -+ if (!ss) { -+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); -+ return SECFailure; -+ } -+ -+ if (ss->ssl3.dheGroups) { -+ PORT_Free(ss->ssl3.dheGroups); -+ ss->ssl3.dheGroups = NULL; -+ ss->ssl3.numDHEGroups = 0; -+ } -+ -+ if (groups) { -+ ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups); -+ if (!ss->ssl3.dheGroups) { -+ PORT_SetError(SEC_ERROR_NO_MEMORY); -+ return SECFailure; -+ } -+ PORT_Memcpy(ss->ssl3.dheGroups, groups, -+ sizeof(SSLDHEGroupType) * num_groups); -+ } -+ return SECSuccess; -+} -+ -+ -+PRCallOnceType gWeakDHParamsRegisterOnce; -+int gWeakDHParamsRegisterError; -+ -+PRCallOnceType gWeakDHParamsOnce; -+int gWeakDHParamsError; -+/* As our code allocates type PQGParams, we'll keep it around, -+ * even though we only make use of it's parameters through gWeakDHParam. */ -+static PQGParams *gWeakParamsPQG; -+static ssl3DHParams *gWeakDHParams; -+ -+static PRStatus -+ssl3_CreateWeakDHParams() -+{ -+ PQGVerify *vfy; -+ SECStatus rv, passed; -+ -+ PORT_Assert(!gWeakDHParams && !gWeakParamsPQG); -+ -+ rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/, -+ &gWeakParamsPQG, &vfy); -+ if (rv != SECSuccess) { -+ gWeakDHParamsError = PORT_GetError(); -+ return PR_FAILURE; -+ } -+ -+ rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed); -+ if (rv != SECSuccess || passed != SECSuccess) { -+ SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams", -+ SSL_GETPID())); -+ gWeakDHParamsError = PORT_GetError(); -+ return PR_FAILURE; -+ } -+ -+ gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams); -+ if (!gWeakDHParams) { -+ gWeakDHParamsError = PORT_GetError(); -+ return PR_FAILURE; -+ } -+ -+ gWeakDHParams->prime.data = gWeakParamsPQG->prime.data; -+ gWeakDHParams->prime.len = gWeakParamsPQG->prime.len; -+ gWeakDHParams->base.data = gWeakParamsPQG->base.data; -+ gWeakDHParams->base.len = gWeakParamsPQG->base.len; -+ -+ PK11_PQG_DestroyVerify(vfy); -+ return PR_SUCCESS; -+} -+ -+static SECStatus -+ssl3_WeakDHParamsShutdown(void *appData, void *nssData) -+{ -+ if (gWeakParamsPQG) { -+ PK11_PQG_DestroyParams(gWeakParamsPQG); -+ gWeakParamsPQG = NULL; -+ gWeakDHParams = NULL; -+ } -+ return SECSuccess; -+} -+ -+static PRStatus -+ssl3_WeakDHParamsRegisterShutdown(void) -+{ -+ SECStatus rv; -+ rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL); -+ if (rv != SECSuccess) { -+ gWeakDHParamsRegisterError = PORT_GetError(); -+ } -+ return (PRStatus)rv; -+} -+ -+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */ -+SECStatus -+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled) -+{ -+ sslSocket *ss; -+ PRStatus status; -+ -+ if (enabled) { -+ status = PR_CallOnce(&gWeakDHParamsRegisterOnce, -+ ssl3_WeakDHParamsRegisterShutdown); -+ if (status != PR_SUCCESS) { -+ PORT_SetError(gWeakDHParamsRegisterError); -+ return SECFailure; -+ } -+ -+ status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams); -+ if (status != PR_SUCCESS) { -+ PORT_SetError(gWeakDHParamsError); -+ return SECFailure; -+ } -+ } -+ -+ if (!fd) -+ return SECSuccess; -+ -+ ss = ssl_FindSocket(fd); -+ if (!ss) { -+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); -+ return SECFailure; -+ } -+ -+ ss->ssl3.dheWeakGroupEnabled = enabled; -+ return SECSuccess; -+} -+ -+#include "dhe-param.c" -+ -+static const SSLDHEGroupType ssl_default_dhe_groups[] = { -+ ssl_ff_dhe_2048_group -+}; -+ -+/* Keep this array synchronized with the index definitions in SSLDHEGroupType */ -+static const ssl3DHParams *all_ssl3DHParams[] = { -+ NULL, /* ssl_dhe_group_none */ -+ &ff_dhe_2048, -+ &ff_dhe_3072, -+ &ff_dhe_4096, -+ &ff_dhe_6144, -+ &ff_dhe_8192, -+}; -+ -+static SSLDHEGroupType -+selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups) -+{ -+ if (!groups || !num_groups) -+ return ssl_dhe_group_none; -+ -+ /* We don't have automatic group parameter selection yet -+ * (potentially) based on socket parameters, e.g. key sizes. -+ * For now, we return the first available group from the allowed list. */ -+ return groups[0]; -+} -+ -+/* Ensure DH parameters have been selected */ -+SECStatus -+ssl3_SelectDHParams(sslSocket *ss) -+{ -+ SSLDHEGroupType selectedGroup = ssl_dhe_group_none; -+ -+ if (ss->ssl3.dheWeakGroupEnabled) { -+ ss->dheParams = gWeakDHParams; -+ } else { -+ if (ss->ssl3.dheGroups) { -+ selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups, -+ ss->ssl3.numDHEGroups); -+ } else { -+ size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups); -+ selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups, -+ number_of_default_groups); -+ } -+ -+ if (selectedGroup == ssl_dhe_group_none || -+ selectedGroup >= ssl_dhe_group_max) { -+ return SECFailure; -+ } -+ -+ ss->dheParams = all_ssl3DHParams[selectedGroup]; -+ } - -+ return SECSuccess; -+} - - /* LOCKS ??? XXX */ - static PRFileDesc * -@@ -2992,6 +3225,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto - ss->certStatusArray[i] = NULL; - } - ss->stepDownKeyPair = NULL; -+ -+ ss->dheParams = NULL; -+ ss->dheKeyPair = NULL; -+ - ss->dbHandle = CERT_GetDefaultCertDB(); - - /* Provide default implementation of hooks */ diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h ---- ./lib/ssl/sslt.h.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./lib/ssl/sslt.h 2015-06-24 23:06:00.458872453 +0200 -@@ -91,7 +91,8 @@ typedef enum { +--- ./lib/ssl/sslt.h.dhe_and_sha384 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/ssl/sslt.h 2016-02-14 07:51:49.916312535 -0800 +@@ -114,7 +114,8 @@ typedef enum { ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ ssl_hmac_sha256 = 5, @@ -2681,535 +973,3 @@ diff -up ./lib/ssl/sslt.h.dhe_and_sha384 ./lib/ssl/sslt.h } SSLMACAlgorithm; typedef enum { -@@ -197,4 +198,14 @@ typedef enum { - - #define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ - -+typedef enum { -+ ssl_dhe_group_none = 0, -+ ssl_ff_dhe_2048_group = 1, -+ ssl_ff_dhe_3072_group = 2, -+ ssl_ff_dhe_4096_group = 3, -+ ssl_ff_dhe_6144_group = 4, -+ ssl_ff_dhe_8192_group = 5, -+ ssl_dhe_group_max -+} SSLDHEGroupType; -+ - #endif /* __sslt_h_ */ -diff -up ./tests/cert/cert.sh.dhe_and_sha384 ./tests/cert/cert.sh ---- ./tests/cert/cert.sh.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./tests/cert/cert.sh 2015-06-24 23:06:00.458872453 +0200 -@@ -292,6 +292,14 @@ cert_create_cert() - return $RET - fi - -+ CU_ACTION="Import DSA Root CA for $CERTNAME" -+ certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \ -+ -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ -+ - if [ -z "$NSS_DISABLE_ECC" ] ; then - CU_ACTION="Import EC Root CA for $CERTNAME" - certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ -@@ -338,6 +346,60 @@ cert_add_cert() - cert_log "SUCCESS: $CERTNAME's Cert Created" - - # -+# Generate and add DSA cert -+# -+ CU_ACTION="Generate DSA Cert Request for $CERTNAME" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ -+ CU_ACTION="Sign ${CERTNAME}'s DSA Request" -+ certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \ -+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ -+ CU_ACTION="Import $CERTNAME's DSA Cert" -+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ cert_log "SUCCESS: $CERTNAME's DSA Cert Created" -+ -+# Generate DSA certificate signed with RSA -+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ -+ CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA" -+# Avoid conflicting serial numbers with TestCA issuer by keeping -+# this set far away. A smaller number risks colliding with the -+# extended ssl user certificates. -+ NEWSERIAL=`expr ${CERTSERIAL} + 20000` -+ certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \ -+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ -+ CU_ACTION="Import $CERTNAME's mixed DSA Cert" -+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 -+ if [ "$RET" -ne 0 ]; then -+ return $RET -+ fi -+ cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created" -+ -+# - # Generate and add EC cert - # - if [ -z "$NSS_DISABLE_ECC" ] ; then -@@ -430,6 +492,34 @@ cert_all_CA() - # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last - # in the chain - -+ -+# -+# Create DSA version of TestCA -+ ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1" -+# -+# Create DSA versions of the intermediate CA certs -+ ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" -+ ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3" -+ ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4" -+ -+ ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" -+ ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6" -+ ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -+ cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7" -+ -+ rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert -+# dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last -+# in the chain -+ -+ -+ -+ - if [ -z "$NSS_DISABLE_ECC" ] ; then - # - # Create EC version of TestCA -@@ -540,6 +630,76 @@ CERTSCRIPT - cp root.cert ${NICKNAME}.ca.cert - } - -+ -+ -+ -+ -+################################ cert_dsa_CA ############################# -+# local shell function to build the Temp. Certificate Authority (CA) -+# used for testing purposes, creating a CA Certificate and a root cert -+# This is the ECC version of cert_CA. -+########################################################################## -+cert_dsa_CA() -+{ -+ CUR_CADIR=$1 -+ NICKNAME=$2 -+ SIGNER=$3 -+ TRUSTARG=$4 -+ DOMAIN=$5 -+ CERTSERIAL=$6 -+ -+ echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME ==========================" -+ -+ if [ ! -d "${CUR_CADIR}" ]; then -+ mkdir -p "${CUR_CADIR}" -+ fi -+ cd ${CUR_CADIR} -+ pwd -+ -+ LPROFILE=. -+ if [ -n "${MULTIACCESS_DBM}" ]; then -+ LPROFILE="multiaccess:${DOMAIN}" -+ fi -+ -+ ################# Creating an DSA CA Cert ############################### -+ # -+ CU_ACTION="Creating DSA CA Cert $NICKNAME " -+ CU_SUBJECT=$ALL_CU_SUBJECT -+ certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \ -+ -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \ -+ -m $CERTSERIAL 2>&1 <&1 - -+# -+# Repeat the above for DSA certs -+# -+ CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ -+ CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" -+ cp ${CERTDIR}/req ${SERVER_CADIR} -+ certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \ -+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 -+ -+ CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" -+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 -+ -+ CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)" -+ certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -+ -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1 -+# -+# done with DSA certs -+# -+# Repeat again for mixed DSA certs -+# -+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ -+ CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" -+ cp ${CERTDIR}/req ${SERVER_CADIR} -+ certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \ -+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 -+ -+ CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" -+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 -+ -+# CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)" -+# certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \ -+# -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \ -+# 2>&1 -+ - if [ -z "$NSS_DISABLE_ECC" ] ; then - # - # Repeat the above for EC certs -@@ -794,7 +998,7 @@ cert_extended_ssl() - for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ; - do - N=`basename $CA | sed -e "s/.ca.cert//"` -- if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then -+ if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then - T="-t C,C,C" - else - T="-t u,u,u" -@@ -830,6 +1034,53 @@ cert_extended_ssl() - certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ - -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 - -+# -+# Repeat the above for DSA certs -+# -+ CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ -+ CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" -+ cp ${CERTDIR}/req ${CLIENT_CADIR} -+ certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \ -+ -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 -+ -+ CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" -+ certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 -+ -+ CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" -+ certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ -+ -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 -+# -+# done with DSA certs -+# -+# -+# Repeat the above for mixed DSA certs -+# -+ CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" -+ CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -+ certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -+ -z "${R_NOISE_FILE}" -o req 2>&1 -+ -+ CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" -+ cp ${CERTDIR}/req ${CLIENT_CADIR} -+ certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \ -+ -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 -+ -+ CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" -+ certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ -+ -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 -+ -+# CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" -+# certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ -+# -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 -+# -+# done with mixed DSA certs -+# -+ - if [ -z "$NSS_DISABLE_ECC" ] ; then - # - # Repeat the above for EC certs -@@ -883,7 +1134,7 @@ cert_extended_ssl() - for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ; - do - N=`basename $CA | sed -e "s/.ca.cert//"` -- if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then -+ if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then - T="-t T,C,C" - else - T="-t u,u,u" -@@ -920,6 +1171,10 @@ cert_ssl() - cert_add_cert - CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" - certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" -+ -+ CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC" -+ certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" -+ - if [ -z "$NSS_DISABLE_ECC" ] ; then - CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" - certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" -@@ -1467,6 +1722,24 @@ EOF_CRLINI - CRL_GEN_RES=`expr $? + $CRL_GEN_RES` - chmod 600 ${CRL_FILE_GRP_1}_or - -+ -+ CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority" -+ -+# Until Bug 292285 is resolved, do not encode x400 Addresses. After -+# the bug is resolved, reintroduce "x400Address:x400Address" within -+# addext issuerAltNames ... -+ crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \ -+ -o ${CRL_FILE_GRP_1}_or-dsa < ${SERVEROUTFILE} 2>&1 & - RET=$? - else - ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ -- ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose & -+ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 & - RET=$? - fi - -diff -up ./tests/ssl/sslstress.txt.dhe_and_sha384 ./tests/ssl/sslstress.txt ---- ./tests/ssl/sslstress.txt.dhe_and_sha384 2015-05-28 19:50:45.000000000 +0200 -+++ ./tests/ssl/sslstress.txt 2015-06-24 23:06:00.459872435 +0200 -@@ -44,6 +44,7 @@ - ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256 - ECC 0 -c_:C02F -V_ssl3:_-c_1000_-C_:C02F Stress TLS ECDHE-RSA AES 128 GCM - ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket) -+ ECC 0 -c_:C009_-u -V_ssl3:_-c_100_-C_:C009_-u Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (session ticket) - # - # add client auth versions here... - # -@@ -53,3 +54,33 @@ - ECC 0 -r_-r_-c_:C00E -V_ssl3:_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth) - ECC 0 -r_-r_-c_:C013 -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth) - ECC 0 -r_-r_-c_:C013_-u -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth) -+ -+# -+# ############################ DHE ciphers ############################ -+# -+ noECC 0 -c_:0016 -V_ssl3:_-c_100_-C_:0016_-N Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse) -+ noECC 0 -c_:0033 -V_ssl3:_-c_1000_-C_:0033 Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA -+ -+ -+ noECC 0 -c_:0039 -V_ssl3:_-c_100_-C_:0039_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse) -+ noECC 0 -c_:0040 -V_ssl3:_-c_100_-C_:0040_-N Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse) -+ -+# noECC 0 -c_:0038_-u -V_ssl3:_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket) -+# use the above session ticket test, once session tickets with DHE_DSS are working -+ noECC 0 -c_:0038 -V_ssl3:_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse) -+ -+# noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 -+# use the above reuse test, once the session cache with DHE_DSS is working -+ noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse -+ -+ noECC 0 -c_:006B -V_ssl3:_-c_100_-C_:006B_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse) -+ noECC 0 -c_:009E -V_ssl3:_-c_100_-C_:009E_-N Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse) -+# -+# add client auth versions here... -+# -+ noECC 0 -r_-r_-c_:0032 -V_ssl3:_-c_100_-C_:0032_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth) -+ noECC 0 -r_-r_-c_:0067 -V_ssl3:_-c_1000_-C_:0067_-n_TestUser-dsamixed Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth) -+ -+# noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth) -+# use the above session ticket test, once session tickets with DHE_DSS are working -+ noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth) diff --git a/SOURCES/disable-extended-master-secret-with-old-softoken.patch b/SOURCES/disable-extended-master-secret-with-old-softoken.patch new file mode 100644 index 0000000..b385819 --- /dev/null +++ b/SOURCES/disable-extended-master-secret-with-old-softoken.patch @@ -0,0 +1,33 @@ +diff -up ./lib/ssl/sslsock.c.disable-ems ./lib/ssl/sslsock.c +--- ./lib/ssl/sslsock.c.disable-ems 2016-02-04 16:49:04.148123592 -0800 ++++ ./lib/ssl/sslsock.c 2016-02-04 16:50:15.483801476 -0800 +@@ -85,6 +85,7 @@ static sslOptions ssl_defaults = { + PR_TRUE, /* reuseServerECDHEKey */ + PR_FALSE, /* enableFallbackSCSV */ + PR_TRUE, /* enableServerDhe */ ++/* Keep extended-master-secret disabled until we have a compatible softokn. */ + PR_FALSE /* enableExtendedMS */ + }; + +@@ -848,7 +849,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh + break; + + case SSL_ENABLE_EXTENDED_MASTER_SECRET: ++#if 0 ++/* No-Op until we have a compatible softokn. */ + ss->opt.enableExtendedMS = on; ++#endif + break; + + default: +@@ -1192,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo + break; + + case SSL_ENABLE_EXTENDED_MASTER_SECRET: ++#if 0 ++/* No-Op until we have a compatible softokn. */ + ssl_defaults.enableExtendedMS = on; ++#endif + break; + + default: diff --git a/SOURCES/enable-ecdsa-ciphers-by-default.patch b/SOURCES/enable-ecdsa-ciphers-by-default.patch deleted file mode 100644 index bb1a948..0000000 --- a/SOURCES/enable-ecdsa-ciphers-by-default.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -up ./nss/lib/ssl/ssl3con.c.enable_ecdsa ./nss/lib/ssl/ssl3con.c ---- ./nss/lib/ssl/ssl3con.c.enable_ecdsa 2015-08-18 07:34:41.627936333 -0700 -+++ ./nss/lib/ssl/ssl3con.c 2015-08-18 07:37:19.781532228 -0700 -@@ -97,7 +97,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - */ - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around - * bug 946147. -@@ -105,12 +105,12 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - #endif /* NSS_DISABLE_ECC */ - -@@ -135,13 +135,13 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - - #ifndef NSS_DISABLE_ECC -- { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - #endif /* NSS_DISABLE_ECC */ - diff --git a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch index 3870cfc..0ee13bb 100644 --- a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch +++ b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch @@ -1,7 +1,12 @@ -diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c ---- nss/lib/pk11wrap/pk11pars.c.fips 2013-05-28 14:43:24.000000000 -0700 -+++ nss/lib/pk11wrap/pk11pars.c 2013-07-10 18:54:16.733465910 -0700 -@@ -150,6 +150,10 @@ SECMOD_CreateModule(const char *library, +diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c +--- a/lib/pk11wrap/pk11pars.c ++++ b/lib/pk11wrap/pk11pars.c +@@ -159,16 +159,20 @@ SECMOD_CreateModuleEx(const char *librar + if (parameters) { + mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); + } + if (config) { + /* XXX: Apply configuration */ } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); @@ -12,10 +17,20 @@ diff -up nss/lib/pk11wrap/pk11pars.c.fips nss/lib/pk11wrap/pk11pars.c mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc); mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams, -diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c ---- nss/lib/pk11wrap/pk11util.c.fips 2013-05-28 14:43:24.000000000 -0700 -+++ nss/lib/pk11wrap/pk11util.c 2013-07-10 18:54:16.734465927 -0700 -@@ -95,6 +95,25 @@ SECMOD_Shutdown() + &mod->slotInfoCount); + if (slotParams) PORT_Free(slotParams); + /* new field */ + mod->trustOrder = NSSUTIL_ArgReadLong("trustOrder",nssc, + NSSUTIL_DEFAULT_TRUST_ORDER,NULL); +diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c +--- a/lib/pk11wrap/pk11util.c ++++ b/lib/pk11wrap/pk11util.c +@@ -90,16 +90,35 @@ SECMOD_Shutdown() + #endif + if (secmod_PrivateModuleCount) { + PORT_SetError(SEC_ERROR_BUSY); + return SECFailure; + } return SECSuccess; } @@ -41,7 +56,17 @@ diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c /* * retrieve the internal module -@@ -417,7 +436,7 @@ SECMOD_DeleteInternalModule(const char * + */ + SECMODModule * + SECMOD_GetInternalModule(void) + { + return internalModule; +@@ -412,17 +431,17 @@ SECMOD_DeleteModule(const char *name, in + */ + SECStatus + SECMOD_DeleteInternalModule(const char *name) + { + SECMODModuleList *mlp; SECMODModuleList **mlpp; SECStatus rv = SECFailure; @@ -50,19 +75,39 @@ diff -up nss/lib/pk11wrap/pk11util.c.fips nss/lib/pk11wrap/pk11util.c PORT_SetError(SEC_ERROR_MODULE_STUCK); return rv; } -@@ -888,7 +907,7 @@ SECMOD_DestroyModuleList(SECMODModuleLis + if (!moduleLock) { + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return rv; + } + +@@ -883,17 +902,17 @@ SECMOD_DestroyModuleList(SECMODModuleLis + SECMODModuleList *lp; + + for ( lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp)) ; + } + PRBool SECMOD_CanDeleteInternalModule(void) { - return (PRBool) (pendingModule == NULL); -+ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled()); ++ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled()); } /* -diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h ---- nss/lib/pk11wrap/secmodi.h.fips 2013-07-10 18:55:06.358298154 -0700 -+++ nss/lib/pk11wrap/secmodi.h 2013-07-10 18:56:52.050069372 -0700 -@@ -116,7 +116,12 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd + * check to see if the module has added new slots. PKCS 11 v2.20 allows for + * modules to add new slots, but never remove them. Slots cannot be added + * between a call to C_GetSlotLlist(Flag, NULL, &count) and the subsequent + * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently + * grow on the caller. It is permissible for the slots to increase between +diff --git a/lib/pk11wrap/secmodi.h b/lib/pk11wrap/secmodi.h +--- a/lib/pk11wrap/secmodi.h ++++ b/lib/pk11wrap/secmodi.h +@@ -108,17 +108,22 @@ SECStatus PBE_PK11ParamToAlgid(SECOidTag + PK11SymKey *pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, + CK_MECHANISM_TYPE type, SECItem *param, CK_KEY_TYPE keyType, + int keySize, SECItem *keyId, CK_FLAGS opFlags, + PK11AttrFlags attrFlags, void *wincx); + CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid, SECItem **param, SECItem *pwd, PRBool faulty3DES); @@ -76,3 +121,8 @@ diff -up nss/lib/pk11wrap/secmodi.h.fips nss/lib/pk11wrap/secmodi.h extern void pk11sdr_Init(void); extern void pk11sdr_Shutdown(void); + + /* + * Private to pk11wrap. + */ + diff --git a/SOURCES/fix-allowed-sig-alg.patch b/SOURCES/fix-allowed-sig-alg.patch new file mode 100644 index 0000000..ca908b6 --- /dev/null +++ b/SOURCES/fix-allowed-sig-alg.patch @@ -0,0 +1,90 @@ +--- nss/lib/ssl/ssl3con.prekai 2016-03-23 08:29:25.000000000 -0400 ++++ nss/lib/ssl/ssl3con.c 2016-03-29 15:00:44.457697131 -0400 +@@ -204,6 +204,7 @@ + {ssl_hash_sha512, ssl_sign_ecdsa}, + {ssl_hash_sha1, ssl_sign_ecdsa}, + #endif ++ {ssl_hash_sha384, ssl_sign_dsa}, + {ssl_hash_sha256, ssl_sign_dsa}, + {ssl_hash_sha1, ssl_sign_dsa} + }; +@@ -270,27 +271,6 @@ + ct_DSS_sign, + }; + +-/* This block is the contents of the supported_signature_algorithms field of +- * our TLS 1.2 CertificateRequest message, in wire format. See +- * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 +- * +- * We only support TLS 1.2 +- * CertificateVerify messages that use the handshake PRF hash. */ +-static const PRUint8 supported_signature_algorithms_sha256[] = { +- tls_hash_sha256, tls_sig_rsa, +-#ifndef NSS_DISABLE_ECC +- tls_hash_sha256, tls_sig_ecdsa, +-#endif +- tls_hash_sha256, tls_sig_dsa, +-}; +-static const PRUint8 supported_signature_algorithms_sha384[] = { +- tls_hash_sha384, tls_sig_rsa, +-#ifndef NSS_DISABLE_ECC +- tls_hash_sha384, tls_sig_ecdsa, +-#endif +- tls_hash_sha384, tls_sig_dsa, +-}; +- + #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ + + +@@ -9561,7 +9541,8 @@ + } + + static SECStatus +-ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, ++ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 allowedHashAlg, ++ PRUint8 *buf, + unsigned maxLen, PRUint32 *len) + { + unsigned int i; +@@ -9578,7 +9559,7 @@ + /* Note that we don't support a handshake hash with anything other than + * SHA-256, so asking for a signature from clients for something else + * would be inviting disaster. */ +- if (alg->hashAlg == ssl_hash_sha256 || alg->hashAlg == ssl_hash_sha384) { ++ if (alg->hashAlg == allowedHashAlg) { + buf[(*len)++] = (PRUint8)alg->hashAlg; + buf[(*len)++] = (PRUint8)alg->sigAlg; + } +@@ -9608,6 +9589,7 @@ + PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; + unsigned int sigAlgsLength = 0; + SECOidData *hashOid; ++ PRUint8 allowedHashAlg; + + SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", + SSL_GETPID(), ss->fd)); +@@ -9639,19 +9621,19 @@ + if (hashOid == NULL) { + return SECFailure; /* err set by AppendHandshake. */ + } ++ + if (hashOid->offset == SEC_OID_SHA256) { +- sigAlgsLength = sizeof supported_signature_algorithms_sha256; +- PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha256, sigAlgsLength); ++ allowedHashAlg = ssl_hash_sha256; + } else if (hashOid->offset == SEC_OID_SHA384) { +- sigAlgsLength = sizeof supported_signature_algorithms_sha384; +- PORT_Memcpy(sigAlgs, supported_signature_algorithms_sha384, sigAlgsLength); ++ allowedHashAlg = ssl_hash_sha384; + } else { + return SECFailure; /* err set by AppendHandshake. */ + } + + length = 1 + certTypesLength + 2 + calen; + if (isTLS12) { +- rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), ++ rv = ssl3_EncodeCertificateRequestSigAlgs(ss, allowedHashAlg, ++ sigAlgs, sizeof(sigAlgs), + &sigAlgsLength); + if (rv != SECSuccess) { + return rv; diff --git a/SOURCES/fix-disable-sslv2-libssl.patch b/SOURCES/fix-disable-sslv2-libssl.patch deleted file mode 100644 index 92715db..0000000 --- a/SOURCES/fix-disable-sslv2-libssl.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up ./nss/lib/ssl/sslsock.c.handle_null ./nss/lib/ssl/sslsock.c ---- ./nss/lib/ssl/sslsock.c.handle_null 2015-08-07 11:14:17.664389222 -0700 -+++ ./nss/lib/ssl/sslsock.c 2015-08-07 11:15:33.690950335 -0700 -@@ -1193,8 +1193,17 @@ ssl_IsRemovedCipherSuite(PRInt32 suite) - /* both ssl2 and export cipher suites disabled */ - if (SSL_IS_SSL2_CIPHER(suite)) - return PR_TRUE; -- if (SSL_IsExportCipherSuite(suite)) -- return PR_TRUE; -+ if (SSL_IsExportCipherSuite(suite)) { -+ SSLCipherSuiteInfo csdef; -+ if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess) { -+ /* failure to retrieve info, disable */ -+ return PR_TRUE; -+ } -+ if (csdef.symCipher != ssl_calg_null) { -+ /* disable all except NULL ciphersuites */ -+ return PR_TRUE; -+ } -+ } - #endif /* NSS_NO_SSL2_NO_EXPORT */ - switch (suite) { - case SSL_FORTEZZA_DMS_WITH_NULL_SHA: diff --git a/SOURCES/fix-disable-sslv2-tests.patch b/SOURCES/fix-disable-sslv2-tests.patch deleted file mode 100644 index cc1689c..0000000 --- a/SOURCES/fix-disable-sslv2-tests.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -up ./nss/tests/ssl/ssl.sh.fix_skipping ./nss/tests/ssl/ssl.sh ---- ./nss/tests/ssl/ssl.sh.fix_skipping 2015-08-09 08:19:47.771702882 -0700 -+++ ./nss/tests/ssl/ssl.sh 2015-08-09 08:21:35.749328230 -0700 -@@ -125,7 +125,7 @@ is_selfserv_alive() - fi - - echo "kill -0 ${PID} >/dev/null 2>/dev/null" -- if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then -+ if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then - echo "No server to kill" - else - kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" -@@ -152,7 +152,7 @@ wait_for_selfserv() - ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ - -d ${P_R_CLIENTDIR} -v < ${REQUEST_FILE} - if [ $? -ne 0 ]; then -- if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then -+ if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 -o ${SSL2} -eq 0 ]; then - html_passed "Server never started" - else - html_failed "Waiting for Server" -@@ -294,7 +294,10 @@ ssl_cov() - SSL2=$? - - # skip export and ssl2 tests when build has disabled SSL2 -- [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ] && continue -+ if [ "${NSS_NO_SSL2}" = "1" ] && [ ${EXP} -eq 0 || ${SSL2} -eq 0 ]; then -+ echo "yyy exp/ssl2 test skipped: (NSS_NO_SSL2,EXP,SSL2)=(${NSS_NO_SSL2},${EXP},${SSL2})" -+ continue -+ fi - - if [ "${SSL2}" -eq 0 ] ; then - # We cannot use asynchronous cert verification with SSL2 diff --git a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch b/SOURCES/fix-min-library-version-in-SSLVersionRange.patch index 49026a2..00facbf 100644 --- a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch +++ b/SOURCES/fix-min-library-version-in-SSLVersionRange.patch @@ -1,7 +1,7 @@ -diff -up ./nss/lib/ssl/sslsock.c.1171318 ./nss/lib/ssl/sslsock.c ---- ./nss/lib/ssl/sslsock.c.1171318 2015-08-26 13:21:57.225290386 -0700 -+++ ./nss/lib/ssl/sslsock.c 2015-08-26 13:23:28.037507487 -0700 -@@ -91,7 +91,7 @@ static sslOptions ssl_defaults = { +diff -up ./lib/ssl/sslsock.c.1171318 ./lib/ssl/sslsock.c +--- ./lib/ssl/sslsock.c.1171318 2016-02-04 10:57:08.489310227 -0800 ++++ ./lib/ssl/sslsock.c 2016-02-04 11:02:59.290818001 -0800 +@@ -92,7 +92,7 @@ static sslOptions ssl_defaults = { * default range of enabled SSL/TLS protocols */ static SSLVersionRange versions_defaults_stream = { diff --git a/SOURCES/fix-nss-test-filtering.patch b/SOURCES/fix-nss-test-filtering.patch new file mode 100644 index 0000000..43714d5 --- /dev/null +++ b/SOURCES/fix-nss-test-filtering.patch @@ -0,0 +1,23 @@ +diff --git a/tests/all.sh b/tests/all.sh +--- a/tests/all.sh ++++ b/tests/all.sh +@@ -106,17 +106,18 @@ + ############################## run_tests ############################### + # run test suites defined in TESTS variable, skip scripts defined in + # TESTS_SKIP variable + ######################################################################## + run_tests() + { + for TEST in ${TESTS} + do +- echo "${TESTS_SKIP}" | grep "${TEST}" > /dev/null ++ echo "Checking if ${TEST} should be skipped based on skip list [${TESTS_SKIP}]" ++ echo "${TESTS_SKIP}" | grep -w "${TEST}" > /dev/null + if [ $? -eq 0 ]; then + continue + fi + + SCRIPTNAME=${TEST}.sh + echo "Running tests for ${TEST}" + echo "TIMESTAMP ${TEST} BEGIN: `date`" + (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1) diff --git a/SOURCES/iquote.patch b/SOURCES/iquote.patch index 02f9de8..c032c77 100644 --- a/SOURCES/iquote.patch +++ b/SOURCES/iquote.patch @@ -1,29 +1,19 @@ -diff -up ./nss/cmd/bltest/Makefile.iquote ./nss/cmd/bltest/Makefile ---- ./nss/cmd/bltest/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/cmd/bltest/Makefile 2014-01-18 11:31:32.277404478 -0800 -@@ -45,6 +45,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk - # (6) Execute "component" rules. (OPTIONAL) # - ####################################################################### - -+INCLUDES += -iquote $(DIST)/../private/nss - - - ####################################################################### diff -up ./nss/cmd/certutil/Makefile.iquote ./nss/cmd/certutil/Makefile ---- ./nss/cmd/certutil/Makefile.iquote 2015-03-25 15:52:30.276938803 -0700 -+++ ./nss/cmd/certutil/Makefile 2015-03-25 15:53:53.044536721 -0700 -@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk +--- ./nss/cmd/certutil/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/certutil/Makefile 2016-02-06 08:03:25.509936899 -0800 +@@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### -+INCLUDES += -iquote $(DIST)/../private/nss +- +INCLUDES += -iquote $(DIST)/../public/nss - ++INCLUDES += -iquote $(DIST)/../private/nss ####################################################################### + # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile ---- ./nss/cmd/httpserv/Makefile.iquote 2014-01-18 11:33:15.058108851 -0800 -+++ ./nss/cmd/httpserv/Makefile 2014-01-18 11:34:08.913478276 -0800 +--- ./nss/cmd/httpserv/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/httpserv/Makefile 2016-02-06 08:00:39.403191706 -0800 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -35,8 +25,8 @@ diff -up ./nss/cmd/httpserv/Makefile.iquote ./nss/cmd/httpserv/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile ---- ./nss/cmd/lib/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/cmd/lib/Makefile 2014-01-18 11:31:32.309404697 -0800 +--- ./nss/cmd/lib/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/lib/Makefile 2016-02-06 08:00:39.403191706 -0800 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -48,8 +38,8 @@ diff -up ./nss/cmd/lib/Makefile.iquote ./nss/cmd/lib/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile ---- ./nss/cmd/modutil/Makefile.iquote 2014-05-31 11:14:36.880951209 -0700 -+++ ./nss/cmd/modutil/Makefile 2014-05-31 11:15:13.423253804 -0700 +--- ./nss/cmd/modutil/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/modutil/Makefile 2016-02-06 08:00:39.403191706 -0800 @@ -41,7 +41,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -61,8 +51,8 @@ diff -up ./nss/cmd/modutil/Makefile.iquote ./nss/cmd/modutil/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile ---- ./nss/cmd/selfserv/Makefile.iquote 2014-05-31 10:41:33.790380931 -0700 -+++ ./nss/cmd/selfserv/Makefile 2014-05-31 10:42:12.319696191 -0700 +--- ./nss/cmd/selfserv/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/selfserv/Makefile 2016-02-06 08:00:39.403191706 -0800 @@ -35,7 +35,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -74,21 +64,21 @@ diff -up ./nss/cmd/selfserv/Makefile.iquote ./nss/cmd/selfserv/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/ssltap/Makefile.iquote ./nss/cmd/ssltap/Makefile ---- ./nss/cmd/ssltap/Makefile.iquote 2014-05-31 10:46:19.661718435 -0700 -+++ ./nss/cmd/ssltap/Makefile 2014-05-31 10:47:11.269140037 -0700 +--- ./nss/cmd/ssltap/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/ssltap/Makefile 2016-02-06 08:04:21.595228841 -0800 @@ -39,7 +39,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### - -+INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../private/nss ++INCLUDES += -iquote $(DIST)/../public/nss ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile ---- ./nss/cmd/strsclnt/Makefile.iquote 2014-05-31 10:51:00.833015089 -0700 -+++ ./nss/cmd/strsclnt/Makefile 2014-05-31 10:51:30.397255298 -0700 +--- ./nss/cmd/strsclnt/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/strsclnt/Makefile 2016-02-06 08:00:39.404191687 -0800 @@ -36,7 +36,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -100,32 +90,32 @@ diff -up ./nss/cmd/strsclnt/Makefile.iquote ./nss/cmd/strsclnt/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/cmd/tstclnt/Makefile.iquote ./nss/cmd/tstclnt/Makefile ---- ./nss/cmd/tstclnt/Makefile.iquote 2014-05-01 20:27:18.000000000 -0700 -+++ ./nss/cmd/tstclnt/Makefile 2014-05-31 10:57:43.740326022 -0700 -@@ -42,5 +42,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk - # (7) Execute "local" rules. (OPTIONAL). # +--- ./nss/cmd/tstclnt/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/tstclnt/Makefile 2016-02-06 08:04:40.506961353 -0800 +@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### + #include ../platlibs.mk +INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../private/nss -+ - include ../platrules.mk -diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile ---- ./nss/cmd/vfyserv/Makefile.iquote 2014-05-31 11:00:19.522669067 -0700 -+++ ./nss/cmd/vfyserv/Makefile 2014-05-31 11:00:42.954870502 -0700 -@@ -42,5 +42,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk + ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # +diff -up ./nss/cmd/vfyserv/Makefile.iquote ./nss/cmd/vfyserv/Makefile +--- ./nss/cmd/vfyserv/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/cmd/vfyserv/Makefile 2016-02-06 08:04:55.758745631 -0800 +@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk ####################################################################### + #include ../platlibs.mk +INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../private/nss -+ - include ../platrules.mk + ####################################################################### + # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk ---- ./nss/coreconf/location.mk.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/coreconf/location.mk 2014-01-18 11:31:32.309404697 -0800 +--- ./nss/coreconf/location.mk.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/coreconf/location.mk 2016-02-06 08:00:39.404191687 -0800 @@ -45,6 +45,10 @@ endif ifdef NSS_INCLUDE_DIR @@ -138,8 +128,8 @@ diff -up ./nss/coreconf/location.mk.iquote ./nss/coreconf/location.mk ifndef NSS_LIB_DIR diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile ---- ./nss/lib/certhigh/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/lib/certhigh/Makefile 2014-01-18 11:31:32.310404704 -0800 +--- ./nss/lib/certhigh/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/certhigh/Makefile 2016-02-06 08:00:39.404191687 -0800 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -150,8 +140,8 @@ diff -up ./nss/lib/certhigh/Makefile.iquote ./nss/lib/certhigh/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile ---- ./nss/lib/cryptohi/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/lib/cryptohi/Makefile 2014-01-18 11:31:32.310404704 -0800 +--- ./nss/lib/cryptohi/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/cryptohi/Makefile 2016-02-06 08:00:39.404191687 -0800 @@ -38,7 +38,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -162,21 +152,21 @@ diff -up ./nss/lib/cryptohi/Makefile.iquote ./nss/lib/cryptohi/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/lib/libpkix/pkix/checker/Makefile.iquote ./nss/lib/libpkix/pkix/checker/Makefile ---- ./nss/lib/libpkix/pkix/checker/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/lib/libpkix/pkix/checker/Makefile 2014-01-18 11:31:32.310404704 -0800 +--- ./nss/lib/libpkix/pkix/checker/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/libpkix/pkix/checker/Makefile 2016-02-06 08:05:24.277342263 -0800 @@ -38,7 +38,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### - -+INCLUDES += -iquote $(DIST)/../public/nss +INCLUDES += -iquote $(DIST)/../private/nss ++INCLUDES += -iquote $(DIST)/../public/nss ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile ---- ./nss/lib/nss/Makefile.iquote 2014-01-03 11:59:10.000000000 -0800 -+++ ./nss/lib/nss/Makefile 2014-01-18 11:31:32.310404704 -0800 +--- ./nss/lib/nss/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/nss/Makefile 2016-02-06 08:00:39.404191687 -0800 @@ -37,7 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -188,8 +178,8 @@ diff -up ./nss/lib/nss/Makefile.iquote ./nss/lib/nss/Makefile ####################################################################### # (7) Execute "local" rules. (OPTIONAL). # diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile ---- ./nss/lib/ssl/Makefile.iquote 2015-06-05 15:42:16.661963153 -0700 -+++ ./nss/lib/ssl/Makefile 2015-06-05 15:43:25.862697604 -0700 +--- ./nss/lib/ssl/Makefile.iquote 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/ssl/Makefile 2016-02-06 08:00:39.404191687 -0800 @@ -49,6 +49,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (6) Execute "component" rules. (OPTIONAL) # ####################################################################### @@ -198,3 +188,15 @@ diff -up ./nss/lib/ssl/Makefile.iquote ./nss/lib/ssl/Makefile ####################################################################### +diff -up ./nss/external_tests/ssl_gtest/Makefile.iquote ./nss/external_tests/ssl_gtest/Makefile +--- ./nss/external_tests/ssl_gtest/Makefile.iquote 2016-02-18 21:51:23.746893964 -0500 ++++ ./nss/external_tests/ssl_gtest/Makefile 2016-02-18 21:52:32.825583479 -0500 +@@ -37,6 +37,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk + # (6) Execute "component" rules. (OPTIONAL) # + ####################################################################### + ++INCLUDES += -iquote $(DIST)/../public/nss ++INCLUDES += -iquote $(DIST)/../private/nss + + ####################################################################### + # (7) Execute "local" rules. (OPTIONAL). # diff --git a/SOURCES/nss-3.16-token-init-race.patch b/SOURCES/nss-3.16-token-init-race.patch new file mode 100644 index 0000000..08524b8 --- /dev/null +++ b/SOURCES/nss-3.16-token-init-race.patch @@ -0,0 +1,349 @@ +diff -up ./nss/lib/pk11wrap/dev3hack.c.init-token-race ./nss/lib/pk11wrap/dev3hack.c +--- ./nss/lib/pk11wrap/dev3hack.c.init-token-race 2014-10-24 15:55:55.000000000 -0700 ++++ ./nss/lib/pk11wrap/dev3hack.c 2015-02-18 12:37:03.184120865 -0800 +@@ -245,6 +245,16 @@ nssSlot_Refresh + if (slot->token && slot->token->base.name[0] == 0) { + doit = PR_TRUE; + } ++ /* invalidate the session in the nss3slot if we haven't done an init ++ * token since we noticed that the token->default session is invalid. ++ * This works because the monitor lock and the token session lock are the ++ * same locks */ ++ PK11_EnterSlotMonitor(nss3slot); ++ if ((slot->token == NULL) || (slot->token->defaultSession == NULL) || ++ (slot->token->defaultSession->handle == CK_INVALID_SESSION)) { ++ nss3slot->session = CK_INVALID_SESSION; ++ } ++ PK11_ExitSlotMonitor(nss3slot); + if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) { + return PR_FAILURE; + } +@@ -252,7 +262,8 @@ nssSlot_Refresh + nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain, + slot->token); + } +- return nssToken_Refresh(slot->token); ++ /* no need to call nssToken_Refresh since PK11_Init has already done so */ ++ return PR_SUCCESS; + } + + NSS_IMPLEMENT PRStatus +diff -up ./nss/lib/pk11wrap/pk11auth.c.init-token-race ./nss/lib/pk11wrap/pk11auth.c +--- ./nss/lib/pk11wrap/pk11auth.c.init-token-race 2014-10-24 15:55:55.000000000 -0700 ++++ ./nss/lib/pk11wrap/pk11auth.c 2015-02-18 12:37:03.184120865 -0800 +@@ -73,7 +73,6 @@ pk11_CheckPassword(PK11SlotInfo *slot, C + (unsigned char *)pw,len); + slot->lastLoginCheck = 0; + mustRetry = PR_FALSE; +- if (!alreadyLocked) PK11_ExitSlotMonitor(slot); + switch (crv) { + /* if we're already logged in, we're good to go */ + case CKR_OK: +@@ -100,7 +99,16 @@ pk11_CheckPassword(PK11SlotInfo *slot, C + break; + } + if (retry++ == 0) { ++ /* we already know the this session is invalid */ ++ slot->session = CK_INVALID_SESSION; ++ /* can't enter PK11_InitToken holding the lock ++ * This is safe because the only places that tries to ++ * hold the slot monitor over this call pass their own ++ * session, which would have failed above. ++ * (session != slot->session) */ ++ PK11_ExitSlotMonitor(slot); + rv = PK11_InitToken(slot,PR_FALSE); ++ PK11_EnterSlotMonitor(slot); + if (rv == SECSuccess) { + if (slot->session != CK_INVALID_SESSION) { + session = slot->session; /* we should have +@@ -118,6 +126,7 @@ pk11_CheckPassword(PK11SlotInfo *slot, C + PORT_SetError(PK11_MapError(crv)); + rv = SECFailure; /* some failure we can't fix by retrying */ + } ++ if (!alreadyLocked) PK11_ExitSlotMonitor(slot); + } while (mustRetry); + return rv; + } +@@ -455,14 +464,18 @@ done: + slot->lastLoginCheck = 0; + PK11_RestoreROSession(slot,rwsession); + if (rv == SECSuccess) { ++ PK11_EnterSlotMonitor(slot); + /* update our view of the world */ ++ if (slot->session != CK_INVALID_SESSION) { ++ PK11_GETTAB(slot)->C_CloseSession(slot->session); ++ slot->session = CK_INVALID_SESSION; ++ } ++ PK11_ExitSlotMonitor(slot); + PK11_InitToken(slot,PR_TRUE); + if (slot->needLogin) { +- PK11_EnterSlotMonitor(slot); + PK11_GETTAB(slot)->C_Login(slot->session,CKU_USER, + (unsigned char *)userpw,len); + slot->lastLoginCheck = 0; +- PK11_ExitSlotMonitor(slot); + } + } + return rv; +@@ -506,7 +519,7 @@ PK11_ChangePW(PK11SlotInfo *slot, const + PK11_RestoreROSession(slot,rwsession); + + /* update our view of the world */ +- PK11_InitToken(slot,PR_TRUE); ++ /* PK11_InitToken(slot,PR_TRUE); */ + return rv; + } + +diff -up ./nss/lib/pk11wrap/pk11slot.c.init-token-race ./nss/lib/pk11wrap/pk11slot.c +--- ./nss/lib/pk11wrap/pk11slot.c.init-token-race 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/lib/pk11wrap/pk11slot.c 2016-01-12 17:58:34.519114993 -0800 +@@ -1053,6 +1053,7 @@ PK11_ReadMechanismList(PK11SlotInfo *slo + CK_ULONG count; + CK_RV crv; + PRUint32 i; ++ char mechanismBits[sizeof(slot->mechanismBits)]; + + if (slot->mechanismList) { + PORT_Free(slot->mechanismList); +@@ -1060,10 +1061,8 @@ PK11_ReadMechanismList(PK11SlotInfo *slo + } + slot->mechanismCount = 0; + +- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,NULL,&count); + if (crv != CKR_OK) { +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + PORT_SetError(PK11_MapError(crv)); + return SECFailure; + } +@@ -1071,12 +1070,10 @@ PK11_ReadMechanismList(PK11SlotInfo *slo + slot->mechanismList = (CK_MECHANISM_TYPE *) + PORT_Alloc(count *sizeof(CK_MECHANISM_TYPE)); + if (slot->mechanismList == NULL) { +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + return SECFailure; + } + crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID, + slot->mechanismList, &count); +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + if (crv != CKR_OK) { + PORT_Free(slot->mechanismList); + slot->mechanismList = NULL; +@@ -1084,14 +1081,16 @@ PK11_ReadMechanismList(PK11SlotInfo *slo + return SECSuccess; + } + slot->mechanismCount = count; +- PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits)); ++ PORT_Memset(mechanismBits, 0, sizeof(slot->mechanismBits)); + + for (i=0; i < count; i++) { + CK_MECHANISM_TYPE mech = slot->mechanismList[i]; + if (mech < 0x7ff) { +- slot->mechanismBits[mech & 0xff] |= 1 << (mech >> 8); ++ mechanismBits[mech & 0xff] |= 1 << (mech >> 8); + } + } ++ PORT_Memcpy(slot->mechanismBits, mechanismBits, ++ sizeof(slot->mechanismBits)); + return SECSuccess; + } + +@@ -1108,12 +1107,20 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + CK_RV crv; + SECStatus rv; + PRStatus status; ++ CK_SESSION_HANDLE session; ++ ++ PK11_EnterSlotMonitor(slot); ++ if (slot->session != CK_INVALID_SESSION) { ++ /* The reason for doing an InitToken has already been satisfied by ++ * another thread. Just return */ ++ PK11_ExitSlotMonitor(slot); ++ return SECSuccess; ++ } + + /* set the slot flags to the current token values */ +- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo); +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); + if (crv != CKR_OK) { ++ PK11_ExitSlotMonitor(slot); + PORT_SetError(PK11_MapError(crv)); + return SECFailure; + } +@@ -1150,7 +1157,10 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + slot->defRWSession = (PRBool)((!slot->readOnly) && + (tokenInfo.ulMaxSessionCount == 1)); + rv = PK11_ReadMechanismList(slot); +- if (rv != SECSuccess) return rv; ++ if (rv != SECSuccess) { ++ PK11_ExitSlotMonitor(slot); ++ return rv; ++ } + + slot->hasRSAInfo = PR_FALSE; + slot->RSAInfoFlags = 0; +@@ -1165,50 +1175,23 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + slot->maxKeyCount = tokenInfo.ulMaxSessionCount/2; + } + +- /* Make sure our session handle is valid */ +- if (slot->session == CK_INVALID_SESSION) { +- /* we know we don't have a valid session, go get one */ +- CK_SESSION_HANDLE session; +- +- /* session should be Readonly, serial */ +- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); +- crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID, ++ /* we know we don't have a valid session, go get one */ ++ /* session should be Readonly, serial */ ++ crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID, + (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION, + slot,pk11_notify,&session); +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); +- if (crv != CKR_OK) { +- PORT_SetError(PK11_MapError(crv)); +- return SECFailure; +- } +- slot->session = session; +- } else { +- /* The session we have may be defunct (the token associated with it) +- * has been removed */ +- CK_SESSION_INFO sessionInfo; +- +- if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); +- crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session,&sessionInfo); +- if (crv == CKR_DEVICE_ERROR) { +- PK11_GETTAB(slot)->C_CloseSession(slot->session); +- crv = CKR_SESSION_CLOSED; +- } +- if ((crv==CKR_SESSION_CLOSED) || (crv==CKR_SESSION_HANDLE_INVALID)) { +- crv =PK11_GETTAB(slot)->C_OpenSession(slot->slotID, +- (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION, +- slot,pk11_notify,&slot->session); +- if (crv != CKR_OK) { +- PORT_SetError(PK11_MapError(crv)); +- slot->session = CK_INVALID_SESSION; +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); +- return SECFailure; +- } +- } +- if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); ++ if (crv != CKR_OK) { ++ PK11_ExitSlotMonitor(slot); ++ PORT_SetError(PK11_MapError(crv)); ++ return SECFailure; + } ++ slot->session = session; + + status = nssToken_Refresh(slot->nssToken); +- if (status != PR_SUCCESS) ++ if (status != PR_SUCCESS) { ++ PK11_ExitSlotMonitor(slot); + return SECFailure; ++ } + + if (!(slot->isInternal) && (slot->hasRandom)) { + /* if this slot has a random number generater, use it to add entropy +@@ -1221,28 +1204,20 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + /* if this slot can issue random numbers, get some entropy from + * that random number generater and give it to our internal token. + */ +- PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_GenerateRandom + (slot->session,random_bytes, sizeof(random_bytes)); +- PK11_ExitSlotMonitor(slot); + if (crv == CKR_OK) { +- PK11_EnterSlotMonitor(int_slot); + PK11_GETTAB(int_slot)->C_SeedRandom(int_slot->session, + random_bytes, sizeof(random_bytes)); +- PK11_ExitSlotMonitor(int_slot); + } + + /* Now return the favor and send entropy to the token's random + * number generater */ +- PK11_EnterSlotMonitor(int_slot); + crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session, + random_bytes, sizeof(random_bytes)); +- PK11_ExitSlotMonitor(int_slot); + if (crv == CKR_OK) { +- PK11_EnterSlotMonitor(slot); + crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session, + random_bytes, sizeof(random_bytes)); +- PK11_ExitSlotMonitor(slot); + } + PK11_FreeSlot(int_slot); + } +@@ -1274,6 +1249,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo + PK11_GETTAB(slot)->C_CloseSession(session); + } + } ++ PK11_ExitSlotMonitor(slot); + + return SECSuccess; + } +@@ -1387,6 +1363,8 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT + } + /* if the token is present, initialize it */ + if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) { ++ /* session was initialized to CK_INVALID_SESSION when the slot ++ * was created */ + rv = PK11_InitToken(slot,PR_TRUE); + /* the only hard failures are on permanent devices, or function + * verify failures... function verify failures are already handled +@@ -1826,10 +1804,15 @@ PK11_DoesMechanism(PK11SlotInfo *slot, C + return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8))) ? + PR_TRUE : PR_FALSE; + } +- ++ ++ PK11_EnterSlotMonitor(slot); + for (i=0; i < (int) slot->mechanismCount; i++) { +- if (slot->mechanismList[i] == type) return PR_TRUE; ++ if (slot->mechanismList[i] == type) { ++ PK11_ExitSlotMonitor(slot); ++ return PR_TRUE; ++ } + } ++ PK11_ExitSlotMonitor(slot); + return PR_FALSE; + } + +diff -up ./nss/lib/pk11wrap/pk11util.c.init-token-race ./nss/lib/pk11wrap/pk11util.c +--- ./nss/lib/pk11wrap/pk11util.c.init-token-race 2015-02-18 12:37:03.176120865 -0800 ++++ ./nss/lib/pk11wrap/pk11util.c 2015-02-18 12:39:44.158120658 -0800 +@@ -1560,6 +1560,11 @@ SECMOD_RestartModules(PRBool force) + * older modules require it, and it doesn't hurt (compliant modules + * will return CKR_NOT_INITIALIZED */ + (void) PK11_GETTAB(mod)->C_Finalize(NULL); ++ /* finalize clears the session, mark them dead in the ++ * slot as well */ ++ for (i=0; i < mod->slotCount; i++) { ++ mod->slots[i]->session = CK_INVALID_SESSION; ++ } + /* now initialize the module, this function reinitializes + * a module in place, preserving existing slots (even if they + * no longer exist) */ +@@ -1579,17 +1584,18 @@ SECMOD_RestartModules(PRBool force) + /* get new token sessions, bump the series up so that + * we refresh other old sessions. This will tell much of + * NSS to flush cached handles it may hold as well */ +- rv = PK11_InitToken(mod->slots[i],PR_TRUE); ++ PK11SlotInfo *slot = mod->slots[i]; ++ rv = PK11_InitToken(slot,PR_TRUE); + /* PK11_InitToken could fail if the slot isn't present. + * If it is present, though, something is wrong and we should + * disable the slot and let the caller know. */ +- if (rv != SECSuccess && PK11_IsPresent(mod->slots[i])) { ++ if (rv != SECSuccess && PK11_IsPresent(slot)) { + /* save the last error code */ + lastError = PORT_GetError(); + rrv = rv; + /* disable the token */ +- mod->slots[i]->disabled = PR_TRUE; +- mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; ++ slot->disabled = PR_TRUE; ++ slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; + } + } + } diff --git a/SOURCES/nss-539183.patch b/SOURCES/nss-539183.patch index 3798c35..d07ecdd 100644 --- a/SOURCES/nss-539183.patch +++ b/SOURCES/nss-539183.patch @@ -1,11 +1,9 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c --- nss/cmd/httpserv/httpserv.c.539183 2013-05-28 14:43:24.000000000 -0700 +++ nss/cmd/httpserv/httpserv.c 2013-05-30 22:16:46.685373471 -0700 -@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port - PRStatus prStatus; +@@ -938,13 +938,13 @@ getBoundListenSocket(unsigned short port PRNetAddr addr; PRSocketOptionData opt; -+ PRUint16 socketDomain = PR_AF_INET; - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; @@ -15,9 +13,6 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c + } - listen_sock = PR_NewTCPSocket(); -+ if (PR_GetEnv("NSS_USE_SDP")) { -+ socketDomain = PR_AF_INET_SDP; -+ } + listen_sock = PR_OpenTCPSocket(PR_AF_INET6); if (listen_sock == NULL) { - errExit("PR_NewTCPSocket"); @@ -28,11 +23,9 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c --- nss/cmd/selfserv/selfserv.c.539183 2013-05-28 14:43:24.000000000 -0700 +++ nss/cmd/selfserv/selfserv.c 2013-05-30 22:16:46.688373495 -0700 -@@ -1687,14 +1687,18 @@ getBoundListenSocket(unsigned short port - PRStatus prStatus; +@@ -1707,13 +1707,13 @@ getBoundListenSocket(unsigned short port PRNetAddr addr; PRSocketOptionData opt; -+ PRUint16 socketDomain = PR_AF_INET; - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; @@ -42,9 +35,6 @@ diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c + } - listen_sock = PR_NewTCPSocket(); -+ if (PR_GetEnv("NSS_USE_SDP")) { -+ socketDomain = PR_AF_INET_SDP; -+ } + listen_sock = PR_OpenTCPSocket(PR_AF_INET6); if (listen_sock == NULL) { - errExit("PR_NewTCPSocket"); diff --git a/SOURCES/nss-enable-384-cipher-tests.patch b/SOURCES/nss-enable-384-cipher-tests.patch new file mode 100644 index 0000000..2b8d597 --- /dev/null +++ b/SOURCES/nss-enable-384-cipher-tests.patch @@ -0,0 +1,14 @@ +diff -up ./nss/tests/ssl/ssl.sh.384 ./nss/tests/ssl/ssl.sh +--- ./nss/tests/ssl/ssl.sh.384 2016-02-24 19:00:23.135079185 -0500 ++++ ./nss/tests/ssl/ssl.sh 2016-02-24 19:00:41.963720050 -0500 +@@ -93,8 +93,8 @@ ssl_init() + ECC_STRING="" + fi + +- CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" +- CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" ++ CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz" ++ CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027:C028:C02B:C02C:C02F:C030:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz" + + if [ "${OS_ARCH}" != "WINNT" ]; then + ulimit -n 1000 # make sure we have enough file descriptors diff --git a/SOURCES/nss-fix-client-auth-init-hashes.patch b/SOURCES/nss-fix-client-auth-init-hashes.patch new file mode 100644 index 0000000..f0f60a3 --- /dev/null +++ b/SOURCES/nss-fix-client-auth-init-hashes.patch @@ -0,0 +1,48 @@ +diff -up ./nss/lib/ssl/ssl3con.c.fix_client_auth_crash ./nss/lib/ssl/ssl3con.c +--- ./nss/lib/ssl/ssl3con.c.fix_client_auth_crash 2016-02-24 10:40:56.249523174 -0800 ++++ ./nss/lib/ssl/ssl3con.c 2016-02-24 10:56:24.180107667 -0800 +@@ -6626,12 +6626,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; + isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); + ++#ifdef notdef + rv = ssl3_InitHandshakeHashes(ss); + if (rv != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } ++#endif + + rv = ssl3_ConsumeHandshake( + ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length); +@@ -8115,12 +8117,14 @@ ssl3_HandleClientHello(sslSocket *ss, SS + } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; + ++#ifdef notdef + rv = ssl3_InitHandshakeHashes(ss); + if (rv != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } ++#endif + + /* grab the client random data. */ + rv = ssl3_ConsumeHandshake( +@@ -8941,12 +8945,14 @@ ssl3_HandleV2ClientHello(sslSocket *ss, + } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; + ++#ifdef notdef + rv = ssl3_InitHandshakeHashes(ss); + if (rv != SECSuccess) { + desc = internal_error; + errCode = PORT_GetError(); + goto alert_loser; + } ++#endif + + /* if we get a non-zero SID, just ignore it. */ + if (length != diff --git a/SOURCES/nss-fix-deadlock-squash.patch b/SOURCES/nss-fix-deadlock-squash.patch new file mode 100644 index 0000000..4950f7b --- /dev/null +++ b/SOURCES/nss-fix-deadlock-squash.patch @@ -0,0 +1,146 @@ +diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c +--- a/lib/pki/tdcache.c ++++ b/lib/pki/tdcache.c +@@ -379,23 +379,29 @@ nssTrustDomain_UnlockCertCache ( + + struct token_cert_dtor { + NSSToken *token; + nssTDCertificateCache *cache; + NSSCertificate **certs; + PRUint32 numCerts, arrSize; + }; + ++static void cert_iter(const void *k, void *v, void *a) ++{ ++ nssList *certList = (nssList *)a; ++ NSSCertificate *c = (NSSCertificate *)k; ++ nssList_Add(certList, nssCertificate_AddRef(c)); ++} ++ + static void +-remove_token_certs(const void *k, void *v, void *a) ++remove_token_certs(NSSCertificate *c, struct token_cert_dtor *dtor) + { +- NSSCertificate *c = (NSSCertificate *)k; + nssPKIObject *object = &c->object; +- struct token_cert_dtor *dtor = a; + PRUint32 i; ++ + nssPKIObject_AddRef(object); + nssPKIObject_Lock(object); + for (i=0; inumInstances; i++) { + if (object->instances[i]->token == dtor->token) { + nssCryptokiObject_Destroy(object->instances[i]); + object->instances[i] = object->instances[object->numInstances-1]; + object->instances[object->numInstances-1] = NULL; + object->numInstances--; +@@ -422,45 +428,83 @@ NSS_IMPLEMENT PRStatus + nssTrustDomain_RemoveTokenCertsFromCache ( + NSSTrustDomain *td, + NSSToken *token + ) + { + NSSCertificate **certs; + PRUint32 i, arrSize = 10; + struct token_cert_dtor dtor; ++ nssList *certList; ++ PRStatus nspr_rv = PR_FAILURE; ++ nssListIterator *iter; ++ NSSCertificate *c; ++ + certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize); + if (!certs) { + return PR_FAILURE; + } + dtor.cache = td->cache; + dtor.token = token; + dtor.certs = certs; + dtor.numCerts = 0; + dtor.arrSize = arrSize; ++ ++ certList = nssList_Create(NULL, PR_FALSE); ++ if (!certList) { ++ goto loser; ++ } ++ /* fetch the list of certs in the cache */ + PZ_Lock(td->cache->lock); +- nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor); ++ nssHash_Iterate(td->cache->issuerAndSN, cert_iter, (void *)certList); ++ PZ_Unlock(td->cache->lock); ++ ++ /* find the certs that match this token without olding the td cache lock */ ++ iter=nssList_CreateIterator(certList); ++ if (!iter) { ++ goto loser; ++ } ++ for (c = (NSSCertificate *)nssListIterator_Start(iter); ++ c != (NSSCertificate *)NULL; ++ c = (NSSCertificate *)nssListIterator_Next(iter)) { ++ remove_token_certs( c, &dtor); ++ } ++ nssListIterator_Finish(iter); ++ nssListIterator_Destroy(iter); ++ nssList_Destroy(certList); ++ certList = NULL; ++ ++ /* now remove theose certs attached to this token */ ++ PZ_Lock(td->cache->lock); + for (i=0; iobject.numInstances == 0) { + nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]); + dtor.certs[i] = NULL; /* skip this cert in the second for loop */ + } else { + /* make sure it doesn't disappear on us before we finish */ + nssCertificate_AddRef(dtor.certs[i]); + } + } + PZ_Unlock(td->cache->lock); ++ ++ /* clean up */ + for (i=0; ihashAlg); +- if (hashAlg == 0) { ++ SECOidTag hashAlg = ssl3_TLSHashAlgorithmToOID(sigAndHash->hashAlg); ++ if (hashAlg == SEC_OID_UNKNOWN) { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } diff --git a/SOURCES/nss-map-oid-to-hashalg.patch b/SOURCES/nss-map-oid-to-hashalg.patch new file mode 100644 index 0000000..f056f5c --- /dev/null +++ b/SOURCES/nss-map-oid-to-hashalg.patch @@ -0,0 +1,21 @@ +diff -up ./nss/lib/ssl/ssl3con.c.use_oids ./nss/lib/ssl/ssl3con.c +--- ./nss/lib/ssl/ssl3con.c.use_oids 2016-02-24 12:01:55.488253556 -0800 ++++ ./nss/lib/ssl/ssl3con.c 2016-02-24 12:09:18.099513245 -0800 +@@ -4950,7 +4950,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * + rv = SECFailure; + goto tls12_loser; + } +- hashes->hashAlg = hashOid->offset; ++ hashes->hashAlg = ssl3_OIDToTLSHashAlgorithm(hashOid->offset); + PORT_Assert(hashes->hashAlg == ssl_hash_sha256 || + hashes->hashAlg == ssl_hash_sha384); + if (hashes->hashAlg != ssl_hash_sha256 && +@@ -9581,7 +9581,7 @@ ssl3_EncodeCertificateRequestSigAlgs(ssl + /* Note that we don't support a handshake hash with anything other than + * SHA-256, so asking for a signature from clients for something else + * would be inviting disaster. */ +- if (alg->hashAlg == ssl_hash_sha256 /* || alg->hashAlg == ssl_hash_sha384*/) { ++ if (alg->hashAlg == ssl_hash_sha256 || alg->hashAlg == ssl_hash_sha384) { + buf[(*len)++] = (PRUint8)alg->hashAlg; + buf[(*len)++] = (PRUint8)alg->sigAlg; + } diff --git a/SOURCES/nss-old-pkcs11-num.patch b/SOURCES/nss-old-pkcs11-num.patch new file mode 100644 index 0000000..d2b51f7 --- /dev/null +++ b/SOURCES/nss-old-pkcs11-num.patch @@ -0,0 +1,14 @@ +diff -up ./nss/lib/ssl/ssl3con.c.old_pkcs11_num ./nss/lib/ssl/ssl3con.c +--- ./nss/lib/ssl/ssl3con.c.old_pkcs11_num 2016-02-24 17:53:31.936203961 -0500 ++++ ./nss/lib/ssl/ssl3con.c 2016-02-24 17:54:34.643037802 -0500 +@@ -11075,7 +11075,9 @@ ssl3_ComputeTLSFinished(sslSocket *ss, s + tls_mac_params.ulServerOrClient = isServer ? 1 : 2; + param.data = (unsigned char *)&tls_mac_params; + param.len = sizeof(tls_mac_params); +- prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN, ++ /* RHEL 7.2 had the wrong number for CKM_TLS12_MACH instead of CKM_TLS_MAC. In the new scheme that ++ * number matches with CKM_TLS_KDF, so until softoken gets updated, use CKM_TLS_KDF on RHEL7 */ ++ prf_context = PK11_CreateContextBySymKey(CKM_TLS_KDF, CKA_SIGN, + spec->master_secret, ¶m); + if (!prf_context) + return SECFailure; diff --git a/SOURCES/nss-prevent-abi-issue.patch b/SOURCES/nss-prevent-abi-issue.patch new file mode 100644 index 0000000..afc979f --- /dev/null +++ b/SOURCES/nss-prevent-abi-issue.patch @@ -0,0 +1,44 @@ +diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c +--- a/lib/ssl/sslinfo.c ++++ b/lib/ssl/sslinfo.c +@@ -62,17 +62,17 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLCh + ssl_ReleaseSpecReadLock(ss); + inf.compressionMethodName = + ssl_GetCompressionMethodName(inf.compressionMethod); + } + if (sid) { + inf.creationTime = sid->creationTime; + inf.lastAccessTime = sid->lastAccessTime; + inf.expirationTime = sid->expirationTime; +- inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed; ++ inf.reservedNotSupported = PR_FALSE; + + if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ + inf.sessionIDLength = SSL2_SESSIONID_BYTES; + memcpy(inf.sessionID, sid->u.ssl2.sessionID, + SSL2_SESSIONID_BYTES); + } else { + unsigned int sidLen = sid->u.ssl3.sessionIDLength; + sidLen = PR_MIN(sidLen, sizeof inf.sessionID); +diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h +--- a/lib/ssl/sslt.h ++++ b/lib/ssl/sslt.h +@@ -145,17 +145,17 @@ typedef struct SSLChannelInfoStr { + /* compression method info */ + const char * compressionMethodName; + SSLCompressionMethod compressionMethod; + + /* The following fields are added in NSS 3.21. + * This field only has meaning in TLS < 1.3 and will be set to + * PR_FALSE in TLS 1.3. + */ +- PRBool extendedMasterSecretUsed; ++ PRBool reservedNotSupported; /* don't use */ + } SSLChannelInfo; + + /* Preliminary channel info */ + #define ssl_preinfo_version (1U << 0) + #define ssl_preinfo_cipher_suite (1U << 1) + #define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite) + + typedef struct SSLPreliminaryChannelInfoStr { diff --git a/SOURCES/nss-remove-bogus-assert.patch b/SOURCES/nss-remove-bogus-assert.patch new file mode 100644 index 0000000..423b524 --- /dev/null +++ b/SOURCES/nss-remove-bogus-assert.patch @@ -0,0 +1,13 @@ +diff -up ./nss/lib/ssl/ssl3con.c.remove_bogus_assert ./nss/lib/ssl/ssl3con.c +--- ./nss/lib/ssl/ssl3con.c.remove_bogus_assert 2016-02-24 16:55:18.430172675 -0500 ++++ ./nss/lib/ssl/ssl3con.c 2016-02-24 16:55:56.000473980 -0500 +@@ -3754,9 +3754,6 @@ ssl3_ComputeMasterSecretInt(sslSocket *s + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; + +- PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); +- PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); +- PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); + if (isTLS12) { + if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; + else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; diff --git a/SOURCES/nss-sni-c-v-fix.patch b/SOURCES/nss-sni-c-v-fix.patch new file mode 100644 index 0000000..6cfbb4f --- /dev/null +++ b/SOURCES/nss-sni-c-v-fix.patch @@ -0,0 +1,21 @@ +diff -up ./nss/tests/ssl/sslauth.txt.c_v_fix ./nss/tests/ssl/sslauth.txt +--- ./nss/tests/ssl/sslauth.txt.c_v_fix 2016-02-24 19:30:43.630282607 -0500 ++++ ./nss/tests/ssl/sslauth.txt 2016-02-24 19:33:59.848516577 -0500 +@@ -54,13 +54,13 @@ + # + # SNI Tests + # +- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI ++ SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser TLS Server hello response without SNI + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert +- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI ++ SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser SSL3 Server hello response without SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions +- SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI ++ SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser TLS Server hello response without SNI + SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI +- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS ++ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert diff --git a/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch b/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch new file mode 100644 index 0000000..fc0b697 --- /dev/null +++ b/SOURCES/nss-ssl-ssl3con-delete-duplicates.patch @@ -0,0 +1,21 @@ +--- ./nss/lib/ssl/ssl3con.c.delete_duplicates 2016-04-04 10:13:34.310883577 -0700 ++++ ./nss/lib/ssl/ssl3con.c 2016-04-04 10:18:32.544936462 -0700 +@@ -426,18 +426,16 @@ + cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0}, + + {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0}, + {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, 0}, + + {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256}, + #ifndef NSS_DISABLE_ECC +- {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, +- {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, prf_384}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384}, + #endif /* NSS_DISABLE_ECC */ + {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, prf_384}, diff --git a/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch b/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch new file mode 100644 index 0000000..c838dae --- /dev/null +++ b/SOURCES/nss-sslstress-txt-ssl3-lower-value-in-range.patch @@ -0,0 +1,27 @@ +diff -up ./nss/tests/ssl/sslstress.txt.ssl3_as_min_value ./nss/tests/ssl/sslstress.txt +--- ./nss/tests/ssl/sslstress.txt.ssl3_as_min_value 2015-11-08 21:12:59.000000000 -0800 ++++ ./nss/tests/ssl/sslstress.txt 2016-02-26 11:07:42.036366203 -0800 +@@ -9,9 +9,9 @@ + # ECC value params params + # ------- ------ ------ ------ --------------- + noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 +- noECC 0 _ -c_1000_-C_c_-V_:ssl3 Stress SSL3 RC4 128 with MD5 +- noECC 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 +- noECC 0 _ -c_1000_-C_c_-g Stress TLS RC4 128 with MD5 (false start) ++ noECC 0 _ -c_1000_-C_c_-V_ssl3:ssl3 Stress SSL3 RC4 128 with MD5 ++ noECC 0 _ -c_1000_-C_c_-V_ssl3:_ Stress TLS RC4 128 with MD5 ++ noECC 0 _ -V_ssl3:_-c_1000_-C_c_-g Stress TLS RC4 128 with MD5 (false start) + noECC 0 -u -V_ssl3:_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket) + noECC 0 -z -V_ssl3:_-c_1000_-C_c_-z Stress TLS RC4 128 with MD5 (compression) + noECC 0 -u_-z -V_ssl3:_-c_1000_-C_c_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression) +@@ -22,8 +22,8 @@ + # add client auth versions here... + # + noECC 0 -r_-r -c_100_-C_A_-N_-n_TestUser Stress SSL2 RC4 128 with MD5 (no reuse, client auth) +- noECC 0 -r_-r -c_100_-C_c_-V_:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth) +- noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth) ++ noECC 0 -r_-r -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth) ++ noECC 0 -r_-r -c_100_-C_c_-V_ssl3:_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth) + noECC 0 -r_-r_-u -V_ssl3:_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth) + noECC 0 -r_-r_-z -V_ssl3:_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth) + noECC 0 -r_-r_-z -V_ssl3:_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start) diff --git a/SOURCES/nss-tests-prevent-abi-issue.patch b/SOURCES/nss-tests-prevent-abi-issue.patch new file mode 100644 index 0000000..b6d726f --- /dev/null +++ b/SOURCES/nss-tests-prevent-abi-issue.patch @@ -0,0 +1,36 @@ +diff -up ./cmd/selfserv/selfserv.c.abi_test ./cmd/selfserv/selfserv.c +--- ./cmd/selfserv/selfserv.c.abi_test 2016-02-22 06:12:27.089047751 -0800 ++++ ./cmd/selfserv/selfserv.c 2016-02-22 06:15:46.969659328 -0800 +@@ -432,7 +432,7 @@ printSecurityInfo(PRFileDesc *fd) + channel.authKeyBits, suite.authAlgorithmName, + channel.keaKeyBits, suite.keaTypeName, + channel.compressionMethodName, +- channel.extendedMasterSecretUsed ? "Yes": "No"); ++ channel.reservedNotSupported ? "Yes": "No"); + } + } + if (verbose) { +diff -up ./cmd/tstclnt/tstclnt.c.abi_test ./cmd/tstclnt/tstclnt.c +--- ./cmd/tstclnt/tstclnt.c.abi_test 2016-02-22 06:16:49.820593866 -0800 ++++ ./cmd/tstclnt/tstclnt.c 2016-02-22 06:18:16.908117535 -0800 +@@ -133,7 +133,7 @@ void printSecurityInfo(PRFileDesc *fd) + channel.authKeyBits, suite.authAlgorithmName, + channel.keaKeyBits, suite.keaTypeName, + channel.compressionMethodName, +- channel.extendedMasterSecretUsed ? "Yes": "No"); ++ channel.reservedNotSupported ? "Yes": "No"); + } + } + cert = SSL_RevealCert(fd); +diff -up ./external_tests/ssl_gtest/tls_agent.cc.abi_test ./external_tests/ssl_gtest/tls_agent.cc +--- ./external_tests/ssl_gtest/tls_agent.cc.abi_test 2016-02-22 06:18:56.890439746 -0800 ++++ ./external_tests/ssl_gtest/tls_agent.cc 2016-02-22 06:19:59.264382368 -0800 +@@ -405,7 +405,7 @@ void TlsAgent::EnableExtendedMasterSecre + } + + void TlsAgent::CheckExtendedMasterSecret(bool expected) { +- ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE) ++ ASSERT_EQ(expected, info_.reservedNotSupported != PR_FALSE) + << "unexpected extended master secret state for " << name_; + } + diff --git a/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch b/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch deleted file mode 100644 index 3ba7ae1..0000000 --- a/SOURCES/ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up ./nss/tests/ssl/sslauth.txt.ocsp_sni ./nss/tests/ssl/sslauth.txt ---- ./nss/tests/ssl/sslauth.txt.ocsp_sni 2015-05-28 10:50:45.000000000 -0700 -+++ ./nss/tests/ssl/sslauth.txt 2015-08-30 08:49:22.025299419 -0700 -@@ -65,12 +65,12 @@ - # SNI Tests - # - SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI -- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI -- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert -+ SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI -+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert - SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI -- SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions -+ SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_vssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions - SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI -- SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI -+ SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS -- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS -- SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert -+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS -+ SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert -diff -up ./nss/tests/ssl/ssl.sh.ocsp_sni ./nss/tests/ssl/ssl.sh ---- ./nss/tests/ssl/ssl.sh.ocsp_sni 2015-08-30 08:49:21.905301105 -0700 -+++ ./nss/tests/ssl/ssl.sh 2015-08-30 08:49:22.017299531 -0700 -@@ -457,10 +457,10 @@ ssl_stapling_sub() - start_selfserv - - echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\" -- echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" -+ echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" - rm ${TMP}/$HOST.tmp.$$ 2>/dev/null - ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ -- -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ -+ -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ - >${TMP}/$HOST.tmp.$$ 2>&1 - ret=$? - cat ${TMP}/$HOST.tmp.$$ diff --git a/SOURCES/p-ignore-setpolicy.patch b/SOURCES/p-ignore-setpolicy.patch index 741781d..f9564df 100644 --- a/SOURCES/p-ignore-setpolicy.patch +++ b/SOURCES/p-ignore-setpolicy.patch @@ -1,17 +1,31 @@ -diff -up ./nsslib/ssl/sslsock.c.1026677 ./nsslib/ssl/sslsock.c ---- ./nss/lib/ssl/sslsock.c.1026677 2014-07-05 08:56:37.137268923 -0700 -+++ ./nss/lib/ssl/sslsock.c 2014-07-05 09:01:20.149518959 -0700 -@@ -1315,11 +1315,9 @@ NSS_SetDomesticPolicy(void) +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +--- a/lib/ssl/sslsock.c ++++ b/lib/ssl/sslsock.c +@@ -1364,25 +1364,22 @@ SSL_CipherPrefGet(PRFileDesc *fd, PRInt3 + rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled); + } + return rv; + } + + SECStatus + NSS_SetDomesticPolicy(void) + { +- SECStatus status = SECSuccess; const PRUint16 *cipher; for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) { - status = SSL_SetPolicy(*cipher, SSL_ALLOWED); - if (status != SECSuccess) - break; -+ SSL_SetPolicy(*cipher, SSL_ALLOWED); ++ (void) SSL_SetPolicy(*cipher, SSL_ALLOWED); } - return status; + return SECSuccess; } SECStatus + NSS_SetExportPolicy(void) + { + return NSS_SetDomesticPolicy(); + } + diff --git a/SOURCES/pem-compile-with-Werror.patch b/SOURCES/pem-compile-with-Werror.patch new file mode 100644 index 0000000..392d74a --- /dev/null +++ b/SOURCES/pem-compile-with-Werror.patch @@ -0,0 +1,146 @@ +diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h +--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-13 12:07:29.219887390 -0800 +@@ -233,6 +233,9 @@ struct pemLOWKEYPrivateKeyStr { + }; + typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; + ++/* NOTE: Discrepancy with the the way callers use of the return value as a count ++ * Fix this when we sync. up with the cleanup work being done at nss-pem project. ++ */ + SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly); + const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); + void pem_PopulateModulusExponent(pemInternalObject *io); +diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c +--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pinst.c 2015-11-13 12:07:29.219887390 -0800 +@@ -472,7 +472,9 @@ AddCertificate(char *certfile, char *key + char *ivstring = NULL; + int cipher; + +- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int (a count) and the declaration as a SECStatus. */ ++ nobjs = (int) ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs <= 0) { + nss_ZFreeIf(objs); + return CKR_GENERAL_ERROR; +@@ -515,8 +517,10 @@ AddCertificate(char *certfile, char *key + if (keyfile) { /* add the private key */ + SECItem **keyobjs = NULL; + int kobjs = 0; ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int and the declaration as a SECStatus. */ + kobjs = +- ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, ++ (int) ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher, + &ivstring, PR_FALSE); + if (kobjs < 1) { + error = CKR_GENERAL_ERROR; +diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c +--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/pobject.c 2015-11-13 12:07:29.220887368 -0800 +@@ -630,6 +630,11 @@ pem_DestroyInternalObject + if (io->u.key.ivstring) + free(io->u.key.ivstring); + break; ++ case pemAll: ++ /* pemAll is not used, keep the compiler happy ++ * TODO: investigate a proper solution ++ */ ++ return; + } + + if (NULL != gobj) +@@ -1044,7 +1049,9 @@ pem_CreateObject + int nobjs = 0; + int i; + int objid; ++#if 0 + pemToken *token; ++#endif + int cipher; + char *ivstring = NULL; + pemInternalObject *listObj = NULL; +@@ -1073,7 +1080,9 @@ pem_CreateObject + } + slotID = nssCKFWSlot_GetSlotID(fwSlot); + ++#if 0 + token = (pemToken *) mdToken->etc; ++#endif + + /* + * only create keys and certs. +@@ -1114,7 +1123,11 @@ pem_CreateObject + } + + if (objClass == CKO_CERTIFICATE) { +- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); ++ /* TODO: Fix discrepancy between our usage of the return value as ++ * as an int and the declaration as a SECStatus. Typecasting as a ++ * temporary workaround. ++ */ ++ nobjs = (int) ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */); + if (nobjs < 1) + goto loser; + +diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c +--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-13 12:07:29.220887368 -0800 +@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey + return 0; + } + ++/* unused functions */ ++#if 0 + static SHA1Context *SHA1_CloneContext(SHA1Context * original) + { + SHA1Context *clone = NULL; +@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un + + return SECSuccess; + } ++#endif /* unused functions */ + + /* + * Format one block of data for public/private key encryption using +diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c +--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800 ++++ ./nss/lib/ckfw/pem/util.c 2015-11-13 12:22:52.282196306 -0800 +@@ -131,7 +131,8 @@ static SECStatus FileToItem(SECItem * ds + return SECFailure; + } + +-int ++/* FIX: Returns a SECStatus yet callers take result as a count */ ++SECStatus + ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii, + int *cipher, char **ivstring, PRBool certsonly) + { +@@ -237,7 +238,12 @@ ReadDERFromFile(SECItem *** derlist, cha + goto loser; + } + if ((certsonly && !key) || (!certsonly && key)) { ++ error = CKR_OK; + PUT_Object(der, error); ++ if (error != CKR_OK) { ++ free(der); ++ goto loser; ++ } + } else { + free(der->data); + free(der); +@@ -255,7 +261,12 @@ ReadDERFromFile(SECItem *** derlist, cha + } + + /* NOTE: This code path has never been tested. */ ++ error = CKR_OK; + PUT_Object(der, error); ++ if (error != CKR_OK) { ++ free(der); ++ goto loser; ++ } + } + + nss_ZFreeIf(filedata.data); diff --git a/SOURCES/prfnonsha256.patch b/SOURCES/prfnonsha256.patch deleted file mode 100644 index 0f40bd7..0000000 --- a/SOURCES/prfnonsha256.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -up ./lib/ssl/ssl3con.c.prfnonsha256 ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.prfnonsha256 2015-06-24 23:06:00.456872491 +0200 -+++ ./lib/ssl/ssl3con.c 2015-06-26 01:11:50.986824797 +0200 -@@ -3959,7 +3959,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss) - /* If we ever support ciphersuites where the PRF hash isn't SHA-256 - * then this will need to be updated. */ - if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { -- ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256); -+ HASH_HashType ht; -+ CK_MECHANISM_TYPE hm; -+ SECOidTag ot; -+ SECOidData *hashOid; -+ -+ hm = ssl3_GetPrfHashMechanism(ss); -+ hashOid = SECOID_FindOIDByMechanism(hm); -+ if (hashOid == NULL) { -+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); -+ return SECFailure; -+ } -+ ot = hashOid->offset; -+ ht = HASH_GetHashTypeByOidTag(ot); -+ ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht); - if (!ss->ssl3.hs.sha_obj) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - return SECFailure; -@@ -4601,6 +4614,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * - ss->ssl3.hs.hashType == handshake_hash_single) { - /* compute them without PKCS11 */ - PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; -+ SECOidData *hashOid; - - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); -@@ -4611,11 +4625,15 @@ ssl3_ComputeHandshakeHashes(sslSocket * - ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, - sizeof(hashes->u.raw)); - -- PRINT_BUF(60, (NULL, "SHA-256: result", hashes->u.raw, hashes->len)); -+ PRINT_BUF(60, (NULL, "Hash: result", hashes->u.raw, hashes->len)); -+ -+ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); -+ if (hashOid == NULL) { -+ PORT_SetError(SSL_ERROR_DIGEST_FAILURE); -+ return SECFailure; -+ } -+ hashes->hashAlg = hashOid->offset; - -- /* If we ever support ciphersuites where the PRF hash isn't SHA-256 -- * then this will need to be updated. */ -- hashes->hashAlg = SEC_OID_SHA256; - rv = SECSuccess; - } else if (ss->opt.bypassPKCS11) { - /* compute them without PKCS11 */ -@@ -4708,6 +4726,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * - unsigned int stateLen; - unsigned char stackBuf[1024]; - unsigned char *stateBuf = NULL; -+ SECOidData *hashOid; - - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); -@@ -4728,9 +4747,15 @@ ssl3_ComputeHandshakeHashes(sslSocket * - rv = SECFailure; - goto tls12_loser; - } -- /* If we ever support ciphersuites where the PRF hash isn't SHA-256 -- * then this will need to be updated. */ -- hashes->hashAlg = SEC_OID_SHA256; -+ -+ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); -+ if (hashOid == NULL) { -+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); -+ rv = SECFailure; -+ goto tls12_loser; -+ } -+ hashes->hashAlg = hashOid->offset; -+ - rv = SECSuccess; - - tls12_loser: diff --git a/SOURCES/race.patch b/SOURCES/race.patch new file mode 100644 index 0000000..f83a7f9 --- /dev/null +++ b/SOURCES/race.patch @@ -0,0 +1,161 @@ +diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c +--- a/lib/pk11wrap/pk11util.c ++++ b/lib/pk11wrap/pk11util.c +@@ -1258,53 +1258,62 @@ SECMOD_HasRemovableSlots(SECMODModule *m + return ret; + } + + /* + * helper function to actually create and destroy user defined slots + */ + static SECStatus + secmod_UserDBOp(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass, +- const char *sendSpec) ++ const char *sendSpec, PRBool needlock) + { + CK_OBJECT_HANDLE dummy; + CK_ATTRIBUTE template[2] ; + CK_ATTRIBUTE *attrs = template; + CK_RV crv; + + PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++; + PK11_SETATTRS(attrs, CKA_NETSCAPE_MODULE_SPEC , (unsigned char *)sendSpec, + strlen(sendSpec)+1); attrs++; + + PORT_Assert(attrs-template <= 2); + + +- PK11_EnterSlotMonitor(slot); ++ if (needlock) PK11_EnterSlotMonitor(slot); + crv = PK11_CreateNewObject(slot, slot->session, + template, attrs-template, PR_FALSE, &dummy); +- PK11_ExitSlotMonitor(slot); ++ if (needlock) PK11_ExitSlotMonitor(slot); + + if (crv != CKR_OK) { + PORT_SetError(PK11_MapError(crv)); + return SECFailure; + } +- return SECMOD_UpdateSlotList(slot->module); ++ return SECSuccess; + } + + /* + * return true if the selected slot ID is not present or doesn't exist + */ + static PRBool + secmod_SlotIsEmpty(SECMODModule *mod, CK_SLOT_ID slotID) + { +- PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, slotID); ++ PK11SlotInfo *slot = SECMOD_FindSlotByID(mod, slotID); + if (slot) { +- PRBool present = PK11_IsPresent(slot); ++ CK_SLOT_INFO slotInfo; ++ CK_RV crv; ++ /* check if the slot is present, skip any slot reinit stuff, ++ * or cached present values, or locking. (we don't need to lock ++ * even if the module is not thread safe because we are already ++ * holding the module refLock, which is the same as the slot ++ * sessionLock if the module isn't thread safe. */ ++ crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID,&slotInfo); + PK11_FreeSlot(slot); +- if (present) { ++ if ((crv == CKR_OK) && ++ ((slotInfo.flags & CKF_TOKEN_PRESENT) == CKF_TOKEN_PRESENT)) { ++ /* slot is present, so it's not empty */ + return PR_FALSE; + } + } + /* it doesn't exist or isn't present, it's available */ + return PR_TRUE; + } + + /* +@@ -1350,52 +1359,67 @@ PK11SlotInfo * + SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec) + { + CK_SLOT_ID slotID = 0; + PK11SlotInfo *slot; + char *escSpec; + char *sendSpec; + SECStatus rv; + ++ PZ_Lock(mod->refLock); /* don't reuse a slot on the fly */ + slotID = secmod_FindFreeSlot(mod); + if (slotID == (CK_SLOT_ID) -1) { ++ PZ_Unlock(mod->refLock); + return NULL; + } + + if (mod->slotCount == 0) { ++ PZ_Unlock(mod->refLock); + return NULL; + } + + /* just grab the first slot in the module, any present slot should work */ + slot = PK11_ReferenceSlot(mod->slots[0]); + if (slot == NULL) { ++ PZ_Unlock(mod->refLock); + return NULL; + } + + /* we've found the slot, now build the moduleSpec */ + escSpec = NSSUTIL_DoubleEscape(moduleSpec, '>', ']'); + if (escSpec == NULL) { ++ PZ_Unlock(mod->refLock); + PK11_FreeSlot(slot); + return NULL; + } + sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec); + PORT_Free(escSpec); + + if (sendSpec == NULL) { + /* PR_smprintf does not set SEC_ERROR_NO_MEMORY on failure. */ ++ PZ_Unlock(mod->refLock); + PK11_FreeSlot(slot); + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; + } +- rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec); ++ rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec, ++ /* If the module isn't thread safe, the slot sessionLock == mod->refLock ++ * since we already hold the refLock we don't need to lock the sessionLock ++ */ ++ mod->isThreadSafe); ++ PZ_Unlock(mod->refLock); + PR_smprintf_free(sendSpec); + PK11_FreeSlot(slot); + if (rv != SECSuccess) { + return NULL; + } ++ rv = SECMOD_UpdateSlotList(mod); /* don't call holding the mod->reflock */ ++ if (rv != SECSuccess) { ++ return NULL; ++ } + + slot = SECMOD_FindSlotByID(mod, slotID); + if (slot) { + /* if we are in the delay period for the "isPresent" call, reset + * the delay since we know things have probably changed... */ + if (slot->nssToken && slot->nssToken->slot) { + nssSlot_ResetDelay(slot->nssToken->slot); + } +@@ -1488,17 +1512,17 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot) + char *sendSpec; + + sendSpec = PR_smprintf("tokens=[0x%x=<>]", slot->slotID); + if (sendSpec == NULL) { + /* PR_smprintf does not set no memory error */ + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } +- rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec); ++ rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec, PR_TRUE); + PR_smprintf_free(sendSpec); + /* if we are in the delay period for the "isPresent" call, reset + * the delay since we know things have probably changed... */ + if (slot->nssToken && slot->nssToken->slot) { + nssSlot_ResetDelay(slot->nssToken->slot); + /* force the slot info structures to properly reset */ + (void)PK11_IsPresent(slot); + } diff --git a/SOURCES/reorder-cipher-suites.patch b/SOURCES/reorder-cipher-suites.patch deleted file mode 100644 index 6e677e7..0000000 --- a/SOURCES/reorder-cipher-suites.patch +++ /dev/null @@ -1,206 +0,0 @@ -diff -up ./nss/lib/ssl/ssl3con.c.order ./nss/lib/ssl/ssl3con.c ---- ./nss/lib/ssl/ssl3con.c.order 2015-08-31 17:14:13.539138213 -0700 -+++ ./nss/lib/ssl/ssl3con.c 2015-08-31 17:35:23.841003936 -0700 -@@ -90,38 +90,29 @@ static ssl3CipherSuiteCfg cipherSuites[s - /* cipher_suite policy enabled isPresent */ - - #ifndef NSS_DISABLE_ECC -- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- /* Switched order of two previous to meet Suite B requirements -- * but implemented by default yet. -+ /* Ephemeral ECDH */ -+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must be before TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -+ * to workaround bug 946147. - */ -- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around -- * bug 946147. -- */ -- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - #endif /* NSS_DISABLE_ECC */ - -- { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ /* Ephemeral Finite Field DH */ - { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -130,35 +121,44 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - - #ifndef NSS_DISABLE_ECC -- { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ /* Non ephemeral ECDH */ -+ { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - #endif /* NSS_DISABLE_ECC */ - - /* RSA */ - { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -- { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_RSA_WITH_SEED_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_RC4_128_MD5, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - - /* 56-bit DES "domestic" cipher suites */ - { TLS_DHE_RSA_WITH_DES_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -diff -up ./nss/lib/ssl/sslenum.c.order ./nss/lib/ssl/sslenum.c ---- ./nss/lib/ssl/sslenum.c.order 2015-08-31 17:14:13.531138366 -0700 -+++ ./nss/lib/ssl/sslenum.c 2015-08-31 17:34:03.139562367 -0700 -@@ -48,35 +48,29 @@ - */ - const PRUint16 SSL_ImplementedCiphers[] = { - #ifndef NSS_DISABLE_ECC -+ /* Ephemeral ECDH */ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, -+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before - * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. - */ -- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, -+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, -+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, -- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, -- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, -- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, -- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, -+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, -+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, -+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, -+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - #endif /* NSS_DISABLE_ECC */ - -- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, -- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -- TLS_DHE_DSS_WITH_AES_128_CBC_SHA, -- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, -- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, -+ /* Ephemeral Finite Field DH */ - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, -@@ -85,11 +79,20 @@ const PRUint16 SSL_ImplementedCiphers[] - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, -+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, -+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, -+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, -+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, -+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, -+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, -+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_DSS_WITH_RC4_128_SHA, - - #ifndef NSS_DISABLE_ECC -+ /* Non ephemeral ECDH */ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, -@@ -100,19 +103,20 @@ const PRUint16 SSL_ImplementedCiphers[] - TLS_ECDH_RSA_WITH_RC4_128_SHA, - #endif /* NSS_DISABLE_ECC */ - -+ /* RSA */ - TLS_RSA_WITH_AES_256_GCM_SHA384, -+ TLS_RSA_WITH_AES_256_CBC_SHA, -+ TLS_RSA_WITH_AES_256_CBC_SHA256, -+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_128_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA256, - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, -- TLS_RSA_WITH_AES_256_CBC_SHA, -- TLS_RSA_WITH_AES_256_CBC_SHA256, -- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_RSA_WITH_SEED_CBC_SHA, -- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_RSA_WITH_RC4_128_SHA, - TLS_RSA_WITH_RC4_128_MD5, -+ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, - - /* 56-bit DES "domestic" cipher suites */ - TLS_DHE_RSA_WITH_DES_CBC_SHA, diff --git a/SOURCES/rh1238290.patch b/SOURCES/rh1238290.patch index 2564a26..49a9b5d 100644 --- a/SOURCES/rh1238290.patch +++ b/SOURCES/rh1238290.patch @@ -1,7 +1,6 @@ -diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c ---- a/lib/cryptohi/seckey.c -+++ b/lib/cryptohi/seckey.c -@@ -993,17 +993,17 @@ SECKEY_PublicKeyStrengthInBits(const SEC +--- ./lib/cryptohi/seckey.c.1238290 2015-11-08 21:12:59.000000000 -0800 ++++ ./lib/cryptohi/seckey.c 2016-02-16 10:07:20.956930721 -0800 +@@ -993,20 +993,20 @@ } /* interpret modulus length as key strength */ @@ -14,9 +13,13 @@ diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.params.prime); break; case dhKey: - bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue); +- bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue); ++ bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.prime); break; case ecKey: bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); break; default: + PORT_SetError(SEC_ERROR_INVALID_KEY); + break; + } diff --git a/SOURCES/sha384-client-verify.patch b/SOURCES/sha384-client-verify.patch deleted file mode 100644 index 95dfbd2..0000000 --- a/SOURCES/sha384-client-verify.patch +++ /dev/null @@ -1,399 +0,0 @@ -diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c ---- a/cmd/strsclnt/strsclnt.c -+++ b/cmd/strsclnt/strsclnt.c -@@ -117,17 +117,17 @@ static int active_threads = 8; /* number - ** connect */ - static PRInt32 numUsed; - /* end of variables protected by threadLock */ - - static SSL3Statistics * ssl3stats; - - static int failed_already = 0; - static SSLVersionRange enabledVersions; --static PRBool enableSSL2 = PR_TRUE; -+static PRBool enableSSL2 = PR_FALSE; - static PRBool bypassPKCS11 = PR_FALSE; - static PRBool disableLocking = PR_FALSE; - static PRBool ignoreErrors = PR_FALSE; - static PRBool enableSessionTickets = PR_FALSE; - static PRBool enableCompression = PR_FALSE; - static PRBool enableFalseStart = PR_FALSE; - static PRBool enableCertStatus = PR_FALSE; - -@@ -158,17 +158,17 @@ Usage(const char *progName) - " 2 -o's mean skip server certificate validation altogether.\n" - " -D means no TCP delays\n" - " -q means quit when server gone (timeout rather than retry forever)\n" - " -s means disable SSL socket locking\n" - " -N means no session reuse\n" - " -P means do a specified percentage of full handshakes (0-100)\n" - " -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n" - " All versions are enabled by default.\n" -- " Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n" -+ " Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n" - " Example: \"-V ssl3:\" enables SSL 3 and newer.\n" - " -U means enable throttling up threads\n" - " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" - " -T enable the cert_status extension (OCSP stapling)\n" - " -u enable TLS Session Ticket extension\n" - " -z enable compression\n" - " -g enable false start\n", - progName); -diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c -+++ b/lib/ssl/ssl3con.c -@@ -242,25 +242,32 @@ static const /*SSL3ClientCertificateType - #endif /* NSS_DISABLE_ECC */ - ct_DSS_sign, - }; - - /* This block is the contents of the supported_signature_algorithms field of - * our TLS 1.2 CertificateRequest message, in wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * -- * This block contains only sha256 entries because we only support TLS 1.2 -- * CertificateVerify messages that use the handshake hash. */ --static const PRUint8 supported_signature_algorithms[] = { -+ * We only support TLS 1.2 -+ * CertificateVerify messages that use the handshake PRF hash. */ -+static const PRUint8 supported_signature_algorithms_sha256[] = { - tls_hash_sha256, tls_sig_rsa, - #ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - #endif - tls_hash_sha256, tls_sig_dsa, - }; -+static const PRUint8 supported_signature_algorithms_sha384[] = { -+ tls_hash_sha384, tls_sig_rsa, -+#ifndef NSS_DISABLE_ECC -+ tls_hash_sha384, tls_sig_ecdsa, -+#endif -+ tls_hash_sha384, tls_sig_dsa, -+}; - - #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ - - - /* This global item is used only in servers. It is is initialized by - ** SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest(). - */ - CERTDistNames *ssl3_server_ca_list = NULL; -@@ -4018,17 +4025,18 @@ ssl3_InitHandshakeHashes(sslSocket *ss) - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - return SECFailure; - } - - /* Create a backup SHA-1 hash for a potential client auth - * signature. - * - * In TLS 1.2, ssl3_ComputeHandshakeHashes always uses the -- * handshake hash function (SHA-256). If the server or the client -+ * handshake PRF hash function (either SHA-256 or SHA384). -+ * If the server or the client - * does not support SHA-256 as a signature hash, we can either - * maintain a backup SHA-1 handshake hash or buffer all handshake - * messages. - */ - if (!ss->sec.isServer) { - ss->ssl3.hs.backupHash = PK11_CreateDigestContext(SEC_OID_SHA1); - if (ss->ssl3.hs.backupHash == NULL) { - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); -@@ -4750,16 +4758,24 @@ ssl3_ComputeHandshakeHashes(sslSocket * - - hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); - if (hashOid == NULL) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - rv = SECFailure; - goto tls12_loser; - } - hashes->hashAlg = hashOid->offset; -+ PORT_Assert(hashes->hashAlg == SEC_OID_SHA256 || -+ hashes->hashAlg == SEC_OID_SHA384); -+ if (hashes->hashAlg != SEC_OID_SHA256 && -+ hashes->hashAlg != SEC_OID_SHA384) { -+ ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); -+ rv = SECFailure; -+ goto tls12_loser; -+ } - - rv = SECSuccess; - - tls12_loser: - if (stateBuf) { - if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - rv = SECFailure; -@@ -7015,58 +7031,76 @@ done: - if (pubk) - SECKEY_DestroyPublicKey(pubk); - return rv; - } - - /* Destroys the backup handshake hash context if we don't need it. Note that - * this function selects the hash algorithm for client authentication - * signatures; ssl3_SendCertificateVerify uses the presence of the backup hash -- * to determine whether to use SHA-1 or SHA-256. */ -+ * to determine whether to use SHA-1, or the PRF hash of the cipher suite. */ - static void - ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, - const SECItem *algorithms) - { - SECStatus rv; - TLSSignatureAlgorithm sigAlg; - PRBool preferSha1; - PRBool supportsSha1 = PR_FALSE; -- PRBool supportsSha256 = PR_FALSE; -+ PRBool supportsHandshakeHash = PR_FALSE; - PRBool needBackupHash = PR_FALSE; - unsigned int i; -+ SECOidData *hashOid; -+ TLSHashAlgoritm suitePRFHash; -+ PRBool suitePRFIs256Or384 = PR_FALSE; - - #ifndef NO_PKCS11_BYPASS - /* Backup handshake hash is not supported in PKCS #11 bypass mode. */ - if (ss->opt.bypassPKCS11) { - PORT_Assert(!ss->ssl3.hs.backupHash); - return; - } - #endif - PORT_Assert(ss->ssl3.hs.backupHash); - - /* Determine the key's signature algorithm and whether it prefers SHA-1. */ - rv = ssl3_ExtractClientKeyInfo(ss, &sigAlg, &preferSha1); - if (rv != SECSuccess) { - goto done; - } - -+ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); -+ if (hashOid == NULL) { -+ rv = SECFailure; -+ goto done; -+ } -+ -+ if (hashOid->offset == SEC_OID_SHA256) { -+ suitePRFHash = tls_hash_sha256; -+ suitePRFIs256Or384 = PR_TRUE; -+ } else if (hashOid->offset == SEC_OID_SHA384) { -+ suitePRFHash = tls_hash_sha384; -+ suitePRFIs256Or384 = PR_TRUE; -+ } -+ - /* Determine the server's hash support for that signature algorithm. */ - for (i = 0; i < algorithms->len; i += 2) { - if (algorithms->data[i+1] == sigAlg) { - if (algorithms->data[i] == tls_hash_sha1) { - supportsSha1 = PR_TRUE; -- } else if (algorithms->data[i] == tls_hash_sha256) { -- supportsSha256 = PR_TRUE; -- } -- } -- } -- -- /* If either the server does not support SHA-256 or the client key prefers -- * SHA-1, leave the backup hash. */ -- if (supportsSha1 && (preferSha1 || !supportsSha256)) { -+ } else if (suitePRFIs256Or384 && -+ algorithms->data[i] == suitePRFHash) { -+ supportsHandshakeHash = PR_TRUE; -+ } -+ } -+ } -+ -+ /* If either the server does not support SHA-256/384, or the client key -+ * prefers SHA-1, leave the backup hash. */ -+ if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) { - needBackupHash = PR_TRUE; - } - - done: - if (!needBackupHash) { - PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE); - ss->ssl3.hs.backupHash = NULL; - } -@@ -9226,16 +9260,17 @@ ssl3_SendCertificateRequest(sslSocket *s - SECItem * names = NULL; - SECStatus rv; - int length; - int i; - int calen = 0; - int nnames = 0; - int certTypesLength; - int sigAlgsLength; -+ SECOidData *hashOid; - - SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", - SSL_GETPID(), ss->fd)); - - PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); - PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - - isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); -@@ -9252,18 +9287,30 @@ ssl3_SendCertificateRequest(sslSocket *s - } - - for (i = 0, name = names; i < nnames; i++, name++) { - calen += 2 + name->len; - } - - certTypes = certificate_types; - certTypesLength = sizeof certificate_types; -- sigAlgs = supported_signature_algorithms; -- sigAlgsLength = sizeof supported_signature_algorithms; -+ -+ hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); -+ if (hashOid == NULL) { -+ return SECFailure; /* err set by AppendHandshake. */ -+ } -+ if (hashOid->offset == SEC_OID_SHA256) { -+ sigAlgs = supported_signature_algorithms_sha256; -+ sigAlgsLength = sizeof supported_signature_algorithms_sha256; -+ } else if (hashOid->offset == SEC_OID_SHA384) { -+ sigAlgs = supported_signature_algorithms_sha384; -+ sigAlgsLength = sizeof supported_signature_algorithms_sha384; -+ } else { -+ return SECFailure; /* err set by AppendHandshake. */ -+ } - - length = 1 + certTypesLength + 2 + calen; - if (isTLS12) { - length += 2 + sigAlgsLength; - } - - rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); - if (rv != SECSuccess) { -diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h ---- a/lib/ssl/ssl3prot.h -+++ b/lib/ssl/ssl3prot.h -@@ -216,24 +216,24 @@ typedef struct { - SSL3ServerRSAParams rsa; - } u; - } SSL3ServerParams; - - /* This enum reflects HashAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * - * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ --enum { -+typedef enum { - tls_hash_md5 = 1, - tls_hash_sha1 = 2, - tls_hash_sha224 = 3, - tls_hash_sha256 = 4, - tls_hash_sha384 = 5, - tls_hash_sha512 = 6 --}; -+} TLSHashAlgoritm; - - /* This enum reflects SignatureAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - typedef enum { - tls_sig_rsa = 1, - tls_sig_dsa = 2, - tls_sig_ecdsa = 3 - } TLSSignatureAlgorithm; -diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh ---- a/tests/ssl/ssl.sh -+++ b/tests/ssl/ssl.sh -@@ -64,16 +64,17 @@ ssl_init() - # Test case files - if [ "${NSS_NO_SSL2}" = "1" ]; then - SSLCOV=${QADIR}/ssl/sslcov.noSSL2orExport.txt - SSLSTRESS=${QADIR}/ssl/sslstress.noSSL2orExport.txt - else - SSLCOV=${QADIR}/ssl/sslcov.txt - SSLSTRESS=${QADIR}/ssl/sslstress.txt - fi -+ SSLAUTH=${QADIR}/ssl/sslauth.txt - REQUEST_FILE=${QADIR}/ssl/sslreq.dat - - #temparary files - SERVEROUTFILE=${TMP}/tests_server.$$ - SERVERPID=${TMP}/tests_pid.$$ - - R_SERVERPID=../tests_pid.$$ - -@@ -87,18 +88,18 @@ ssl_init() - NORM_EXT="" - - if [ -z "$NSS_DISABLE_ECC" ] ; then - ECC_STRING=" - with ECC" - else - ECC_STRING="" - fi - -- CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" -- CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C027:C02B:C02F:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009E:00A2cdefgijklmnvyz" -+ CSHORT="-c ABCDEF:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz" -+ CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027:C028:C02B:C02C:C02F:C030:0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B:0084:009C:009D:009E:009F:00A2:00A3cdefgijklmnvyz" - - if [ "${OS_ARCH}" != "WINNT" ]; then - ulimit -n 1000 # make sure we have enough file descriptors - fi - - cd ${CLIENTDIR} - } - -@@ -119,17 +120,17 @@ is_selfserv_alive() - if [ "${OS_ARCH}" = "WINNT" ] && \ - [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then - PID=${SHELL_SERVERPID} - else - PID=`cat ${SERVERPID}` - fi - - echo "kill -0 ${PID} >/dev/null 2>/dev/null" -- if [[ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]]; then -+ if [ "${NSS_NO_SSL2}" = "1" ] && [ -n ${EXP} -o -n ${SSL2} ]; then - echo "No server to kill" - else - kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable" - fi - - echo "selfserv with PID ${PID} found at `date`" - } - -@@ -221,25 +222,26 @@ start_selfserv() - ECC_OPTIONS="" - fi - if [ "$1" = "mixed" ]; then - ECC_OPTIONS="-e ${HOSTADDR}-ecmixed" - fi - echo "selfserv starting at `date`" - echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\" - echo " ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\" -- echo " $verbose -H 1 &" -+ echo " $verbose -H 1 -V ssl3: &" - if [ ${fileout} -eq 1 ]; then - ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ - ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \ -- > ${SERVEROUTFILE} 2>&1 & -+ -V ssl3:> ${SERVEROUTFILE} 2>&1 & - RET=$? - else - ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ -- ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 & -+ ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 \ -+ -V ssl3: & - RET=$? - fi - - # The PID $! returned by the MKS or Cygwin shell is not the PID of - # the real background process, but rather the PID of a helper - # process (sh.exe). MKS's kill command has a bug: invoking kill - # on the helper process does not terminate the real background - # process. Our workaround has been to have selfserv save its PID -diff --git a/tests/ssl/sslcov.txt b/tests/ssl/sslcov.txt ---- a/tests/ssl/sslcov.txt -+++ b/tests/ssl/sslcov.txt -@@ -171,9 +171,9 @@ - ECC TLS12 :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA - ECC TLS12 :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ECC TLS12 :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ECC TLS12 :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - ECC TLS12 :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ECC TLS12 :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384 - ECC TLS12 :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -- ECC TLS12 :0030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384 -+ ECC TLS12 :C030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384 diff --git a/SOURCES/ssl-server-min-key-sizes.patch b/SOURCES/ssl-server-min-key-sizes.patch index 1ed9a82..fbb4215 100644 --- a/SOURCES/ssl-server-min-key-sizes.patch +++ b/SOURCES/ssl-server-min-key-sizes.patch @@ -1,35 +1,68 @@ -diff -up nss/lib/ssl/ssl3con.c.min_key_sizes nss/lib/ssl/ssl3con.c ---- nss/lib/ssl/ssl3con.c.min_key_sizes 2015-06-08 11:38:41.154472496 -0700 -+++ nss/lib/ssl/ssl3con.c 2015-06-08 11:43:45.538294127 -0700 -@@ -6743,7 +6743,7 @@ ssl3_HandleServerKeyExchange(sslSocket * +diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h +--- a/lib/nss/nssoptions.h ++++ b/lib/nss/nssoptions.h +@@ -11,11 +11,11 @@ + * file into NSS proper */ + + /* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ + #define SSL_RSA_MIN_MODULUS_BITS 1023 + /* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +-#define SSL_DH_MIN_P_BITS 1023 ++#define SSL_DH_MIN_P_BITS 768 + #define SSL_DSA_MIN_P_BITS 1023 + +diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c +--- a/lib/ssl/ssl3con.c ++++ b/lib/ssl/ssl3con.c +@@ -6950,17 +6950,17 @@ ssl3_HandleServerKeyExchange(sslSocket * goto loser; /* malformed. */ } + + rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); + if (rv != SECSuccess) { + minDH = SSL_DH_MIN_P_BITS; + } dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); -- if (dh_p_bits < DH_MIN_P_BITS) { +- if (dh_p_bits < minDH) { + if (dh_p_bits < SSL_DH_MIN_P_BITS) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } -@@ -10056,9 +10056,12 @@ ssl3_AuthCertificate(sslSocket *ss) - /* We aren't checking EC here on the understanding that we only - * support curves we like, a decision that might need revisiting. */ - if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || -- pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) || -- (pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) || -- (pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) { -+ pubKeyType == rsaOaepKey) && -+ ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || -+ (pubKeyType == dsaKey && -+ ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || -+ (pubKeyType == dhKey && -+ ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { - PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); - (void)SSL3_SendAlert(ss, alert_fatal, - ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 -diff -up nss/lib/ssl/sslimpl.h.min_key_sizes nss/lib/ssl/sslimpl.h ---- nss/lib/ssl/sslimpl.h.min_key_sizes 2015-06-08 11:39:30.287475197 -0700 -+++ nss/lib/ssl/sslimpl.h 2015-06-08 11:46:14.262275334 -0700 -@@ -153,6 +153,15 @@ typedef enum { SSLAppOpRead = 0, + rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); + if (rv != SECSuccess) { + goto loser; /* malformed. */ + } + /* Abort if dh_g is 0, 1, or obviously too big. */ +diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h +--- a/lib/ssl/sslimpl.h ++++ b/lib/ssl/sslimpl.h +@@ -24,16 +24,17 @@ + #include "nssilock.h" + #include "pkcs11t.h" + #if defined(XP_UNIX) || defined(XP_BEOS) + #include "unistd.h" + #endif + #include "nssrwlk.h" + #include "prthread.h" + #include "prclist.h" ++#include "nssoptions.h" /* defines SSL_DH_MIN_P_BITS 768 */ + + #include "sslt.h" /* for some formerly private types, now public */ + + /* to make some of these old enums public without namespace pollution, + ** it was necessary to prepend ssl_ to the names. + ** These #defines preserve compatibility with the old code here in libssl. + */ + typedef SSLKEAType SSL3KEAType; +@@ -149,16 +150,24 @@ typedef enum { SSLAppOpRead = 0, + #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000 + + #ifndef BPB + #define BPB 8 /* Bits Per Byte */ + #endif #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ @@ -39,9 +72,13 @@ diff -up nss/lib/ssl/sslimpl.h.min_key_sizes nss/lib/ssl/sslimpl.h +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ -+#define SSL_DH_MIN_P_BITS 768 +#define SSL_DSA_MIN_P_BITS 1023 + #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ + + typedef struct sslBufferStr sslBuffer; + typedef struct sslConnectInfoStr sslConnectInfo; + typedef struct sslGatherStr sslGather; + typedef struct sslSecurityInfoStr sslSecurityInfo; diff --git a/SOURCES/sslauth-no-v2.patch b/SOURCES/sslauth-no-v2.patch new file mode 100644 index 0000000..3aab27a --- /dev/null +++ b/SOURCES/sslauth-no-v2.patch @@ -0,0 +1,77 @@ +diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt +--- a/tests/ssl/sslauth.txt ++++ b/tests/ssl/sslauth.txt +@@ -3,28 +3,28 @@ + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This file defines the tests for client auth. + # + # expected + # Enable return server client Test Case name + # ECC value params params + # ------- ------ ------ ------ --------------- +- noECC 0 -r -w_nss_-n_none TLS Request don't require client auth (client does not provide auth) +- noECC 0 -r -w_bogus_-n_TestUser TLS Request don't require client auth (bad password) +- noECC 0 -r -w_nss_-n_TestUser TLS Request don't require client auth (client auth) +- noECC 254 -r_-r -w_nss_-n_none TLS Require client auth (client does not provide auth) +- noECC 254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password) +- noECC 0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth) +- noECC 0 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth) +- noECC 0 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password) +- noECC 0 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth) +- noECC 254 -r_-r -V_:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth) +- noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password) +- noECC 0 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth) ++ noECC 0 -r -V_ssl3:_-w_nss_-n_none TLS Request don't require client auth (client does not provide auth) ++ noECC 0 -r -V_ssl3:_-w_bogus_-n_TestUser TLS Request don't require client auth (bad password) ++ noECC 0 -r -V_ssl3:_-w_nss_-n_TestUser TLS Request don't require client auth (client auth) ++ noECC 254 -r_-r -V_ssl3:_-w_nss_-n_none TLS Require client auth (client does not provide auth) ++ noECC 254 -r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Require client auth (bad password) ++ noECC 0 -r_-r -V_ssl3:_-w_nss_-n_TestUser_ TLS Require client auth (client auth) ++ noECC 0 -r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth) ++ noECC 0 -r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password) ++ noECC 0 -r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth) ++ noECC 254 -r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth) ++ noECC 254 -r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password) ++ noECC 0 -r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth) + noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_none TLS Request don't require client auth on 2nd hs (client does not provide auth) + noECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password) + noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth) + noECC 1 -r_-r_-r_-r -V_ssl3:_-w_nss_-n_none TLS Require client auth on 2nd hs (client does not provide auth) + noECC 1 -r_-r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Require client auth on 2nd hs (bad password) + noECC 0 -r_-r_-r_-r -V_ssl3:_-w_nss_-n_TestUser TLS Require client auth on 2nd hs (client auth) + noECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_none TLS 1.0 Request don't require client auth on 2nd hs (client does not provide auth) + noECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser TLS 1.0 Request don't require client auth on 2nd hs (bad password) +@@ -36,24 +36,24 @@ + noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password) + noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth) + noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth) + noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password) + noECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth) + # + # Use EC cert for client authentication + # +- ECC 0 -r -w_bogus_-n_TestUser-ec TLS Request don't require client auth (EC) (bad password) +- ECC 0 -r -w_nss_-n_TestUser-ec TLS Request don't require client auth (EC) (client auth) +- ECC 254 -r_-r -w_bogus_-n_TestUser-ec TLS Require client auth (EC) (bad password) +- ECC 0 -r_-r -w_nss_-n_TestUser-ec_ TLS Require client auth (EC) (client auth) +- ECC 0 -r -V_:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth (EC) (bad password) +- ECC 0 -r -V_:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth (EC) (client auth) +- ECC 254 -r_-r -V_:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth (EC) (bad password) +- ECC 0 -r_-r -V_:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth (EC) (client auth) ++ ECC 0 -r -V_ssl3:_-w_bogus_-n_TestUser-ec TLS Request don't require client auth (EC) (bad password) ++ ECC 0 -r -V_ssl3:_-w_nss_-n_TestUser-ec TLS Request don't require client auth (EC) (client auth) ++ ECC 254 -r_-r -V_ssl3:_-w_bogus_-n_TestUser-ec TLS Require client auth (EC) (bad password) ++ ECC 0 -r_-r -V_ssl3:_-w_nss_-n_TestUser-ec_ TLS Require client auth (EC) (client auth) ++ ECC 0 -r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth (EC) (bad password) ++ ECC 0 -r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth (EC) (client auth) ++ ECC 254 -r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth (EC) (bad password) ++ ECC 0 -r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth (EC) (client auth) + ECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser-ec TLS Request don't require client auth on 2nd hs (EC) (client auth) + ECC 1 -r_-r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser-ec TLS Require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r_-r -V_ssl3:_-w_nss_-n_TestUser-ec_ TLS Require client auth on 2nd hs (EC) (client auth) + ECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Request don't require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth) + ECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Require client auth on 2nd hs (EC) (bad password) + ECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_ TLS 1.0 Require client auth on 2nd hs (EC) (client auth) diff --git a/SOURCES/sslinfo-fix-info.patch b/SOURCES/sslinfo-fix-info.patch deleted file mode 100644 index 2e0219f..0000000 --- a/SOURCES/sslinfo-fix-info.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./nss/lib/ssl/sslinfo.c.fix_info ./nss/lib/ssl/sslinfo.c ---- ./nss/lib/ssl/sslinfo.c.fix_info 2015-08-17 07:25:53.039762148 -0700 -+++ ./nss/lib/ssl/sslinfo.c 2015-08-17 07:26:44.556390051 -0700 -@@ -218,7 +218,7 @@ static const SSLCipherSuiteInfo suiteInf - {0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, - {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, - {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, --{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_SHA384, 1, 0, 0, }, -+{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, }, - - /* SSL 2 table */ - {0,CK(SSL_CK_RC4_128_WITH_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, diff --git a/SOURCES/tests-extra.patch b/SOURCES/tests-extra.patch new file mode 100644 index 0000000..662a2fb --- /dev/null +++ b/SOURCES/tests-extra.patch @@ -0,0 +1,26 @@ +diff -up ./tests/ssl/sslcov.txt.extra ./tests/ssl/sslcov.txt +--- ./tests/ssl/sslcov.txt.extra 2016-02-18 19:03:02.168464819 -0500 ++++ ./tests/ssl/sslcov.txt 2016-02-18 19:07:07.831906435 -0500 +@@ -35,6 +35,9 @@ + noECC SSL3 v SSL3_RSA_WITH_AES_128_CBC_SHA + noECC SSL3 y SSL3_RSA_WITH_AES_256_CBC_SHA + noECC SSL3 z SSL3_RSA_WITH_NULL_SHA ++ noECC TLS12 :009F TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ++ noECC TLS12 :00A3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 ++ noECC TLS12 :009D TLS_RSA_WITH_AES_256_GCM_SHA384 + # noECC SSL3 :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + # noECC SSL3 :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + # +@@ -167,6 +170,10 @@ + ECC TLS12 :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA + ECC TLS12 :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA + ECC TLS12 :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ++ ECC TLS12 :C024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ++ ECC TLS12 :C028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + ECC TLS12 :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ++ ECC TLS12 :C02C TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384 + ECC TLS12 :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ++ ECC TLS12 :C030 TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA384 +diff -up ./tests/ssl/ssl.sh.extra ./tests/ssl/ssl.sh +diff -up ./tests/ssl/sslstress.txt.extra ./tests/ssl/sslstress.txt diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 0c41c3b..649cf0a 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -1,9 +1,13 @@ -%global nspr_version 4.10.8 -%global nss_util_version 3.19.1 +%global nspr_version 4.11.0 +%global nss_util_version 3.21.0 +%global nss_util_build -2.2 # adjust to the version that gets submitted for FIPS validation %global nss_softokn_fips_version 3.16.2 %global nss_softokn_version 3.16.2.3 -%global required_softokn_build_version -13 +# Attention: Separate softokn versions for build and runtime. +%global runtime_required_softokn_build_version -14.2 +# Building NSS doesn't require the softokn -13 build. +%global build_required_softokn_build_version -13 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv" @@ -22,15 +26,15 @@ Summary: Network Security Services Name: nss -Version: 3.19.1 -Release: 19%{?dist} +Version: 3.21.0 +Release: 9%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries Requires: nspr >= %{nspr_version} -Requires: nss-util >= %{nss_util_version} +Requires: nss-util >= %{nss_util_version}%{nss_util_build} # TODO: revert to same version as nss once we are done with the merge -Requires: nss-softokn%{_isa} >= %{nss_softokn_version}%{required_softokn_build_version} +Requires: nss-softokn%{_isa} >= %{nss_softokn_version}%{runtime_required_softokn_build_version} Requires: nss-system-init Requires(post): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/update-alternatives @@ -38,8 +42,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= %{nspr_version} # TODO: revert to same version as nss once we are done with the merge # Using '>=' but on RHEL the requires should be '=' -BuildRequires: nss-softokn-devel >= %{nss_softokn_version}%{required_softokn_build_version} -BuildRequires: nss-util-devel >= %{nss_util_version} +BuildRequires: nss-softokn-devel >= %{nss_softokn_version}%{build_required_softokn_build_version} +BuildRequires: nss-util-devel >= %{nss_util_version}%{nss_util_build} BuildRequires: sqlite-devel BuildRequires: zlib-devel BuildRequires: pkgconfig @@ -82,7 +86,7 @@ Patch6: nss-enable-pem.patch Patch16: nss-539183.patch Patch18: nss-646045.patch # must statically link pem against the freebl in the buildroot -# Needed only when freebl on tree has new APIS +# Needed only when sources on tree have new APIS Patch25: nsspem-use-system-freebl.patch # TODO: Remove this patch when the ocsp test are fixed Patch40: nss-3.14.0.0-disble-ocsp-test.patch @@ -97,40 +101,60 @@ Patch49: nss-skip-bltest-and-fipstest.patch # headers are older. Such is the case when starting an update with API changes or even private export changes. # Once the buildroot aha been bootstrapped the patch may be removed but it doesn't hurt to keep it. Patch50: iquote.patch +# As of nss-3.21 we compile NSS with -Werror. +# see https://bugzilla.mozilla.org/show_bug.cgi?id=1182667 +# This requires a cleanup of the PEM module as we have it here. +# TODO: submit a patch to the interim nss-pem upstream project +# The submission will be very different from this patch as +# cleanup there is already in progress there. +Patch51: pem-compile-with-Werror.patch Patch52: Bug-1001841-disable-sslv2-libssl.patch Patch53: Bug-1001841-disable-sslv2-tests.patch +Patch54: sslauth-no-v2.patch Patch55: enable-fips-when-system-is-in-fips-mode.patch # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677 Patch56: p-ignore-setpolicy.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144 +Patch62: nss-fix-deadlock-squash.patch +# Two patches from from rhel6.8 that are also needed for rhel-7 +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1054373 +Patch74: race.patch +Patch94: nss-3.16-token-init-race.patch Patch99: ssl-server-min-key-sizes.patch +Patch100: fix-min-library-version-in-SSLVersionRange.patch # Add support for sha384 tls cipher suites, dss cipher suites, and # server-side dhe key exchange # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=102794 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 Patch101: dhe-sha384-dss-support.patch -Patch102: prfnonsha256.patch -Patch103: sha384-client-verify.patch -# Fix flaws in Patch53 which caused needed tests to be skipped which could hide errors -Patch104: fix-disable-sslv2-tests.patch -# Fix Patch52 which caused NULL ciphers failures -Patch105: fix-disable-sslv2-libssl.patch -# Enables veriying fix for TLS_RSA_WITH_NULL_... not working in RHEL7 -# Partial set of the required ciphers to be enabled by default -Patch106: additional-cipher-suites-enabled-by-default.patch -Patch107: sslinfo-fix-info.patch -Patch108: fix-min-library-version-in-SSLVersionRange.patch -Patch109: enable-ecdsa-ciphers-by-default.patch +# TODO: From upstream review: For the client authentication case, should +# probably drop our hack of swapping between sha256 and sha384 and plan +# on implementing the fix we already have a patch for. What is that fix? +Patch102: client_auth_for_sha384_prf_support.patch +Patch103: nss-fix-client-auth-init-hashes.patch +Patch104: nss-map-oid-to-hashalg.patch +Patch105: nss-remove-bogus-assert.patch +Patch106: nss-old-pkcs11-num.patch +Patch107: nss-enable-384-cipher-tests.patch +Patch108: nss-sni-c-v-fix.patch +Patch109: nss-fix-signature-and-hash.patch +Patch110: nss-sslstress-txt-ssl3-lower-value-in-range.patch + # Enable by default two additional ciphers and fix order of two tables # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 -Patch110: reorder-cipher-suites.patch -# Expand client side CLI options for ocsp stapling and SNI tests -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 -Patch111: ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch -# TODO: File a bug upstream with and expanded patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1211403 Patch112: rh1238290.patch -Patch113: cve-2015-7575-minimal.patch +# Local: keep as long nss-softokn lacks support +Patch113: disable-extended-master-secret-with-old-softoken.patch +# extra tests needed +Patch114: tests-extra.patch +Patch115: nss-prevent-abi-issue.patch +Patch116: nss-tests-prevent-abi-issue.patch +Patch117: fix-nss-test-filtering.patch +Patch118: fix-allowed-sig-alg.patch +Patch119: nss-ssl-ssl3con-delete-duplicates.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -222,31 +246,39 @@ popd %patch47 -p0 -b .templates %patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote +%patch51 -p1 -b -Werror pushd nss %patch52 -p1 -b .disableSSL2libssl %patch53 -p1 -b .disableSSL2tests -popd -%patch55 -p0 -b .852023 -%patch56 -p0 -b .1026677 -%patch99 -p0 -b .min_key_sizes -pushd nss +%patch54 -p1 -b .sslauth-no-v2 +%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode +%patch56 -p1 -b .1026677_ignore_set_policy +%patch62 -p1 -b .fix_deadlock +%patch99 -p1 -b .min_key_sizes +%patch100 -p0 -b .1171318 %patch101 -p1 -b .dhe_and_sha384 -%patch102 -p1 -b .prfnonsha256 -%patch103 -p1 -b .sha384_client_verify +%patch102 -p1 -b .client_auth_prf +%patch112 -p1 -b .1238290 +%patch113 -p1 -b .disable-ems +%patch114 -p1 -b .extra +%patch115 -p1 -b .abi_lib +%patch116 -p1 -b .abi_tests +%patch117 -p1 -b .test-filtering +%patch74 -p1 -b .race popd -%patch104 -p0 -b .fix_skipping -%patch105 -p0 -b .null_ciphers -%patch106 -p0 -b .1245627 -%patch107 -p0 -b .fix_info -%patch108 -p0 -b .1171318 -%patch109 -p0 -b .enable_ecdsa -%patch110 -p0 -b .order -%patch111 -p0 -b .ocsp_sni +%patch94 -p0 -b .init-token-race +%patch103 -p0 -b .fix_client_auth_crash +%patch104 -p0 -b .use_oids +%patch105 -p0 -b .remove_bogus_assert +%patch106 -p0 -b .old_pkcs11_num +%patch107 -p0 -b .enable_384_cipher_tests +%patch108 -p0 -b .sni_c_v_fix +%patch109 -p0 -b .fix_signature_and_hash +%patch110 -p0 -b .no_ssl2 pushd nss -%patch112 -p1 -b .1238290 -%patch113 -p1 -b .cve-2015-7575 +%patch118 -p1 -b .allowed-sig-alg popd - +%patch119 -p0 -b .delete_duplicates ######################################################### # Higher-level libraries and test tools need access to @@ -264,6 +296,10 @@ done %{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf %{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf +# Before removing util directory we must save verref.h +# as it will be needed later during the build phase. +%{__mv} ./nss/lib/util/verref.h ./nss/verref.h + ##### Remove util/freebl/softoken and low level tools ######## Remove freebl, softoken and util %{__rm} -rf ./nss/lib/freebl @@ -293,8 +329,7 @@ FREEBL_NO_DEPEND=1 export FREEBL_NO_DEPEND # Enable compiler optimizations and disable debugging code -BUILD_OPT=1 -export BUILD_OPT +export BUILD_OPT=1 # Uncomment to disable optimizations #RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/-O2/-O0/g'` @@ -359,6 +394,13 @@ export NSS_ECC_MORE_THAN_SUITE_B export NSS_BLTEST_NOT_AVAILABLE=1 %{__make} -C ./nss/coreconf %{__make} -C ./nss/lib/dbm + +# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c +# need nss/lib/util/verref.h which is exported privately, +# copy the one we saved during prep so it they can find it. +%{__mkdir_p} ./dist/private/nss +%{__mv} ./nss/verref.h ./dist/private/nss/verref.h + %{__make} -C ./nss unset NSS_BLTEST_NOT_AVAILABLE @@ -444,8 +486,7 @@ export NSS_NO_SSL2=1 FREEBL_NO_DEPEND=1 export FREEBL_NO_DEPEND -BUILD_OPT=1 -export BUILD_OPT +export BUILD_OPT=1 %ifnarch noarch %if 0%{__isa_bits} == 64 @@ -456,7 +497,7 @@ export USE_64 export NSS_BLTEST_NOT_AVAILABLE=1 -# needed for the fips manging test +# needed for the fips mangling test export SOFTOKEN_LIB_DIR=%{_libdir} # End -- copied from the build section @@ -844,6 +885,32 @@ fi %changelog +* Fri Apr 15 2016 Kai Engert - 3.21.0-9 +- Rebuild to require the latest nss-util build and nss-softokn build. + +* Mon Apr 11 2016 Kai Engert - 3.21.0-8 +- Update the minimum nss-softokn build required at runtime. + +* Mon Apr 04 2016 Elio Maldonado - 3.21.0-7 +- Delete duplicates from one table + +* Tue Mar 29 2016 Kai Engert - 3.21.0-6 +- Fix missing support for sha384/dsa in certificate_request + +* Wed Mar 23 2016 Kai Engert - 3.21.0-5 +- Fix the SigAlgs sent in certificate_request + +* Tue Mar 22 2016 Elio Maldonado - 3.21.0-4 +- Ensure all ssl.sh tests are executed +- Update sslauth test patch to run additional tests + +* Thu Feb 25 2016 Elio Maldonado - 3.21.0-2 +- Fix sha384 support and testing patches + +* Mon Feb 22 2016 Elio Maldonado - 3.21.0-1 +- Rebase to NSS-3.21 +- Resolves: Bug 1310581 + * Tue Dec 15 2015 Elio Maldonado - 3.19.1-19 - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Resolves: Bug 1289883