Bug 745281 - Provide the option of disabling SSL PKCS #11 bypass at build time, a=emaldona, r=kaie

6 files changed, 72 insertions, 3 deletions

diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk
index c06ba319a..ba59e0f0f 100644
--- a/security/nss/lib/ssl/config.mk
+++ b/security/nss/lib/ssl/config.mk
@@ -39,6 +39,10 @@ ifdef NISCC_TEST
 DEFINES += -DNISCC_TEST
 endif
 
+ifdef NSS_NO_PKCS11_BYPASS
+DEFINES += -DNO_PKCS11_BYPASS
+endif
+
 ifdef NSS_SURVIVE_DOUBLE_BYPASS_FAILURE
 DEFINES += -DNSS_SURVIVE_DOUBLE_BYPASS_FAILURE
 endif
diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c
index a9878b7e8..6900a9ef3 100644
--- a/security/nss/lib/ssl/derive.c
+++ b/security/nss/lib/ssl/derive.c
@@ -587,7 +587,12 @@ SECStatus
 SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 	      PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
               PRBool *pcanbypass, void *pwArg)
-{   SECStatus	      rv;
+{
+#ifdef NO_PKCS11_BYPASS
+    *pcanbypass = PR_FALSE;
+    return SECSuccess;
+#else
+    SECStatus	      rv;
     int		      i;
     PRUint16	      suite;
     PK11SymKey *      pms = NULL;
@@ -877,5 +882,6 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 
 
     return rv;
+#endif /* NO_PKCS11_BYPASS */
 }
 
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index a7269ba84..065980dfa 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -1008,8 +1008,17 @@ ssl3_ComputeCommonKeyHash(PRUint8 * hashBuf, unsigned int bufLen,
     SECStatus     rv 		= SECSuccess;
 
     if (bypassPKCS11) {
+#ifdef NO_PKCS11_BYPASS
+     /* We shouldn't be here. SSL_OptionSet should have returned an error preventing it. */
+     PORT_Assert(!bypassPKCS11);
+     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+     return SECFailure;
+     /* Reset bypassPKCS11 to false and recursevily call ourselves. */
+     /*return ssl3_ComputeCommonKeyHash(hashBuf, bufLen, hashes, PR_TRUE);*/
+#else
 	MD5_HashBuf (hashes->md5, hashBuf, bufLen);
 	SHA1_HashBuf(hashes->sha, hashBuf, bufLen);
+#endif
     } else {
 	rv = PK11_HashBuf(SEC_OID_MD5, hashes->md5, hashBuf, bufLen);
 	if (rv != SECSuccess) {
@@ -1789,6 +1798,12 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
 	}
     }
     if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) {
+#ifdef NO_PKCS11_BYPASS
+	/* Enabling bypassPKCS11 should have been prevented in SSL_OptionSet */ 
+	PORT_Assert(!ss->opt.bypassPKCS11);
+	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	rv = SECFailure;
+#else
 	/* Double Bypass succeeded in extracting the master_secret */
 	const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
 	PRBool             isTLS   = (PRBool)(kea_def->tls_keygen ||
@@ -1802,6 +1817,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
 	if (rv == SECSuccess) {
 	    rv = ssl3_InitPendingContextsBypass(ss);
 	}
+#endif
     } else if (pwSpec->master_secret) {
 	rv = ssl3_DeriveConnectionKeysPKCS11(ss);
 	if (rv == SECSuccess) {
@@ -3177,11 +3193,13 @@ ssl3_RestartHandshakeHashes(sslSocket *ss)
 {
     SECStatus rv = SECSuccess;
 
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	ss->ssl3.hs.messages.len = 0;
 	MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx);
 	SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx);
     } else {
+#endif
 	rv = PK11_DigestBegin(ss->ssl3.hs.md5);
 	if (rv != SECSuccess) {
 	    ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
@@ -3192,7 +3210,9 @@ ssl3_RestartHandshakeHashes(sslSocket *ss)
 	    ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
 	    return rv;
 	}
+#ifndef NO_PKCS11_BYPASS
     }
+#endif
     return rv;
 }
 
@@ -3208,11 +3228,13 @@ ssl3_NewHandshakeHashes(sslSocket *ss)
      * that the master secret will wind up in ...
      */
     SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
 	ss->ssl3.hs.messages.buf = NULL;
 	ss->ssl3.hs.messages.space = 0;
     } else {
+#endif
 	ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5);
 	ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1);
 	if (md5 == NULL) {
@@ -3223,7 +3245,9 @@ ssl3_NewHandshakeHashes(sslSocket *ss)
 	    ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
 	    goto loser;
 	}
+#ifndef NO_PKCS11_BYPASS
     }
+#endif
     if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) {
 	return SECSuccess;
     }
@@ -3260,6 +3284,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b,
 
     PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l));
 
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l);
 	SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l);
@@ -3268,6 +3293,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b,
 #endif
 	return rv;
     }
+#endif
     rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
     if (rv != SECSuccess) {
 	ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
@@ -3524,6 +3550,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *     ss,
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	/* compute them without PKCS11 */
 	PRUint64      md5_cx[MAX_MAC_CONTEXT_LLONGS];
@@ -3607,6 +3634,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *     ss,
 #undef md5cx
 #undef shacx
     } else {
+#endif
 	/* compute hases with PKCS11 */
 	PK11Context * md5;
 	PK11Context * sha       = NULL;
@@ -3750,7 +3778,9 @@ ssl3_ComputeHandshakeHashes(sslSocket *     ss,
 		PORT_ZFree(shaStateBuf, shaStateLen);
 	    }
 	}
+#ifndef NO_PKCS11_BYPASS
     }
+#endif
     return rv;
 }
 
@@ -6454,11 +6484,18 @@ compression_found:
 		break;	/* not an error */
 	    }
 	} else if (ss->opt.bypassPKCS11) {
+#ifdef NO_PKCS11_BYPASS
+		/* Do nothing. The else below is to restart a bypass session
+		 * in a non-bypass socket which doesn't make sense as we are
+		 * disallowing bypass any way. 
+		 */
+#else
 	    wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
 	    wrappedMS.len  = sid->u.ssl3.keys.wrapped_master_secret_len;
 	    memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len);
 	    pwSpec->msItem.data = pwSpec->raw_master_secret;
 	    pwSpec->msItem.len  = wrappedMS.len;
+#endif
 	} else {
 	    /* We CAN restart a bypass session in a non-bypass socket. */
 	    /* need to import the raw master secret to session object */
@@ -9587,10 +9624,12 @@ ssl3_DestroySSL3Info(sslSocket *ss)
     }
 
     /* clean up handshake */
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
 	MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE);
     } 
+#endif
     if (ss->ssl3.hs.md5) {
 	PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE);
     }
diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c
index a3d243c1c..7e11ff72d 100644
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -721,13 +721,17 @@ ssl3_SendNewSessionTicket(sslSocket *ss)
     rv = PK11_GenerateRandom(iv, sizeof(iv));
     if (rv != SECSuccess) goto loser;
 
+#ifndef NO_PKCS11_BYPASS
     if (ss->opt.bypassPKCS11) {
 	rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length,
 	    &mac_key, &mac_key_length);
     } else {
+#endif
 	rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
 	    &mac_key_pkcs11);
+#ifndef NO_PKCS11_BYPASS
     }
+#endif
     if (rv != SECSuccess) goto loser;
 
     if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index bc915bf55..f0806ea05 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -687,11 +687,15 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 	    rv = SECFailure;
 	} else {
             if (PR_FALSE != on) {
+#ifdef NO_PKCS11_BYPASS
+                rv = SECFailure;
+#else
                 if (PR_SUCCESS == SSL_BypassSetup() ) {
                     ss->opt.bypassPKCS11   = on;
                 } else {
                     rv = SECFailure;
                 }
+#endif
             } else {
                 ss->opt.bypassPKCS11   = PR_FALSE;
             }
@@ -971,11 +975,15 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
 
       case SSL_BYPASS_PKCS11:
         if (PR_FALSE != on) {
+#ifndef NO_PKCS11_BYPASS
+            return SECFailure;
+#else
             if (PR_SUCCESS == SSL_BypassSetup()) {
                 ssl_defaults.bypassPKCS11   = on;
             } else {
                 return SECFailure;
             }
+#endif
         } else {
             ssl_defaults.bypassPKCS11   = PR_FALSE;
         }
diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh
index 5a0723bdd..6704b1677 100755
--- a/security/nss/tests/ssl/ssl.sh
+++ b/security/nss/tests/ssl/ssl.sh
@@ -958,7 +958,11 @@ ssl_run_tests()
                 SERVER_OPTIONS=
                 ;;
             "bypass")
-                SERVER_OPTIONS="-B -s"
+                if [ -n "${NSS_NO_PKCS11_BYPASS}" ]; then
+                	echo "${SCRIPTNAME}: bypass not supported."
+                else
+                	SERVER_OPTIONS="-B -s"
+				fi
                 ;;
             "fips")
                 SERVER_OPTIONS=
@@ -975,7 +979,11 @@ ssl_run_tests()
                 CLIENT_OPTIONS=
                 ;;
             "bypass")
-                CLIENT_OPTIONS="-B -s"
+                if [ -n "${NSS_NO_PKCS11_BYPASS}" ]; then
+                	echo "${SCRIPTNAME}: bypass not supported."
+                else
+                	CLIENT_OPTIONS="-B -s"
+                fi
                 ;;
             "fips")
                 SERVER_OPTIONS=