diff options
author | cvs2hg <devnull@localhost> | 2003-02-25 01:43:50 +0000 |
---|---|---|
committer | cvs2hg <devnull@localhost> | 2003-02-25 01:43:50 +0000 |
commit | 3fea70e7685fdf501ea19855abcc57436b67999a (patch) | |
tree | dc52e754578504b1e4b07e09ecba7c644db15529 | |
parent | 6deebffb838c0db1f5245465d8d120cfa646b997 (diff) | |
download | nss-hg-3fea70e7685fdf501ea19855abcc57436b67999a.tar.gz |
fixup commit for branch 'BOOKMARKS_20030310_BRANCH'BOOKMARKS_20030320_BASEBOOKMARKS_20030310_BASE
-rw-r--r-- | security/coreconf/OS2.mk | 39 | ||||
-rw-r--r-- | security/coreconf/rules.mk | 21 | ||||
-rw-r--r-- | security/nss/lib/ckfw/nssck.api | 2 | ||||
-rw-r--r-- | security/nss/lib/smime/cmsencdata.c | 1 | ||||
-rw-r--r-- | security/nss/lib/smime/cmssigdata.c | 90 | ||||
-rw-r--r-- | security/nss/lib/smime/smime.def | 7 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 115 |
7 files changed, 196 insertions, 79 deletions
diff --git a/security/coreconf/OS2.mk b/security/coreconf/OS2.mk index 4b80a7f81..00f028d8e 100644 --- a/security/coreconf/OS2.mk +++ b/security/coreconf/OS2.mk @@ -86,10 +86,16 @@ DSO_LDOPTS = -Zomf -Zdll -Zmt -Zcrtdll -Zlinker /NOO SHLIB_LDSTARTFILE = SHLIB_LDENDFILE = ifdef MAPFILE -# Add LD options to restrict exported symbols to those in the map file +MKSHLIB += $(MAPFILE) endif -# Change PROCESS to put the mapfile in the correct format for this platform -PROCESS_MAP_FILE = copy $(LIBRARY_NAME).def $@ +PROCESS_MAP_FILE = \ + echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \ + echo PROTMODE >> $@; \ + echo CODE LOADONCALL MOVEABLE DISCARDABLE >> $@; \ + echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \ + echo EXPORTS >> $@; \ + grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ + sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@ endif #NO_SHARED_LIB @@ -147,6 +153,17 @@ DSO_LDOPTS = # DLL_SUFFIX = .dll SHLIB_LDSTARTFILE = SHLIB_LDENDFILE = +ifdef MAPFILE +MKSHLIB += $(MAPFILE) +endif +PROCESS_MAP_FILE = \ + echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \ + echo PROTMODE >> $@; \ + echo CODE LOADONCALL MOVEABLE DISCARDABLE >> $@; \ + echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \ + echo EXPORTS >> $@; \ + grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ + sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' >> $@ endif #NO_SHARED_LIB OS_CFLAGS = /Q /qlibansi /Gd /Gm /Su4 /Mp /Tl- @@ -159,20 +176,22 @@ MOZ_COMPONENT_NSPR_LIBS=-L$(DIST)/lib $(NSPR_LIBS) NSPR_INCLUDE_DIR = +DLLFLAGS = /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) +EXEFLAGS = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE +LDFLAGS = /FREE /NOE /LINENUMBERS /nologo + ifdef BUILD_OPT -OPTIMIZER = -Oi -G5 +OPTIMIZER = /O+ /Gl+ /G5 /qarch=pentium DEFINES += -UDEBUG -U_DEBUG -DNDEBUG -DLLFLAGS = /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) -EXEFLAGS = -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE OBJDIR_TAG = _OPT -LDFLAGS = /FREE /NODEBUG /NOE /LINENUMBERS /nologo +LDFLAGS += /NODEBUG /OPTFUNC /EXEPACK:2 /PACKCODE /PACKDATA else OS_CFLAGS += /Ti+ DEFINES += -DDEBUG -D_DEBUG -DDEBUGPRINTS #HCT Need += to avoid overidding manifest.mn -DLLFLAGS = /DEBUG /DLL /O:$@ /INC:_dllentry /MAP:$(@:.dll=.map) -EXEFLAGS = -DEBUG -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE +DLLFLAGS += /DE +EXEFLAGS += /DE OBJDIR_TAG = _DBG -LDFLAGS = /FREE /DE /NOE /LINENUMBERS /nologo +LDFLAGS += /DE endif # BUILD_OPT endif # XP_OS2_VACPP diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk index 84fc90eb5..aca7eaa6b 100644 --- a/security/coreconf/rules.mk +++ b/security/coreconf/rules.mk @@ -312,7 +312,7 @@ endif ifeq ($(OS_TARGET),OS2) $(IMPORT_LIBRARY): $(SHARED_LIBRARY) rm -f $@ - $(IMPLIB) $@ $(patsubst %.lib,%.dll.def,$@) + $(IMPLIB) $@ $(SHARED_LIBRARY) $(RANLIB) $@ endif @@ -339,25 +339,8 @@ else ifeq (,$(filter-out WIN%,$(OS_TARGET))) $(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES)) else -ifeq ($(OS_TARGET),OS2) - @cmd /C "echo LIBRARY $(notdir $(basename $(SHARED_LIBRARY))) INITINSTANCE TERMINSTANCE >$@.def" - @cmd /C "echo PROTMODE >>$@.def" - @cmd /C "echo CODE LOADONCALL MOVEABLE DISCARDABLE >>$@.def" - @cmd /C "echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >>$@.def" - @cmd /C "echo EXPORTS >>$@.def" - $(FILTER) $(OBJS) >>$@.def -ifdef SUB_SHLOBJS - @echo Number of words in OBJ list = $(words $(SUB_SHLOBJS)) - @echo If above number is over 100, need to reedit coreconf/rules.mk - -$(FILTER) $(wordlist 1,20,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 21,40,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 41,60,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 61,80,$(SUB_SHLOBJS)) >>$@.def - -$(FILTER) $(wordlist 81,100,$(SUB_SHLOBJS)) >>$@.def -endif -endif #OS2 ifdef XP_OS2_VACPP - $(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $@.def + $(MKSHLIB) $(DLLFLAGS) $(LDFLAGS) $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) else $(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) endif diff --git a/security/nss/lib/ckfw/nssck.api b/security/nss/lib/ckfw/nssck.api index 15a2cc935..4cbe5e8cc 100644 --- a/security/nss/lib/ckfw/nssck.api +++ b/security/nss/lib/ckfw/nssck.api @@ -1874,7 +1874,7 @@ __ADJOIN(MODULE_NAME,C_GetFunctionList) } /* This one is always present */ -#ifdef WIN32 +#if defined(WIN32) || defined(XP_OS2_VACPP) CK_RV _declspec(dllexport) #else CK_RV CK_ENTRY diff --git a/security/nss/lib/smime/cmsencdata.c b/security/nss/lib/smime/cmsencdata.c index fdfa0a2b9..99e591b88 100644 --- a/security/nss/lib/smime/cmsencdata.c +++ b/security/nss/lib/smime/cmsencdata.c @@ -161,6 +161,7 @@ NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd) /* store the bulk key in the contentInfo so that the encoder can find it */ NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey); + PK11_FreeSymKey(bulkkey); return SECSuccess; } diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index 03a37cda1..82c32be9f 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -460,20 +460,100 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, SECCertUsage certusage, PRBool keepcerts) { int certcount; + CERTCertificate **certArray = NULL; + CERTCertList *certList = NULL; + CERTCertListNode *node; SECStatus rv; + SECItem **rawArray; int i; + PRTime now; certcount = NSS_CMSArray_Count((void **)sigd->rawCerts); - rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts, NULL, - keepcerts, PR_FALSE, NULL); + /* get the certs in the temp DB */ + rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts, + &certArray, PR_FALSE, PR_FALSE, NULL); + if (rv != SECSuccess) { + goto loser; + } + + if (!keepcerts) { + goto done; + } + + /* build a CertList for filtering */ + certList = CERT_NewCertList(); + if (certList == NULL) { + rv = SECFailure; + goto loser; + } + for (i=0; i < certcount; i++) { + CERTCertificate *cert = CERT_DupCertificate(certArray[i]); + CERT_AddCertToListTail(certList,cert); + } + + /* filter out the certs we don't want */ + rv = CERT_FilterCertListByUsage(certList,certusage, PR_FALSE); + if (rv != SECSuccess) { + goto loser; + } + + /* go down the remaining list of certs and verify that they have + * valid chains, then import them. + */ + now = PR_Now(); + for (node = CERT_LIST_HEAD(certList) ; !CERT_LIST_END(node,certList); + node= CERT_LIST_NEXT(node)) { + CERTCertificateList *certChain; + + if (CERT_VerifyCert(certdb, node->cert, + PR_TRUE, certusage, now, NULL, NULL) != SECSuccess) { + continue; + } + + certChain = CERT_CertChainFromCert(node->cert, certusage, PR_FALSE); + if (!certChain) { + continue; + } + + /* + * CertChain returns an array of SECItems, import expects an array of + * SECItem pointers. Create the SECItem Pointers from the array of + * SECItems. + */ + rawArray = (SECItem **)PORT_Alloc(certChain->len*sizeof (SECItem *)); + if (!rawArray) { + CERT_DestroyCertificateList(certChain); + continue; + } + for (i=0; i < certChain->len; i++) { + rawArray[i] = &certChain->certs[i]; + } + (void )CERT_ImportCerts(certdb, certusage, certChain->len, + rawArray, NULL, keepcerts, PR_FALSE, NULL); + PORT_Free(rawArray); + CERT_DestroyCertificateList(certChain); + } + + rv = SECSuccess; /* XXX CRL handling */ +done: if (sigd->signerInfos != NULL) { /* fill in all signerinfo's certs */ for (i = 0; sigd->signerInfos[i] != NULL; i++) - (void)NSS_CMSSignerInfo_GetSigningCertificate(sigd->signerInfos[i], certdb); + (void)NSS_CMSSignerInfo_GetSigningCertificate( + sigd->signerInfos[i], certdb); + } + +loser: + /* now free everything */ + if (certArray) { + CERT_DestroyCertArray(certArray,certcount); + } + if (certList) { + CERT_DestroyCertList(certList); } return rv; @@ -531,6 +611,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, SECStatus rv = SECSuccess; int i; int count; + PRTime now; if (!sigd || !certdb || !sigd->rawCerts) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -538,6 +619,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, } count = NSS_CMSArray_Count((void**)sigd->rawCerts); + now = PR_Now(); for (i=0; i < count; i++) { if (sigd->certs && sigd->certs[i]) { cert = CERT_DupCertificate(sigd->certs[i]); @@ -548,7 +630,7 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, break; } } - rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, PR_Now(), + rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, now, NULL, NULL); CERT_DestroyCertificate(cert); } diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 87ba37f6d..c80e7e73a 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -223,3 +223,10 @@ NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert; ;+ local: ;+ *; ;+}; +;+NSS_3.7.2 { # NSS 3.7.2 release +;+ global: +NSS_CMSRecipientInfo_WrapBulkKey; +NSS_CMSRecipientInfo_UnwrapBulkKey; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 4bb873b03..002a80399 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -1323,6 +1323,33 @@ ssl3_ComputeRecordMAC( return rv; } +static PRBool +ssl3_ClientAuthTokenPresent(sslSessionID *sid) { + PK11SlotInfo *slot = NULL; + PRBool isPresent = PR_TRUE; + + /* we only care if we are doing client auth */ + if (!sid || !sid->u.ssl3.clAuthValid) { + return PR_TRUE; + } + + /* get the slot */ + slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, + sid->u.ssl3.clAuthSlotID); + if (slot == NULL || + !PK11_IsPresent(slot) || + sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || + sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || + sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || + !PK11_IsLoggedIn(slot, NULL)) { + isPresent = PR_FALSE; + } + if (slot) { + PK11_FreeSlot(slot); + } + return isPresent; +} + /* Process the plain text before sending it. * Returns the number of bytes of plaintext that were succesfully sent * plus the number of bytes of plaintext that were copied into the @@ -1367,6 +1394,12 @@ ssl3_SendRecord( sslSocket * ss, } } + /* check for Token Presence */ + if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { + PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); + return SECFailure; + } + while (bytes > 0) { PRInt32 count; PRUint32 contentLen; @@ -2691,21 +2724,8 @@ ssl3_SendClientHello(sslSocket *ss) ** holds the private key still exists, is logged in, hasn't been ** removed, etc. */ - if (sidOK && sid->u.ssl3.clAuthValid) { - slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID, - sid->u.ssl3.clAuthSlotID); - if (slot == NULL || - !PK11_IsPresent(slot) || - sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) || - sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) || - sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) || - !PK11_IsLoggedIn(slot, NULL)) { - sidOK = PR_FALSE; - } - if (slot) { - PK11_FreeSlot(slot); - slot = NULL; - } + if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) { + sidOK = PR_FALSE; } if (!sidOK) { @@ -7393,9 +7413,10 @@ const ssl3BulkCipherDef *cipher_def; ssl3State * ssl3 = ss->ssl3; ssl3CipherSpec * crSpec; SECStatus rv; - unsigned int hashBytes; + unsigned int hashBytes = MAX_MAC_LENGTH + 1; unsigned int padding_length; PRBool isTLS; + PRBool padIsBad = PR_FALSE; SSL3ContentType rType; SSL3Opaque hash[MAX_MAC_LENGTH]; @@ -7412,6 +7433,12 @@ const ssl3BulkCipherDef *cipher_def; ssl3 = ss->ssl3; + /* check for Token Presence */ + if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) { + PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); + return SECFailure; + } + /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX(). * This implies that databuf holds a previously deciphered SSL Handshake * message. @@ -7430,6 +7457,7 @@ const ssl3BulkCipherDef *cipher_def; SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes", SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048)); /* sslBuffer_Grow has set a memory error code. */ + /* Perhaps we should send an alert. (but we have no memory!) */ return SECFailure; } } @@ -7455,11 +7483,11 @@ const ssl3BulkCipherDef *cipher_def; PRINT_BUF(80, (ss, "cleartext:", databuf->buf, databuf->len)); if (rv != SECSuccess) { + int err = ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); ssl_ReleaseSpecReadLock(ss); - ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); - SSL3_SendAlert(ss, alert_fatal, - isTLS ? decryption_failed : bad_record_mac); - ssl_MapLowLevelError(SSL_ERROR_DECRYPTION_FAILURE); + SSL3_SendAlert(ss, alert_fatal, + isTLS ? decryption_failed : bad_record_mac); + PORT_SetError(err); return SECFailure; } @@ -7467,48 +7495,45 @@ const ssl3BulkCipherDef *cipher_def; if (cipher_def->type == type_block) { padding_length = *(databuf->buf + databuf->len - 1); /* TLS permits padding to exceed the block size, up to 255 bytes. */ - if (padding_length + crSpec->mac_size >= databuf->len) - goto bad_pad; + if (padding_length + 1 + crSpec->mac_size > databuf->len) + padIsBad = PR_TRUE; /* if TLS, check value of first padding byte. */ - if (padding_length && isTLS && padding_length != - *(databuf->buf + databuf->len - 1 - padding_length)) - goto bad_pad; - databuf->len -= padding_length + 1; - if (databuf->len <= 0) { -bad_pad: - /* must not hold spec lock when calling SSL3_SendAlert. */ - ssl_ReleaseSpecReadLock(ss); - /* SSL3 & TLS must send bad_record_mac if padding check fails. */ - SSL3_SendAlert(ss, alert_fatal, bad_record_mac); - PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING); - return SECFailure; - } + else if (padding_length && isTLS && + padding_length != + *(databuf->buf + databuf->len - (padding_length + 1))) + padIsBad = PR_TRUE; + else + databuf->len -= padding_length + 1; } - /* Check the MAC. */ - if (databuf->len < crSpec->mac_size) { - /* record is too short to have a valid mac. */ - goto bad_mac; - } - databuf->len -= crSpec->mac_size; + /* Remove the MAC. */ + if (databuf->len >= crSpec->mac_size) + databuf->len -= crSpec->mac_size; + else + padIsBad = PR_TRUE; /* really macIsBad */ + + /* compute the MAC */ rType = cText->type; rv = ssl3_ComputeRecordMAC( - crSpec, (ss->sec.isServer) ? crSpec->client.write_mac_context + crSpec, (ss->sec.isServer) ? crSpec->client.write_mac_context : crSpec->server.write_mac_context, rType, cText->version, crSpec->read_seq_num, databuf->buf, databuf->len, hash, &hashBytes); if (rv != SECSuccess) { + int err = ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); ssl_ReleaseSpecReadLock(ss); - ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); + SSL3_SendAlert(ss, alert_fatal, bad_record_mac); + PORT_SetError(err); return rv; } - if (hashBytes != (unsigned)crSpec->mac_size || + /* Check the MAC */ + if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || PORT_Memcmp(databuf->buf + databuf->len, hash, crSpec->mac_size) != 0) { -bad_mac: /* must not hold spec lock when calling SSL3_SendAlert. */ ssl_ReleaseSpecReadLock(ss); SSL3_SendAlert(ss, alert_fatal, bad_record_mac); + /* always log mac error, in case attacker can read server logs. */ PORT_SetError(SSL_ERROR_BAD_MAC_READ); SSL_DBG(("%d: SSL3[%d]: mac check failed", SSL_GETPID(), ss->fd)); |