Fix implementation of SSL_NO_STEP_DOWN. Bug 148452. r=julien.pierre.

Modified Files:  sslimpl.h sslinfo.c sslsecur.c sslsock.c

4 files changed, 97 insertions, 5 deletions

diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h
index 1064f3bcc..f42bd4be3 100644
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -280,6 +280,7 @@ typedef struct sslOptionsStr {
     unsigned int fdx			: 1;  /* 12 */
     unsigned int v2CompatibleHello	: 1;  /* 13 */
     unsigned int detectRollBack  	: 1;  /* 14 */
+    unsigned int noStepDown             : 1;  /* 15 */
 } sslOptions;
 
 typedef enum { sslHandshakingUndetermined = 0,
@@ -506,7 +507,7 @@ struct sslSessionIDStr {
 	    unsigned char         sessionID[SSL2_SESSIONID_BYTES];
 
 	    /* Stuff used to recreate key and read/write cipher objects */
-	    SECItem               masterKey;
+	    SECItem               masterKey;        /* never wrapped */
 	    int                   cipherType;
 	    SECItem               cipherArg;
 	    int                   keyBits;
@@ -895,6 +896,7 @@ struct sslSocketStr {
     unsigned int     TCPconnected       : 1;
     unsigned int     handshakeBegun     : 1;
     unsigned int     delayDisabled      : 1; /* Nagle delay disabled */
+    unsigned int     noStepDown         : 1;
 
     /* version of the protocol to use */
     SSL3ProtocolVersion version;
@@ -1296,6 +1298,12 @@ ssl_EmulateSendFile( PRFileDesc *        sd,
                      PRTransmitFileFlags flags, 
 		     PRIntervalTime      timeout);
 
+
+SECStatus SSL_DisableDefaultExportCipherSuites(void);
+SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
+PRBool    SSL_IsExportCipherSuite(PRUint16 cipherSuite);
+
+
 #ifdef TRACE
 #define SSL_TRACE(msg) ssl_Trace msg
 #else
diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c
index 138514721..218973a2a 100644
--- a/security/nss/lib/ssl/sslinfo.c
+++ b/security/nss/lib/ssl/sslinfo.c
@@ -223,3 +223,58 @@ SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
     PORT_SetError(SEC_ERROR_INVALID_ARGS);
     return SECFailure;
 }
+
+/* This function might be a candidate to be public. 
+ * Disables all export ciphers in the default set of enabled ciphers.
+ */
+SECStatus 
+SSL_DisableDefaultExportCipherSuites(void)
+{
+    const SSLCipherSuiteInfo * pInfo = suiteInfo;
+    unsigned int i;
+    SECStatus rv;
+
+    for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
+    	if (pInfo->isExportable) {
+	    rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
+	    PORT_Assert(rv == SECSuccess);
+	}
+    }
+    return SECSuccess;
+}
+
+/* This function might be a candidate to be public, 
+ * except that it takes an sslSocket pointer as an argument.
+ * A Public version would take a PRFileDesc pointer.
+ * Disables all export ciphers in the default set of enabled ciphers.
+ */
+SECStatus 
+SSL_DisableExportCipherSuites(PRFileDesc * fd)
+{
+    const SSLCipherSuiteInfo * pInfo = suiteInfo;
+    unsigned int i;
+    SECStatus rv;
+
+    for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
+    	if (pInfo->isExportable) {
+	    rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
+	    PORT_Assert(rv == SECSuccess);
+	}
+    }
+    return SECSuccess;
+}
+
+/* Tells us if the named suite is exportable 
+ * returns false for unknown suites.
+ */
+PRBool
+SSL_IsExportCipherSuite(PRUint16 cipherSuite)
+{
+    unsigned int i;
+    for (i = 0; i < NUM_SUITEINFOS; i++) {
+    	if (suiteInfo[i].cipherSuite == cipherSuite) {
+	    return (PRBool)(suiteInfo[i].isExportable);
+	}
+    }
+    return PR_FALSE;
+}
diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c
index 4aedc724a..404f9a7dc 100644
--- a/security/nss/lib/ssl/sslsecur.c
+++ b/security/nss/lib/ssl/sslsecur.c
@@ -678,10 +678,14 @@ SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
 	SECKEY_CacheStaticFlags(sc->serverKey);
     }
 
-    if (kea == kt_rsa) {
-        rv = ssl3_CreateRSAStepDownKeys(ss);
-	if (rv != SECSuccess) {
-	    return SECFailure;	/* err set by ssl3_CreateRSAStepDownKeys */
+    if (kea == kt_rsa && cert && sc->serverKeyBits > 512) {
+	if (ss->noStepDown) {
+	    /* disable all export ciphersuites */
+	} else {
+	    rv = ssl3_CreateRSAStepDownKeys(ss);
+	    if (rv != SECSuccess) {
+		return SECFailure; /* err set by ssl3_CreateRSAStepDownKeys */
+	    }
 	}
     }
 
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index bb13631a2..9803eec96 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -163,6 +163,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,	/* fdx                */
     PR_TRUE,	/* v2CompatibleHello  */
     PR_TRUE,	/* detectRollBack     */
+    PR_FALSE,   /* noStepDown         */
 };
 
 sslSessionIDLookupFunc  ssl_sid_lookup;
@@ -244,6 +245,7 @@ ssl_DupSocket(sslSocket *os)
 	ss->fdx                = os->fdx;
 	ss->v2CompatibleHello  = os->v2CompatibleHello;
 	ss->detectRollBack     = os->detectRollBack;
+	ss->noStepDown         = os->noStepDown;
 
 	ss->peerID             = !os->peerID ? NULL : PORT_Strdup(os->peerID);
 	ss->url                = !os->url    ? NULL : PORT_Strdup(os->url);
@@ -603,6 +605,12 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 	ss->detectRollBack = on;
         break;
 
+      case SSL_NO_STEP_DOWN:        
+	ss->noStepDown     = on;         
+	if (on) 
+	    SSL_DisableExportCipherSuites(fd);
+	break;
+
       default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	rv = SECFailure;
@@ -648,6 +656,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
     case SSL_ENABLE_FDX:          on = ss->fdx;                break;
     case SSL_V2_COMPATIBLE_HELLO: on = ss->v2CompatibleHello;  break;
     case SSL_ROLLBACK_DETECTION:  on = ss->detectRollBack;     break;
+    case SSL_NO_STEP_DOWN:        on = ss->noStepDown;         break;
 
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -686,6 +695,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
     case SSL_ENABLE_FDX:          on = ssl_defaults.fdx;                break;
     case SSL_V2_COMPATIBLE_HELLO: on = ssl_defaults.v2CompatibleHello;  break;
     case SSL_ROLLBACK_DETECTION:  on = ssl_defaults.detectRollBack;     break;
+    case SSL_NO_STEP_DOWN:        on = ssl_defaults.noStepDown;         break;
 
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -777,6 +787,12 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
 	ssl_defaults.detectRollBack = on;
 	break;
 
+      case SSL_NO_STEP_DOWN:        
+	ssl_defaults.noStepDown     = on;         
+	if (on)
+	    SSL_DisableDefaultExportCipherSuites();
+	break;
+
       default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
@@ -854,6 +870,10 @@ SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
 {
     SECStatus rv;
     
+    if (enabled && ssl_defaults.noStepDown && SSL_IsExportCipherSuite(which)) {
+    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+	return SECFailure;
+    }
     if (SSL_IS_SSL2_CIPHER(which)) {
 	rv = ssl2_CipherPrefSetDefault(which, enabled);
     } else {
@@ -889,6 +909,10 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
 	SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
 	return SECFailure;
     }
+    if (enabled && ss->noStepDown && SSL_IsExportCipherSuite(which)) {
+    	PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+	return SECFailure;
+    }
     if (SSL_IS_SSL2_CIPHER(which)) {
 	rv = ssl2_CipherPrefSet(ss, which, enabled);
     } else {
@@ -1873,6 +1897,7 @@ ssl_NewSocket(void)
 	ss->fdx                = ssl_defaults.fdx;
 	ss->v2CompatibleHello  = ssl_defaults.v2CompatibleHello;
 	ss->detectRollBack     = ssl_defaults.detectRollBack;
+	ss->noStepDown         = ssl_defaults.noStepDown;
 	ss->noCache            = ssl_defaults.noCache;
 	ss->peerID             = NULL;
 	ss->rTimeout	       = PR_INTERVAL_NO_TIMEOUT;