diff options
author | Elio Maldonado <emaldona@redhat.com> | 2016-04-16 20:07:20 -0700 |
---|---|---|
committer | Elio Maldonado <emaldona@redhat.com> | 2016-04-16 20:07:20 -0700 |
commit | 7a547d41d630bacf81e64f188b5cbe28ac6d0819 (patch) | |
tree | 186bc5c71095ebd0fd71ecae0719b455fccc83ec /lib/ssl/ssl3con.c | |
parent | dacf1d6d14775569ba56a1106916b3092ab8b6c3 (diff) | |
download | nss-hg-7a547d41d630bacf81e64f188b5cbe28ac6d0819.tar.gz |
Implement more suggested changes, not all tests passing yet
Diffstat (limited to 'lib/ssl/ssl3con.c')
-rw-r--r-- | lib/ssl/ssl3con.c | 289 |
1 files changed, 140 insertions, 149 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 050f5bdd6..d8edbfc0d 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -346,157 +346,159 @@ static const ssl3KEADef kea_defs[] = static const ssl3CipherSuiteDef cipher_suite_defs[] = { /* cipher_suite bulk_cipher_alg mac_alg key_exchange_alg prf_hash_alg */ - - {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, 0}, - {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, 0}, - {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_256}, - {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, 0}, - {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, 0}, - {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, 0}, +/* Note that the prf_hash_alg is the hash function used by the PRF, see sslimp.h. */ + + {TLS_NULL_WITH_NULL_NULL, cipher_null, mac_null, kea_null, prf_null}, + {TLS_RSA_WITH_NULL_MD5, cipher_null, mac_md5, kea_rsa, prf_null}, + {TLS_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_NULL_SHA256, cipher_null, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export, prf_null}, + {TLS_RSA_WITH_RC4_128_MD5, cipher_rc4, mac_md5, kea_rsa, prf_null}, + {TLS_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_rsa, prf_null}, {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, - cipher_rc2_40, mac_md5, kea_rsa_export, 0}, + cipher_rc2_40, mac_md5, kea_rsa_export, prf_null}, #if 0 /* not implemented */ - {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, 0}, + {TLS_RSA_WITH_IDEA_CBC_SHA, cipher_idea, mac_sha, kea_rsa, prf_null}, {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_rsa_export, 0}, + cipher_des40, mac_sha, kea_rsa_export, prf_null}, #endif - {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, 0}, - {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, 0}, + {TLS_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa, prf_null}, + {TLS_DHE_DSS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - cipher_3des, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, 0}, + cipher_3des, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_DSS_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_dhe_dss, prf_null}, #if 0 /* not implemented */ {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_dss_export, 0}, - {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, 0}, - {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, 0}, + cipher_des40, mac_sha, kea_dh_dss_export, prf_null}, + {TLS_DH_DSS_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_DSS_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_dss, prf_null}, {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_rsa_export, 0}, - {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, 0}, + cipher_des40, mac_sha, kea_dh_rsa_export, prf_null}, + {TLS_DH_RSA_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_RSA_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_rsa, prf_null}, {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_dss_export, 0}, + cipher_des40, mac_sha, kea_dh_dss_export, prf_null}, {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_rsa_export, 0}, + cipher_des40, mac_sha, kea_dh_rsa_export, prf_null}, #endif - {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, 0}, + {TLS_DHE_RSA_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dhe_rsa, prf_null}, {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - cipher_3des, mac_sha, kea_dhe_rsa, 0}, + cipher_3des, mac_sha, kea_dhe_rsa, prf_null}, #if 0 - {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, 0}, + {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export, prf_null}, {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, - cipher_des40, mac_sha, kea_dh_anon_export, 0}, - {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, 0}, - {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, 0}, + cipher_des40, mac_sha, kea_dh_anon_export, prf_null}, + {TLS_DH_anon_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_dh_anon, prf_null}, + {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des, mac_sha, kea_dh_anon, prf_null}, #endif /* New TLS cipher suites */ - {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, 0}, - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, 0}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_256}, - {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, 0}, - {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, 0}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, 0}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_256}, + {TLS_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, prf_sha256}, + {TLS_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_rsa, prf_null}, + {TLS_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_rsa, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_dss, prf_null}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_sha256}, + {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256, hmac_sha256, kea_dhe_rsa, prf_sha384}, #if 0 - {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, 0}, - {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, 0}, - {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, 0}, - {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, 0}, - {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, 0}, + {TLS_DH_DSS_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_dh_anon, prf_null}, + {TLS_DH_DSS_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_dss, prf_null}, + {TLS_DH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_rsa, prf_null}, + {TLS_DH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon, prf_null}, #endif {TLS_RSA_WITH_SEED_CBC_SHA, cipher_seed, mac_sha, kea_rsa}, - {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, 0}, + {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, prf_null}, {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - cipher_camellia_128, mac_sha, kea_dhe_dss, 0}, + cipher_camellia_128, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - cipher_camellia_128, mac_sha, kea_dhe_rsa, 0}, - {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, 0}, + cipher_camellia_128, mac_sha, kea_dhe_rsa, prf_null}, + {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, prf_null}, {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - cipher_camellia_256, mac_sha, kea_dhe_dss, 0}, + cipher_camellia_256, mac_sha, kea_dhe_dss, prf_null}, {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - cipher_camellia_256, mac_sha, kea_dhe_rsa, 0}, + cipher_camellia_256, mac_sha, kea_dhe_rsa, prf_null}, {TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, - cipher_des, mac_sha,kea_rsa_export_1024, 0}, + cipher_des, mac_sha,kea_rsa_export_1024, prf_null}, {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, - cipher_rc4_56, mac_sha,kea_rsa_export_1024, 0}, + cipher_rc4_56, mac_sha,kea_rsa_export_1024, prf_null}, - {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, 0}, - {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, 0}, + {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips, prf_null}, + {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips, prf_null}, - {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_256}, - {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_256}, + {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, prf_sha256}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, - {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_384}, - {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_384}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, prf_sha384}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, prf_sha384}, {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_384}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, prf_sha384}, #endif /* NSS_DISABLE_ECC */ - {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_384}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, prf_sha384}, - {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_384}, - {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, 0}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, prf_sha384}, + {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, 0}, + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, prf_sha256}, #endif /* NSS_DISABLE_ECC */ - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_256}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_256}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, prf_sha256}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, prf_sha256}, #ifndef NSS_DISABLE_ECC - {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, 0}, - {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, 0}, - - {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, 0}, - {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_256}, - {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, 0}, - - {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, 0}, - {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, 0}, - - {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, 0}, - {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_256}, - {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, 0}, + {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, prf_null}, + {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, prf_null}, + + {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, prf_null}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, prf_sha256}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, prf_null}, + + {TLS_ECDH_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_rsa, prf_null}, + {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_rsa, prf_null}, + + {TLS_ECDHE_RSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_rsa, prf_null}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, prf_sha256}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_rsa, prf_null}, #if 0 - {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, 0}, - {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, 0}, + {TLS_ECDH_anon_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_anon, prf_null}, + {TLS_ECDH_anon_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_anon, prf_null}, #endif - {TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_psk, prf_256}, + {TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_psk, prf_sha256}, #endif /* NSS_DISABLE_ECC */ }; /* clang-format on */ @@ -816,6 +818,9 @@ ssl_LookupCipherSuiteDef(ssl3CipherSuite suite) if (cipher_suite_defs[i].cipher_suite == suite) return &cipher_suite_defs[i]; } +#ifdef DEBUG + PR_fprintf(PR_STDERR, "***************ERROR: Can't find suite %d\n", suite); +#endif PORT_Assert(PR_FALSE); /* We should never get here. */ PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); return NULL; @@ -3863,17 +3868,36 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } -static CK_MECHANISM_TYPE +CK_MECHANISM_TYPE ssl3_GetPrfHashMechanism(sslSocket *ss) { SSL3PRF prf_alg = ss->ssl3.hs.suite_def->prf_alg; - if (prf_alg == 0) + if (prf_alg == prf_null) return CKM_SHA256; return prf_alg; } +PRUint8 +ssl3_GetSuiteHashAlg(sslSocket *ss) +{ + SECOidData *hashOid = + SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); + if (hashOid == NULL) { + return -1; /* err set by AppendHandshake. */ + } + + if (hashOid->offset == SEC_OID_SHA256) { + return ssl_hash_sha256; + } else if (hashOid->offset == SEC_OID_SHA384) { + return ssl_hash_sha384; + } + PORT_Assert(hashOid->offset == SEC_OID_SHA256 || + hashOid->offset == SEC_OID_SHA384); + return -1; /* err set by AppendHandshake. */ +} + /* This method completes the derivation of the MS from the PMS. ** ** 1. Derive the MS, if possible, else return an error. @@ -4006,6 +4030,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, params.data = (unsigned char *)&master_params; params.len = master_params_len; + /*params.len = sizeof master_params;*/ return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, pms_version_ptr, ¶ms, @@ -4320,7 +4345,7 @@ ssl3_InitHandshakeHashes(sslSocket *ss) HASH_HashType ht; CK_MECHANISM_TYPE hm; SECOidTag ot; - const SECOidData *hashOid; + SECOidData *hashOid; hm = ssl3_GetPrfHashMechanism(ss); hashOid = SECOID_FindOIDByMechanism(hm); @@ -4354,18 +4379,16 @@ ssl3_InitHandshakeHashes(sslSocket *ss) * that the master secret will wind up in ... */ if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - CK_MECHANISM_TYPE hm; - const SECOidData *hash_oid; /* We support ciphersuites where the PRF hash isn't SHA-256 */ /* determine the hash from the prf */ + const SECOidData *hash_oid; PORT_Assert(ss->ssl3.hs.suite_def); /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg) * Convert that to the OidTag. We can then use that OidTag to create our * PK11Context */ - hm = ssl3_GetPrfHashMechanism(ss); - hash_oid = SECOID_FindOIDByMechanism(hm); + hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); PORT_Assert(hash_oid != NULL); if (hash_oid == NULL) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); @@ -5154,7 +5177,6 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, unsigned int stateLen; unsigned char stackBuf[1024]; unsigned char *stateBuf = NULL; - CK_MECHANISM_TYPE hm; SECOidData *hashOid; h = ss->ssl3.hs.sha; @@ -5177,8 +5199,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, /* updated in support of ciphersuites where the PRF hash * could be SHA-256 or SHA-384 */ - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); + hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); if (hashOid == NULL) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); rv = SECFailure; @@ -7649,8 +7670,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, PRBool supportsHandshakeHash = PR_FALSE; PRBool needBackupHash = PR_FALSE; unsigned int i; - CK_MECHANISM_TYPE hm; - const SECOidData *hashOid; + SECOidData *hashOid; SSLHashType suitePRFHash; PRBool suitePRFIs256Or384 = PR_FALSE; @@ -7670,8 +7690,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, } /* TODO: activate in a separate patch */ - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); + hashOid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); if (hashOid == NULL) { rv = SECFailure; goto done; @@ -9756,30 +9775,6 @@ ssl3_SendServerHello(sslSocket *ss) return SECSuccess; } -PRUint8 FindSuiteHashAlg(sslSocket *ss) -{ - CK_MECHANISM_TYPE hm; - PRUint8 suiteHashAlg; - SECOidData *hashOid; - - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); - if (hashOid == NULL) { - return -1; /* err set by AppendHandshake. */ - } - - if (hashOid->offset == SEC_OID_SHA256) { - suiteHashAlg = ssl_hash_sha256; - } else if (hashOid->offset == SEC_OID_SHA384) { - suiteHashAlg = ssl_hash_sha384; - } else { - PORT_Assert(hashOid->offset == SEC_OID_SHA256 || - hashOid->offset == SEC_OID_SHA384); - return -1; /* err set by AppendHandshake. */ - } - return suiteHashAlg; -} - static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, SSLSignatureAndHashAlg *out); @@ -10115,12 +10110,11 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } - /* TODO: part of a separate patch? */ - suiteHashAlg = FindSuiteHashAlg(ss); + + suiteHashAlg = ssl3_GetSuiteHashAlg(ss); if (suiteHashAlg == -1) { return SECFailure; /* err set by AppendHandshake. */ } - *len = 0; for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; @@ -10199,11 +10193,8 @@ ssl3_SendCertificateRequest(sslSocket *ss) length = 1 + certTypesLength + 2 + calen; -/* TODO: activate FindSuiteHashAlg in a separate patch */ - suiteHashAlg = FindSuiteHashAlg(ss); - if (suiteHashAlg == -1) { - return SECFailure; - } + suiteHashAlg = ssl3_GetSuiteHashAlg(ss); + if (suiteHashAlg == -1) return SECFailure; /* err set by AppendHandshake. */ if (isTLS12) { rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), |