diff options
author | Elio Maldonado <emaldona@redhat.com> | 2016-04-16 20:07:20 -0700 |
---|---|---|
committer | Elio Maldonado <emaldona@redhat.com> | 2016-04-16 20:07:20 -0700 |
commit | 7a547d41d630bacf81e64f188b5cbe28ac6d0819 (patch) | |
tree | 186bc5c71095ebd0fd71ecae0719b455fccc83ec | |
parent | dacf1d6d14775569ba56a1106916b3092ab8b6c3 (diff) | |
download | nss-hg-7a547d41d630bacf81e64f188b5cbe28ac6d0819.tar.gz |
Implement more suggested changes, not all tests passing yet
-rw-r--r-- | lib/ssl/ssl3con.c | 289 | ||||
-rw-r--r-- | lib/ssl/sslimpl.h | 6 | ||||
-rw-r--r-- | lib/ssl/sslinfo.c | 6 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 4 |
4 files changed, 151 insertions, 154 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 050f5bdd6..d8edbfc0d 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -346,157 +346,159 @@ static const ssl3KEADef kea_defs[] = static const ssl3CipherSuiteDef cipher_suite_defs[] = { /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg prf_hash_alg */ - - {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, 0}, - {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, 0}, - {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_256}, - {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, 0}, - {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, 0}, - {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, 0}, +/* Note that the prf_hash_alg is the hash function used by the PRF, see sslimp.h. */ + + {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, prf_null}, + {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, prf_null}, + {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, prf_null}, + {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, prf_null}, + {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, prf_null}, {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - cipher_rc2_40, mac_md5, kea_rsa_export, 0}, + cipher_rc2_40, mac_md5, kea_rsa_export, prf_null}, #if 0 /* not implemented */ - {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, 0}, + {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, prf_null}, {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_rsa_export, 0}, + cipher_des40, mac_sha, kea_rsa_export, prf_null}, #endif - {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, 0}, - {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, 0}, + {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, prf_null}, + {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - cipher_3des, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, 0}, + cipher_3des, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, prf_null}, #if 0 /* not implemented */ {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_dss_export, 0}, - {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, 0}, - {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, 0}, + cipher_des40, mac_sha, kea_dh_dss_export, prf_null}, + {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, prf_null}, {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_rsa_export, 0}, - {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, 0}, + cipher_des40, mac_sha, kea_dh_rsa_export, prf_null}, + {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, prf_null}, {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_dss_export, 0}, + cipher_des40, mac_sha, kea_dh_dss_export, prf_null}, {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_rsa_export, 0}, + cipher_des40, mac_sha, kea_dh_rsa_export, prf_null}, #endif - {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, 0}, + {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, prf_null}, {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - cipher_3des, mac_sha, kea_dhe_rsa, 0}, + cipher_3des, mac_sha, kea_dhe_rsa, prf_null}, #if 0 - {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, 0}, + {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, prf_null}, {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_anon_export, 0}, - {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, 0}, - {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, 0}, + cipher_des40, mac_sha, kea_dh_anon_export, prf_null}, + {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, prf_null}, + {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, prf_null}, #endif /* New TLS cipher suites */ - {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, 0}, - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, 0}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_256}, - {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, 0}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_256}, + {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_sha256}, + {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_sha256}, + {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_sha384}, #if 0 - {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, 0}, - {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, 0}, - {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, 0}, - {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, 0}, + {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, prf_null}, + {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, prf_null}, #endif {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, - {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, 0}, + {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, prf_null}, {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - cipher_camellia_128, mac_sha, kea_dhe_dss, 0}, + cipher_camellia_128, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - cipher_camellia_128, mac_sha, kea_dhe_rsa, 0}, - {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, 0}, + cipher_camellia_128, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, prf_null}, {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - cipher_camellia_256, mac_sha, kea_dhe_dss, 0}, + cipher_camellia_256, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - cipher_camellia_256, mac_sha, kea_dhe_rsa, 0}, + cipher_camellia_256, mac_sha, kea_dhe_rsa, prf_null}, {TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - cipher_des, mac_sha,kea_rsa_export_1024, 0}, + cipher_des, mac_sha,kea_rsa_export_1024, prf_null}, {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0}, + cipher_rc4_56, mac_sha,kea_rsa_export_1024, prf_null}, - {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0}, - {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, 0}, + {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, prf_null}, + {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, prf_null}, - {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256}, - {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256}, + {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_sha256}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384}, - {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha384}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_sha384}, {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_sha384}, #endif /* NSS_DISABLE_ECC */ - {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_384}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_sha384}, - {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384}, - {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, 0}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_sha384}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, 0}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, #endif /* NSS_DISABLE_ECC */ - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, 0}, - - {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, 0}, - - {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, 0}, - - {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_256}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, 0}, + {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, prf_null}, + + {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, prf_null}, + + {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, prf_null}, + + {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, prf_null}, #if 0 - {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, 0}, + {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, prf_null}, #endif - {TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_psk, prf_256}, + {TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_psk, prf_sha256}, #endif /* NSS_DISABLE_ECC */ }; /* clang-format on */ @@ -816,6 +818,9 @@ ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) if (cipher_suite_defs[i].cipher_suite == suite) return &cipher_suite_defs[i]; } +#ifdef DEBUG + PR_fprintf(PR_STDERR, "***************ERROR: Can't find suite %d\n", suite); +#endif PORT_Assert(PR_FALSE); /* We should never get here. */ PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); return NULL; @@ -3863,17 +3868,36 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } -static CK_MECHANISM_TYPE +CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss) { SSL3PRF prf_alg = ss->ssl3.hs.suite_def->prf_alg; - if (prf_alg == 0) + if (prf_alg == prf_null) return CKM_SHA256; return prf_alg; } +PRUint8 +ssl3_GetSuiteHashAlg(sslSocket *ss) +{ + SECOidData *hashOid = + SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); + if (hashOid == NULL) { + return -1; /* err set by AppendHandshake. */ + } + + if (hashOid->offset == SEC_OID_SHA256) { + return ssl_hash_sha256; + } else if (hashOid->offset == SEC_OID_SHA384) { + return ssl_hash_sha384; + } + PORT_Assert(hashOid->offset == SEC_OID_SHA256 || + hashOid->offset == SEC_OID_SHA384); + return -1; /* err set by AppendHandshake. */ +} + /* This method completes the derivation of the MS from the PMS. ** ** 1. Derive the MS, if possible, else return an error. @@ -4006,6 +4030,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, params.data = (unsigned char *)&master_params; params.len = master_params_len; + /*params.len = sizeof master_params;*/ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, pms_version_ptr, ¶ms, @@ -4320,7 +4345,7 @@ ssl3_InitHandshakeHashes(sslSocket *ss) HASH_HashType ht; CK_MECHANISM_TYPE hm; SECOidTag ot; - const SECOidData *hashOid; + SECOidData *hashOid; hm = ssl3_GetPrfHashMechanism(ss); hashOid = SECOID_FindOIDByMechanism(hm); @@ -4354,18 +4379,16 @@ ssl3_InitHandshakeHashes(sslSocket *ss) * that the master secret will wind up in ... */ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - CK_MECHANISM_TYPE hm; - const SECOidData *hash_oid; /* We support ciphersuites where the PRF hash isn't SHA-256 */ /* determine the hash from the prf */ + const SECOidData *hash_oid; PORT_Assert(ss->ssl3.hs.suite_def); /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg) * Convert that to the OidTag. We can then use that OidTag to create our * PK11Context */ - hm = ssl3_GetPrfHashMechanism(ss); - hash_oid = SECOID_FindOIDByMechanism(hm); + hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); PORT_Assert(hash_oid != NULL); if (hash_oid == NULL) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); @@ -5154,7 +5177,6 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, unsigned int stateLen; unsigned char stackBuf[1024]; unsigned char *stateBuf = NULL; - CK_MECHANISM_TYPE hm; SECOidData *hashOid; h = ss->ssl3.hs.sha; @@ -5177,8 +5199,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, /* updated in support of ciphersuites where the PRF hash * could be SHA-256 or SHA-384 */ - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); + hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); if (hashOid == NULL) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); rv = SECFailure; @@ -7649,8 +7670,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, PRBool supportsHandshakeHash = PR_FALSE; PRBool needBackupHash = PR_FALSE; unsigned int i; - CK_MECHANISM_TYPE hm; - const SECOidData *hashOid; + SECOidData *hashOid; SSLHashType suitePRFHash; PRBool suitePRFIs256Or384 = PR_FALSE; @@ -7670,8 +7690,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, } /* TODO: activate in a separate patch */ - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); + hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); if (hashOid == NULL) { rv = SECFailure; goto done; @@ -9756,30 +9775,6 @@ ssl3_SendServerHello(sslSocket *ss) return SECSuccess; } -PRUint8 FindSuiteHashAlg(sslSocket *ss) -{ - CK_MECHANISM_TYPE hm; - PRUint8 suiteHashAlg; - SECOidData *hashOid; - - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); - if (hashOid == NULL) { - return -1; /* err set by AppendHandshake. */ - } - - if (hashOid->offset == SEC_OID_SHA256) { - suiteHashAlg = ssl_hash_sha256; - } else if (hashOid->offset == SEC_OID_SHA384) { - suiteHashAlg = ssl_hash_sha384; - } else { - PORT_Assert(hashOid->offset == SEC_OID_SHA256 || - hashOid->offset == SEC_OID_SHA384); - return -1; /* err set by AppendHandshake. */ - } - return suiteHashAlg; -} - static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, SSLSignatureAndHashAlg *out); @@ -10115,12 +10110,11 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } - /* TODO: part of a separate patch? */ - suiteHashAlg = FindSuiteHashAlg(ss); + + suiteHashAlg = ssl3_GetSuiteHashAlg(ss); if (suiteHashAlg == -1) { return SECFailure; /* err set by AppendHandshake. */ } - *len = 0; for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; @@ -10199,11 +10193,8 @@ ssl3_SendCertificateRequest(sslSocket *ss) length = 1 + certTypesLength + 2 + calen; -/* TODO: activate FindSuiteHashAlg in a separate patch */ - suiteHashAlg = FindSuiteHashAlg(ss); - if (suiteHashAlg == -1) { - return SECFailure; - } + suiteHashAlg = ssl3_GetSuiteHashAlg(ss); + if (suiteHashAlg == -1) return SECFailure; /* err set by AppendHandshake. */ if (isTLS12) { rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index ff07ef9ee..a2894c799 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -450,8 +450,8 @@ typedef enum { /* The TLS PRF definition */ typedef enum { prf_null = 0, /* use default prf */ - prf_256 = CKM_SHA256, - prf_384 = CKM_SHA384 + prf_sha256 = CKM_SHA256, + prf_sha384 = CKM_SHA384 } SSL3PRF; typedef enum { type_stream, @@ -1928,6 +1928,8 @@ SECStatus ssl3_SendEmptyCertificate(sslSocket *ss); SECStatus ssl3_SendCertificateStatus(sslSocket *ss); SECStatus ssl3_CompleteHandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length); +CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss); +PRUint8 ssl3_GetSuiteHashAlg(sslSocket *ss); SECStatus ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len); void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp, diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c index 32364f5d4..5a6142503 100644 --- a/lib/ssl/sslinfo.c +++ b/lib/ssl/sslinfo.c @@ -261,11 +261,11 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0 }, {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0 }, {0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 }, - {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_128, M_SHA384, 1, 0, 0 }, - {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA384, 1, 0, 0 }, + {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0 }, + {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, 1, 0, 0 }, {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_SHA384, 1, 0, 0 }, {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_SHA256, 1, 0, 0 }, - {0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_128, M_SHA384, 1, 0, 0 }, + {0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_SHA384, 1, 0, 0 }, #endif /* NSS_DISABLE_ECC */ {0,CS(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0 }, diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index af6efa6a5..844abe37a 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -726,6 +726,7 @@ tls13_SendCertificateRequest(sslSocket *ss) PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; unsigned int sigAlgsLength = 0; int length; + PRUint8 suiteHashAlg; SSL_TRC(3, ("%d: TLS13[%d]: begin send certificate_request", SSL_GETPID(), ss->fd)); @@ -734,6 +735,9 @@ tls13_SendCertificateRequest(sslSocket *ss) ss->ssl3.hs.certReqContext[0] = 0; ss->ssl3.hs.certReqContextLen = 1; + suiteHashAlg = ssl3_GetSuiteHashAlg(ss); + if (suiteHashAlg == -1) return SECFailure; /* err set by AppendHandshake. */ + rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), &sigAlgsLength); if (rv != SECSuccess) { |