зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1592007 - land NSS fcdda17cdc36 UPGRADE_NSS_RELEASE, r=kjacobs
2019-10-28 Kevin Jacobs <kjacobs@mozilla.com>
* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_filter.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/ssl3con.c,
lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslt.h,
lib/ssl/tls13con.c:
Bug 1588244 - Store TLS 1.3 peerDelegCred, authKeyBits, and scheme
in SSLPreliminaryChannelInfo. r=mt
This patch adjusts where we set `authKeyBits` (Et al.) for TLS 1.3,
such that `CertVerifier` can check the strength of a delegated
credential keypair.
The corresponding PSM changeset is in D47181.
[fcdda17cdc36] [tip]
2019-10-28 Kai Engert <kaie@kuix.de>
* coreconf/coreconf.dep:
Dummy change, trigger a build after bustage to test latest NSPR
commit
[ec2adf31fb8c]
2019-10-26 Martin Thomson <mt@lowentropy.net>
* lib/ssl/sslauth.c, lib/ssl/sslcon.c, lib/ssl/tls13esni.c:
Bug 1590970 - Use ssl_Time consistently, r=kjacobs
I missed a few places that used PR_Now() before.
[c6021063e64a]
2019-10-22 Deian Stefan <deian@cs.ucsd.edu>
* gtests/pk11_gtest/pk11_cbc_unittest.cc:
Bug 1459141 - A few more CBC padding tests. r=jcj
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.
[38f1c92a5e11]
2019-10-22 Marcus Burghardt <mburghardt@mozilla.com>
* cmd/btoa/btoa.c:
Bug 1590339 - Fix MemoryLeak in btoa.c. r=kjacobs
[5feab64d2d20]
2019-10-21 Marcus Burghardt <mburghardt@mozilla.com>
* lib/ckfw/builtins/testlib/certdata-testlib.txt:
Bug 1589810 - Uninitialized variable warnings from certdata.perl.
r=mt
[3f40060ca7b3]
2019-10-19 Martin Thomson <martin.thomson@gmail.com>
* gtests/ssl_gtest/ssl_version_unittest.cc:
Bug 1573118 - Fix busted unit tests, r=jcj
These unit tests were broken by the change to TLS version defaults.
In retrospect, this shouldn't have been surprising, but now that it
I'm seeing bustage, I'm somewhat surprised that there are so few
failures.
[7e0b8364687b]
* lib/ssl/sslsock.c:
Bug 1573118 - Enable TLS 1.3 by default, r=jcj
As planned for 3.47, but now for 3.48.
[bc77cf318f38]
2019-10-18 J.C. Jones <jjones@mozilla.com>
* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsmime3.so.txt, automation/abi-check
/expected-report-libssl3.so.txt, automation/abi-check/previous-nss-
release, lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.48 beta
[0e7dd2050d09]
* .hgtags:
Added tag NSS_3_47_RTM for changeset 7ccb4ade5577
[dcadb95b9d77] <NSS_3_47_BRANCH>
* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.47 final
[7ccb4ade5577] [NSS_3_47_RTM] <NSS_3_47_BRANCH>
Differential Revision: https://phabricator.services.mozilla.com/D50840
--HG--
extra : moz-landing-system : lando
This commit is contained in:
J.C. Jones
Родитель
0ce725e7c2
Коммит
dd40266492
|
|
@ -1512,7 +1512,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
|
|||
_USE_SYSTEM_NSS=1 )
|
||||
|
||||
if test -n "$_USE_SYSTEM_NSS"; then
|
||||
AM_PATH_NSS(3.47, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
|
||||
AM_PATH_NSS(3.48, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
|
||||
fi
|
||||
|
||||
NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss"
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
NSS_3_47_RTM
|
||||
fcdda17cdc36
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
1 Added function:
|
||||
|
||||
'function CERTCertList* PK11_GetCertsMatchingPrivateKey(SECKEYPrivateKey*)' {PK11_GetCertsMatchingPrivateKey@@NSS_3.47}
|
||||
|
||||
3 functions with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus CERT_AddCertToListHead(CERTCertList*, CERTCertificate*)' at certdb.c:2631:1 has some indirect sub-type changes:
|
||||
parameter 2 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member changes (2 filtered);
|
||||
|
||||
[C]'function SECStatus CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle*, CERTCertificate*, PRTime, const SECItem*, void*)' at ocsp.c:5102:1 has some indirect sub-type changes:
|
||||
parameter 2 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member change (1 filtered);
|
||||
|
||||
[C]'function CERTCertificateList* CERT_CertChainFromCert(CERTCertificate*, SECCertUsage, PRBool)' at certhigh.c:1030:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
no data member changes (2 filtered);
|
||||
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function CERTCertificate* CERT_ConvertAndDecodeCertificate(char*)' at certread.c:219:1 has some indirect sub-type changes:
|
||||
return type changed:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
|
||||
|
||||
|
|
@ -1,10 +1,13 @@
|
|||
|
||||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus NSS_CmpCertChainWCANames(CERTCertificate*, CERTDistNames*)' at cmpcert.c:25:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'CERTCertificate*' has sub-type changes:
|
||||
in pointed to type 'typedef CERTCertificate' at certt.h:39:1:
|
||||
underlying type 'struct CERTCertificateStr' at certt.h:189:1 changed:
|
||||
type size changed from 6016 to 6080 (in bits)
|
||||
1 data member insertion:
|
||||
'CERTCertDistrust* CERTCertificateStr::distrust', at offset 6016 (in bits) at certt.h:296:1
|
||||
[C]'function SECStatus SSL_GetPreliminaryChannelInfo(PRFileDesc*, SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:113:1 has some indirect sub-type changes:
|
||||
parameter 2 of type 'SSLPreliminaryChannelInfo*' has sub-type changes:
|
||||
in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:424:1:
|
||||
underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:373:1 changed:
|
||||
type size changed from 192 to 288 (in bits)
|
||||
3 data member insertions:
|
||||
'PRBool SSLPreliminaryChannelInfoStr::peerDelegCred', at offset 192 (in bits) at sslt.h:418:1
|
||||
'PRUint32 SSLPreliminaryChannelInfoStr::authKeyBits', at offset 224 (in bits) at sslt.h:419:1
|
||||
'SSLSignatureScheme SSLPreliminaryChannelInfoStr::signatureScheme', at offset 256 (in bits) at sslt.h:420:1
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
NSS_3_46_BRANCH
|
||||
NSS_3_47_BRANCH
|
||||
|
|
|
|||
|
|
@ -211,5 +211,8 @@ loser:
|
|||
if (outFile && closeOut) {
|
||||
fclose(outFile);
|
||||
}
|
||||
if (suffix) {
|
||||
PORT_Free(suffix);
|
||||
}
|
||||
return exitCode;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,4 +10,3 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,8 @@ class Pkcs11CbcPadTest : public ::testing::TestWithParam<CK_MECHANISM_TYPE> {
|
|||
}
|
||||
return false;
|
||||
}
|
||||
uint32_t GetUnpaddedParam() const {
|
||||
|
||||
uint32_t GetUnpaddedMechanism() const {
|
||||
switch (GetParam()) {
|
||||
case CKM_AES_CBC_PAD:
|
||||
return CKM_AES_CBC;
|
||||
|
|
@ -368,7 +369,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) {
|
|||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
|
|
@ -384,7 +385,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) {
|
|||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding1) {
|
||||
if (!is_padded()) {
|
||||
return;
|
||||
}
|
||||
|
|
@ -401,7 +402,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
|
|||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
|
|
@ -417,7 +418,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
|
|||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding2) {
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding2) {
|
||||
if (!is_padded()) {
|
||||
return;
|
||||
}
|
||||
|
|
@ -434,7 +435,73 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding2) {
|
|||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
EXPECT_EQ(input.size(), encrypted_len);
|
||||
|
||||
std::vector<uint8_t> decrypted(input.size());
|
||||
uint32_t decrypted_len = 0;
|
||||
ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
|
||||
rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
|
||||
&decrypted_len, decrypted.size(), encrypted.data(),
|
||||
encrypted_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ZeroLengthPadding) {
|
||||
if (!is_padded()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Padding of length zero
|
||||
const std::vector<uint8_t> input = {
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
||||
std::vector<uint8_t> encrypted(input.size());
|
||||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
EXPECT_EQ(input.size(), encrypted_len);
|
||||
|
||||
std::vector<uint8_t> decrypted(input.size());
|
||||
uint32_t decrypted_len = 0;
|
||||
ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
|
||||
rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
|
||||
&decrypted_len, decrypted.size(), encrypted.data(),
|
||||
encrypted_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, decrypted_len);
|
||||
}
|
||||
|
||||
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_OverflowPadding) {
|
||||
if (!is_padded()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Padding that's much longer than block size
|
||||
const std::vector<uint8_t> input = {
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
|
||||
std::vector<uint8_t> encrypted(input.size());
|
||||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
|
|
@ -467,7 +534,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortValidPadding) {
|
|||
uint32_t encrypted_len = 0;
|
||||
|
||||
ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
|
||||
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
|
||||
encrypted.data(), &encrypted_len,
|
||||
encrypted.size(), input.data(), input.size());
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
|
|
|
|||
|
|
@ -12,6 +12,29 @@
|
|||
#include "seccomon.h"
|
||||
#include "selfencrypt.h"
|
||||
|
||||
SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits,
|
||||
PRBool changeScheme) {
|
||||
if (!fd) {
|
||||
return SECFailure;
|
||||
}
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
// Just toggle so we'll always have a valid value.
|
||||
if (changeScheme) {
|
||||
ss->sec.signatureScheme = (ss->sec.signatureScheme == ssl_sig_ed25519)
|
||||
? ssl_sig_ecdsa_secp256r1_sha256
|
||||
: ssl_sig_ed25519;
|
||||
}
|
||||
if (changeAuthKeyBits) {
|
||||
ss->sec.authKeyBits = ss->sec.authKeyBits ? ss->sec.authKeyBits * 2 : 384;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus SSLInt_GetHandshakeRandoms(PRFileDesc *fd, SSL3Random client_random,
|
||||
SSL3Random server_random) {
|
||||
if (!fd) {
|
||||
|
|
|
|||
|
|
@ -42,5 +42,7 @@ SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
|
|||
SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group);
|
||||
SECStatus SSLInt_HasPendingHandshakeData(PRFileDesc *fd, PRBool *pending);
|
||||
SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size);
|
||||
SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits,
|
||||
PRBool changeScheme);
|
||||
|
||||
#endif // ndef libssl_internals_h_
|
||||
|
|
|
|||
|
|
@ -55,6 +55,10 @@ TEST_P(TlsConnectGeneric, ServerNegotiateTls12) {
|
|||
// two validate that we can also detect fallback using the
|
||||
// SSL_SetDowngradeCheckVersion() API.
|
||||
TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) {
|
||||
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE);
|
||||
MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
|
||||
SSL_LIBRARY_VERSION_TLS_1_1);
|
||||
|
|
@ -116,11 +120,11 @@ TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) {
|
|||
|
||||
TEST_F(TlsConnectTest, TestFallbackFromTls12) {
|
||||
client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE);
|
||||
client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
SSL_LIBRARY_VERSION_TLS_1_1);
|
||||
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
|
||||
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
|
||||
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
|
||||
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
|
||||
|
|
|
|||
|
|
@ -842,6 +842,13 @@ void TlsAgent::ResetPreliminaryInfo() {
|
|||
expected_cipher_suite_ = 0;
|
||||
}
|
||||
|
||||
void TlsAgent::UpdatePreliminaryChannelInfo() {
|
||||
SECStatus rv = SSL_GetPreliminaryChannelInfo(ssl_fd_.get(), &pre_info_,
|
||||
sizeof(pre_info_));
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
EXPECT_EQ(sizeof(pre_info_), pre_info_.length);
|
||||
}
|
||||
|
||||
void TlsAgent::ValidateCipherSpecs() {
|
||||
PRInt32 cipherSpecs = SSLInt_CountCipherSpecs(ssl_fd());
|
||||
// We use one ciphersuite in each direction.
|
||||
|
|
@ -904,6 +911,7 @@ void TlsAgent::Connected() {
|
|||
// Preliminary values are exposed through callbacks during the handshake.
|
||||
// If either expected values were set or the callbacks were called, check
|
||||
// that the final values are correct.
|
||||
UpdatePreliminaryChannelInfo();
|
||||
EXPECT_EQ(expected_version_, info_.protocolVersion);
|
||||
EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite);
|
||||
|
||||
|
|
|
|||
|
|
@ -134,6 +134,7 @@ class TlsAgent : public PollTarget {
|
|||
void AddDelegatedCredential(const std::string& dc_name,
|
||||
SSLSignatureScheme dcCertVerifyAlg,
|
||||
PRUint32 dcValidFor, PRTime now);
|
||||
void UpdatePreliminaryChannelInfo();
|
||||
|
||||
bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
|
||||
const SSLExtraServerCertData* serverCertData = nullptr);
|
||||
|
|
@ -228,6 +229,9 @@ class TlsAgent : public PollTarget {
|
|||
EXPECT_EQ(STATE_CONNECTED, state_);
|
||||
return info_;
|
||||
}
|
||||
|
||||
const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; }
|
||||
|
||||
bool is_compressed() const {
|
||||
return info().compressionMethod != ssl_compression_null;
|
||||
}
|
||||
|
|
@ -425,6 +429,7 @@ class TlsAgent : public PollTarget {
|
|||
bool handshake_callback_called_;
|
||||
bool resumption_callback_called_;
|
||||
SSLChannelInfo info_;
|
||||
SSLPreliminaryChannelInfo pre_info_;
|
||||
SSLCipherSuiteInfo csinfo_;
|
||||
SSLVersionRange vrange_;
|
||||
PRErrorCode error_code_;
|
||||
|
|
|
|||
|
|
@ -441,6 +441,19 @@ class TlsExtensionDropper : public TlsExtensionFilter {
|
|||
uint16_t extension_;
|
||||
};
|
||||
|
||||
class TlsHandshakeDropper : public TlsHandshakeFilter {
|
||||
public:
|
||||
TlsHandshakeDropper(const std::shared_ptr<TlsAgent>& a)
|
||||
: TlsHandshakeFilter(a) {}
|
||||
|
||||
protected:
|
||||
PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
|
||||
const DataBuffer& input,
|
||||
DataBuffer* output) override {
|
||||
return DROP;
|
||||
}
|
||||
};
|
||||
|
||||
class TlsExtensionInjector : public TlsHandshakeFilter {
|
||||
public:
|
||||
TlsExtensionInjector(const std::shared_ptr<TlsAgent>& a, uint16_t ext,
|
||||
|
|
|
|||
|
|
@ -22,14 +22,63 @@ const std::string kDCId = TlsAgent::kServerEcdsa256;
|
|||
const SSLSignatureScheme kDCScheme = ssl_sig_ecdsa_secp256r1_sha256;
|
||||
const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds */;
|
||||
|
||||
static void CheckPreliminaryPeerDelegCred(
|
||||
const std::shared_ptr<TlsAgent>& client, bool expected,
|
||||
PRUint32 key_bits = 0, SSLSignatureScheme sig_scheme = ssl_sig_none) {
|
||||
EXPECT_NE(0U, (client->pre_info().valuesSet & ssl_preinfo_peer_auth));
|
||||
EXPECT_EQ(expected, client->pre_info().peerDelegCred);
|
||||
if (expected) {
|
||||
EXPECT_EQ(key_bits, client->pre_info().authKeyBits);
|
||||
EXPECT_EQ(sig_scheme, client->pre_info().signatureScheme);
|
||||
}
|
||||
}
|
||||
|
||||
static void CheckPeerDelegCred(const std::shared_ptr<TlsAgent>& client,
|
||||
bool expected, PRUint32 key_bits = 0) {
|
||||
EXPECT_EQ(expected, client->info().peerDelegCred);
|
||||
EXPECT_EQ(expected, client->pre_info().peerDelegCred);
|
||||
if (expected) {
|
||||
EXPECT_EQ(key_bits, client->info().authKeyBits);
|
||||
EXPECT_EQ(key_bits, client->pre_info().authKeyBits);
|
||||
EXPECT_EQ(client->info().signatureScheme,
|
||||
client->pre_info().signatureScheme);
|
||||
}
|
||||
}
|
||||
|
||||
// AuthCertificate callbacks to simulate DC validation
|
||||
static SECStatus CheckPreliminaryDC(TlsAgent* agent, bool checksig,
|
||||
bool isServer) {
|
||||
agent->UpdatePreliminaryChannelInfo();
|
||||
EXPECT_EQ(PR_TRUE, agent->pre_info().peerDelegCred);
|
||||
EXPECT_EQ(256U, agent->pre_info().authKeyBits);
|
||||
EXPECT_EQ(ssl_sig_ecdsa_secp256r1_sha256, agent->pre_info().signatureScheme);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
static SECStatus CheckPreliminaryNoDC(TlsAgent* agent, bool checksig,
|
||||
bool isServer) {
|
||||
agent->UpdatePreliminaryChannelInfo();
|
||||
EXPECT_EQ(PR_FALSE, agent->pre_info().peerDelegCred);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
// AuthCertificate callbacks for modifying DC attributes.
|
||||
// This allows testing tls13_CertificateVerify for rejection
|
||||
// of DC attributes that have changed since AuthCertificateHook
|
||||
// may have handled them.
|
||||
static SECStatus ModifyDCAuthKeyBits(TlsAgent* agent, bool checksig,
|
||||
bool isServer) {
|
||||
return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(),
|
||||
PR_TRUE, // Change authKeyBits
|
||||
PR_FALSE); // Change scheme
|
||||
}
|
||||
|
||||
static SECStatus ModifyDCScheme(TlsAgent* agent, bool checksig, bool isServer) {
|
||||
return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(),
|
||||
PR_FALSE, // Change authKeyBits
|
||||
PR_TRUE); // Change scheme
|
||||
}
|
||||
|
||||
// Attempt to configure a DC when either the DC or DC private key is missing.
|
||||
TEST_P(TlsConnectTls13, DCNotConfigured) {
|
||||
// Load and delegate the credential.
|
||||
|
|
@ -388,6 +437,77 @@ TEST_P(TlsConnectTls13, DCConnectExpectedCertVerifyAlgNotSupported) {
|
|||
CheckPeerDelegCred(client_, false);
|
||||
}
|
||||
|
||||
// Check that preliminary channel info properly reflects the DC.
|
||||
TEST_P(TlsConnectTls13, DCCheckPreliminaryInfo) {
|
||||
Reset(kEcdsaDelegatorId);
|
||||
EnsureTlsSetup();
|
||||
client_->EnableDelegatedCredentials();
|
||||
server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256,
|
||||
ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor,
|
||||
now());
|
||||
|
||||
auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
|
||||
filter->SetHandshakeTypes(
|
||||
{kTlsHandshakeCertificateVerify, kTlsHandshakeFinished});
|
||||
filter->EnableDecryption();
|
||||
StartConnect();
|
||||
client_->Handshake(); // Send ClientHello
|
||||
server_->Handshake(); // Send ServerHello
|
||||
|
||||
client_->SetAuthCertificateCallback(CheckPreliminaryDC);
|
||||
client_->Handshake(); // Process response
|
||||
|
||||
client_->UpdatePreliminaryChannelInfo();
|
||||
CheckPreliminaryPeerDelegCred(client_, true, 256,
|
||||
ssl_sig_ecdsa_secp256r1_sha256);
|
||||
}
|
||||
|
||||
// Check that preliminary channel info properly reflects a lack of DC.
|
||||
TEST_P(TlsConnectTls13, DCCheckPreliminaryInfoNoDC) {
|
||||
Reset(kEcdsaDelegatorId);
|
||||
EnsureTlsSetup();
|
||||
client_->EnableDelegatedCredentials();
|
||||
auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
|
||||
filter->SetHandshakeTypes(
|
||||
{kTlsHandshakeCertificateVerify, kTlsHandshakeFinished});
|
||||
filter->EnableDecryption();
|
||||
StartConnect();
|
||||
client_->Handshake(); // Send ClientHello
|
||||
server_->Handshake(); // Send ServerHello
|
||||
|
||||
client_->SetAuthCertificateCallback(CheckPreliminaryNoDC);
|
||||
client_->Handshake(); // Process response
|
||||
|
||||
client_->UpdatePreliminaryChannelInfo();
|
||||
CheckPreliminaryPeerDelegCred(client_, false);
|
||||
}
|
||||
|
||||
// Tweak the scheme in between |Cert| and |CertVerify|.
|
||||
TEST_P(TlsConnectTls13, DCRejectModifiedDCScheme) {
|
||||
Reset(kEcdsaDelegatorId);
|
||||
client_->EnableDelegatedCredentials();
|
||||
client_->SetAuthCertificateCallback(ModifyDCScheme);
|
||||
server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
|
||||
ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
|
||||
now());
|
||||
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
|
||||
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
|
||||
client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH);
|
||||
}
|
||||
|
||||
// Tweak the authKeyBits in between |Cert| and |CertVerify|.
|
||||
TEST_P(TlsConnectTls13, DCRejectModifiedDCAuthKeyBits) {
|
||||
Reset(kEcdsaDelegatorId);
|
||||
client_->EnableDelegatedCredentials();
|
||||
client_->SetAuthCertificateCallback(ModifyDCAuthKeyBits);
|
||||
server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
|
||||
ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
|
||||
now());
|
||||
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
|
||||
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
|
||||
client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH);
|
||||
}
|
||||
|
||||
class DCDelegation : public ::testing::Test {};
|
||||
|
||||
TEST_F(DCDelegation, DCDelegations) {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
# 3 - err_distrust:
|
||||
# - The server/tls distrust field is set with CK_TRUE. These fields must be
|
||||
# CK_FALSE when no schedule is set. Otherwise, must hold a valid encoded
|
||||
timestamp.
|
||||
# timestamp.
|
||||
# - The email distrust field is set with an incomplete and invalid encoded
|
||||
# timestamp.
|
||||
#
|
||||
|
|
|
|||
|
|
@ -22,12 +22,12 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.47" _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.48" _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 47
|
||||
#define NSS_VMINOR 48
|
||||
#define NSS_VPATCH 0
|
||||
#define NSS_VBUILD 0
|
||||
#define NSS_BETA PR_FALSE
|
||||
#define NSS_BETA PR_TRUE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
|
|
|||
|
|
@ -17,11 +17,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.47" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.48" SOFTOKEN_ECC_STRING " Beta"
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 47
|
||||
#define SOFTOKEN_VMINOR 48
|
||||
#define SOFTOKEN_VPATCH 0
|
||||
#define SOFTOKEN_VBUILD 0
|
||||
#define SOFTOKEN_BETA PR_FALSE
|
||||
#define SOFTOKEN_BETA PR_TRUE
|
||||
|
||||
#endif /* _SOFTKVER_H_ */
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
#include "sslerr.h"
|
||||
#include "ssl3ext.h"
|
||||
#include "ssl3exthandle.h"
|
||||
#include "tls13subcerts.h"
|
||||
#include "prtime.h"
|
||||
#include "prinrval.h"
|
||||
#include "prerror.h"
|
||||
|
|
@ -11047,6 +11048,47 @@ ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey)
|
|||
: illegal_parameter);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* PreliminaryChannelInfo.authKeyBits, scheme, and peerDelegCred are now valid. */
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_peer_auth;
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
ssl3_HandleServerSpki(sslSocket *ss)
|
||||
{
|
||||
PORT_Assert(!ss->sec.isServer);
|
||||
SECKEYPublicKey *pubKey;
|
||||
|
||||
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
|
||||
tls13_IsVerifyingWithDelegatedCredential(ss)) {
|
||||
sslDelegatedCredential *dc = ss->xtnData.peerDelegCred;
|
||||
pubKey = SECKEY_ExtractPublicKey(dc->spki);
|
||||
if (!pubKey) {
|
||||
PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Because we have only a single authType (ssl_auth_tls13_any)
|
||||
* for TLS 1.3 at this point, set the scheme so that the
|
||||
* callback can interpret |authKeyBits| correctly.
|
||||
*/
|
||||
ss->sec.signatureScheme = dc->expectedCertVerifyAlg;
|
||||
} else {
|
||||
pubKey = CERT_ExtractPublicKey(ss->sec.peerCert);
|
||||
if (!pubKey) {
|
||||
PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
|
||||
SECStatus rv = ssl_SetAuthKeyBits(ss, pubKey);
|
||||
SECKEY_DestroyPublicKey(pubKey);
|
||||
if (rv != SECSuccess) {
|
||||
return rv; /* Alert sent and code set. */
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
|
@ -11061,6 +11103,26 @@ ssl3_AuthCertificate(sslSocket *ss)
|
|||
|
||||
PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
|
||||
ssl_preinfo_all);
|
||||
|
||||
if (!ss->sec.isServer) {
|
||||
/* Set the |spki| used to verify the handshake. When verifying with a
|
||||
* delegated credential (DC), this corresponds to the DC public key;
|
||||
* otherwise it correspond to the public key of the peer's end-entity
|
||||
* certificate. */
|
||||
rv = ssl3_HandleServerSpki(ss);
|
||||
if (rv != SECSuccess) {
|
||||
/* Alert sent and code set (if not SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE).
|
||||
* In either case, we're done here. */
|
||||
errCode = PORT_GetError();
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
ss->sec.authType = ss->ssl3.hs.kea_def->authKeyType;
|
||||
ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Ask caller-supplied callback function to validate cert chain.
|
||||
*/
|
||||
|
|
@ -11099,21 +11161,6 @@ ssl3_AuthCertificate(sslSocket *ss)
|
|||
ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
|
||||
|
||||
if (!ss->sec.isServer) {
|
||||
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
/* These are filled in in tls13_HandleCertificateVerify and
|
||||
* tls13_HandleServerKeyShare (keaType). */
|
||||
SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(ss->sec.peerCert);
|
||||
if (pubKey) {
|
||||
rv = ssl_SetAuthKeyBits(ss, pubKey);
|
||||
SECKEY_DestroyPublicKey(pubKey);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure; /* Alert sent and code set. */
|
||||
}
|
||||
}
|
||||
ss->sec.authType = ss->ssl3.hs.kea_def->authKeyType;
|
||||
ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
|
||||
}
|
||||
|
||||
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
TLS13_SET_HS_STATE(ss, wait_cert_verify);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -245,7 +245,6 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
|
|||
sslSocket *ss;
|
||||
SECCertUsage certUsage;
|
||||
const char *hostname = NULL;
|
||||
PRTime now = PR_Now();
|
||||
SECItemArray *certStatusArray;
|
||||
|
||||
ss = ssl_FindSocket(fd);
|
||||
|
|
@ -257,6 +256,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
|
|||
handle = (CERTCertDBHandle *)arg;
|
||||
certStatusArray = &ss->sec.ci.sid->peerCertStatus;
|
||||
|
||||
PRTime now = ssl_Time(ss);
|
||||
if (certStatusArray->len) {
|
||||
PORT_SetError(0);
|
||||
if (CERT_CacheOCSPResponseFromSideChannel(handle, ss->sec.peerCert, now,
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@
|
|||
#include "sslerr.h"
|
||||
#include "pk11func.h"
|
||||
#include "prinit.h"
|
||||
#include "prtime.h" /* for PR_Now() */
|
||||
|
||||
/*
|
||||
** Put a string tag in the library so that we can examine an executable
|
||||
|
|
|
|||
|
|
@ -1678,6 +1678,7 @@ SECStatus ssl3_SendEmptyCertificate(sslSocket *ss);
|
|||
void ssl3_CleanupPeerCerts(sslSocket *ss);
|
||||
SECStatus ssl3_SendCertificateStatus(sslSocket *ss);
|
||||
SECStatus ssl_SetAuthKeyBits(sslSocket *ss, const SECKEYPublicKey *pubKey);
|
||||
SECStatus ssl3_HandleServerSpki(sslSocket *ss);
|
||||
SECStatus ssl3_AuthCertificate(sslSocket *ss);
|
||||
SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b,
|
||||
PRUint32 length);
|
||||
|
|
|
|||
|
|
@ -154,6 +154,10 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
|||
}
|
||||
inf.zeroRttCipherSuite = ss->ssl3.hs.zeroRttSuite;
|
||||
|
||||
inf.peerDelegCred = tls13_IsVerifyingWithDelegatedCredential(ss);
|
||||
inf.authKeyBits = ss->sec.authKeyBits;
|
||||
inf.signatureScheme = ss->sec.signatureScheme;
|
||||
|
||||
memcpy(info, &inf, inf.length);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ static sslOptions ssl_defaults = {
|
|||
*/
|
||||
static SSLVersionRange versions_defaults_stream = {
|
||||
SSL_LIBRARY_VERSION_TLS_1_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2
|
||||
SSL_LIBRARY_VERSION_TLS_1_3
|
||||
};
|
||||
|
||||
static SSLVersionRange versions_defaults_datagram = {
|
||||
|
|
|
|||
|
|
@ -366,6 +366,9 @@ typedef struct SSLChannelInfoStr {
|
|||
#define ssl_preinfo_version (1U << 0)
|
||||
#define ssl_preinfo_cipher_suite (1U << 1)
|
||||
#define ssl_preinfo_0rtt_cipher_suite (1U << 2)
|
||||
/* ssl_preinfo_peer_auth covers peerDelegCred, authKeyBits, and scheme. Not
|
||||
* included in ssl_preinfo_all as it is client-only. */
|
||||
#define ssl_preinfo_peer_auth (1U << 3)
|
||||
/* ssl_preinfo_all doesn't contain ssl_preinfo_0rtt_cipher_suite because that
|
||||
* field is only set if 0-RTT is sent (client) or accepted (server). */
|
||||
#define ssl_preinfo_all (ssl_preinfo_version | ssl_preinfo_cipher_suite)
|
||||
|
|
@ -406,6 +409,16 @@ typedef struct SSLPreliminaryChannelInfoStr {
|
|||
* after accepting 0-RTT, so this will contain the same value. */
|
||||
PRUint16 zeroRttCipherSuite;
|
||||
|
||||
/* The following fields were added in NSS 3.48. */
|
||||
/* These fields contain information about the key that will be used in
|
||||
* the CertificateVerify message. If Delegated Credentials are being used,
|
||||
* this is the DC-contained SPKI, else the EE-cert SPKI. These fields are
|
||||
* valid only after the Certificate message is handled. This can be determined
|
||||
* by checking the valuesSet field against |ssl_preinfo_peer_auth|. */
|
||||
PRBool peerDelegCred;
|
||||
PRUint32 authKeyBits;
|
||||
SSLSignatureScheme signatureScheme;
|
||||
|
||||
/* When adding new fields to this structure, please document the
|
||||
* NSS version in which they were added. */
|
||||
} SSLPreliminaryChannelInfo;
|
||||
|
|
|
|||
|
|
@ -4184,8 +4184,10 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
|||
if (tls13_IsVerifyingWithDelegatedCredential(ss)) {
|
||||
/* DelegatedCredential.cred.expected_cert_verify_algorithm is expected
|
||||
* to match CertificateVerify.scheme.
|
||||
* DelegatedCredential.cred.expected_cert_verify_algorithm must also be
|
||||
* the same as was reported in ssl3_AuthCertificate.
|
||||
*/
|
||||
if (sigScheme != dc->expectedCertVerifyAlg) {
|
||||
if (sigScheme != dc->expectedCertVerifyAlg || sigScheme != ss->sec.signatureScheme) {
|
||||
FATAL_ERROR(ss, SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH, illegal_parameter);
|
||||
return SECFailure;
|
||||
}
|
||||
|
|
@ -4245,13 +4247,20 @@ tls13_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
|||
goto loser;
|
||||
}
|
||||
|
||||
/* Set the auth type. */
|
||||
/* Set the auth type and verify it is what we captured in ssl3_AuthCertificate */
|
||||
if (!ss->sec.isServer) {
|
||||
ss->sec.authType = ssl_SignatureSchemeToAuthType(sigScheme);
|
||||
|
||||
uint32_t prelimAuthKeyBits = ss->sec.authKeyBits;
|
||||
rv = ssl_SetAuthKeyBits(ss, pubKey);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* Alert sent and code set. */
|
||||
}
|
||||
|
||||
if (prelimAuthKeyBits != ss->sec.authKeyBits) {
|
||||
FATAL_ERROR(ss, SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH, illegal_parameter);
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
/* Request a client certificate now if one was requested. */
|
||||
|
|
|
|||
|
|
@ -582,7 +582,7 @@ tls13_ClientSetupESNI(sslSocket *ss)
|
|||
SECStatus rv;
|
||||
TLS13KeyShareEntry *share = NULL;
|
||||
const sslNamedGroupDef *group = NULL;
|
||||
PRTime now = PR_Now() / PR_USEC_PER_SEC;
|
||||
PRTime now = ssl_Time(ss) / PR_USEC_PER_SEC;
|
||||
|
||||
PORT_Assert(!ss->xtnData.esniPrivateKey);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.47"
|
||||
#define NSSUTIL_VERSION "3.48 Beta"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 47
|
||||
#define NSSUTIL_VMINOR 48
|
||||
#define NSSUTIL_VPATCH 0
|
||||
#define NSSUTIL_VBUILD 0
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
|
||||
SEC_BEGIN_PROTOS
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче