mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Remove fortezza code from libSSL and from the SSL test programs. 

Stop building fortezza's special software token, and fortezza specific
test programs.   Bug 239960. r=rrelyea.
Modified Files:
    cmd/manifest.mn cmd/platlibs.mk cmd/SSLsample/server.c
    cmd/SSLsample/sslsample.c cmd/modutil/modutil.c
    cmd/selfserv/selfserv.c cmd/sslstrength/sslstrength.c
    cmd/strsclnt/strsclnt.c cmd/tstclnt/tstclnt.c
    cmd/vfyserv/vfyserv.c cmd/vfyserv/vfyutil.c lib/manifest.mn
    lib/ssl/nsskea.c lib/ssl/preenc.h lib/ssl/prelib.c
    lib/ssl/ssl.h lib/ssl/ssl3con.c lib/ssl/ssl3prot.h
    lib/ssl/sslauth.c lib/ssl/sslcon.c lib/ssl/sslenum.c
    lib/ssl/sslimpl.h lib/ssl/sslinfo.c lib/ssl/sslproto.h
    lib/ssl/sslsecur.c lib/ssl/sslsnce.c lib/ssl/sslsock.c
    lib/ssl/sslt.h
This commit is contained in:
nelsonb%netscape.com 2005-08-16 03:42:26 +00:00
Родитель 77d848c1f9
Коммит 28f26c51fa
28 изменённых файлов: 116 добавлений и 1981 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/nss/cmd/SSLsample/server.c
Просмотреть файл

@ -102,14 +102,11 @@ Usage(const char *progName)
"E SSL2 DES 64 CBC WITH MD5\n"
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"

6
security/nss/cmd/SSLsample/sslsample.c
Просмотреть файл

@ -50,14 +50,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */

2
security/nss/cmd/manifest.mn
Просмотреть файл

@ -72,7 +72,6 @@ DIRS = lib \
SSLsample \
ssltap \
strsclnt \
swfort \
symkeyutil \
tstclnt \
vfychain \
@ -92,5 +91,6 @@ TEMPORARILY_DONT_BUILD = \
# to build (requires allxpstr.h)
#
DONT_BULD = jar \
swfort \
perror \
$(NULL)

5
security/nss/cmd/modutil/modutil.c
Просмотреть файл

@ -749,11 +749,10 @@ usage()
"---------------------------------------------------------------------------\n"
"\n"
"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
"RSA, DSA, RC2, RC4, RC5, DES, DH, FORTEZZA, SHA1, MD5, MD2, SSL, TLS, RANDOM,\n"
" FRIENDLY\n"
"RSA, DSA, RC2, RC4, RC5, DES, DH, SHA1, MD5, MD2, SSL, TLS, RANDOM, FRIENDLY\n"
"\n"
"Cipher lists are colon-separated. The following ciphers are recognized:\n"
"FORTEZZA\n"
"\n"
"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n"
);

2
security/nss/cmd/platlibs.mk
Просмотреть файл

@ -66,7 +66,6 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
@ -112,7 +111,6 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)swfci.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \

11
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -133,14 +133,14 @@ const int ssl2CipherSuites[] = {
};
const int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -253,14 +253,11 @@ Usage(const char *progName)
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
#endif /* NSS_ENABLE_ECC */
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
@ -1895,7 +1892,7 @@ main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
if (status != SECSuccess)

625
security/nss/cmd/sslstrength/sslstrength.c
Просмотреть файл

@ -1,625 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef SSLTELNET
#include <termios.h>
#endif
/* Portable layer header files */
#include "prinit.h"
#include "prprf.h"
#include "prsystem.h"
#include "prmem.h"
#include "plstr.h"
#include "prnetdb.h"
#include "prinrval.h"
#include "secutil.h"
/* Security library files */
#include "cert.h"
#include "ssl.h"
#include "sslproto.h"
#include "secmod.h"
#include "nss.h"
/* define this if you want telnet capability! */
/* #define SSLTELNET 1 */
PRInt32 debug;
#ifdef DEBUG_stevep
#define dbmsg(x) if (verbose) PR_fprintf(PR_STDOUT,x);
#else
#define dbmsg(x) ;
#endif
/* Set SSL Policy to Domestic (strong=1) or Export (strong=0) */
#define ALLOW(x) SSL_CipherPolicySet(x,SSL_ALLOWED); SSL_CipherPrefSetDefault(x,1);
#define DISALLOW(x) SSL_CipherPolicySet(x,SSL_NOT_ALLOWED); SSL_CipherPrefSetDefault(x,0);
#define MAYBEALLOW(x) SSL_CipherPolicySet(x,SSL_RESTRICTED); SSL_CipherPrefSetDefault(x,1);
struct CipherPolicy {
char number;
long id;
char *name;
PRInt32 pref;
PRInt32 domestic;
PRInt32 export;
};
struct CipherPolicy ciphers[] = {
{ 'a',SSL_EN_RC4_128_WITH_MD5, "SSL_EN_RC4_128_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'b',SSL_EN_RC2_128_CBC_WITH_MD5, "SSL_EN_RC2_128_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'c',SSL_EN_DES_192_EDE3_CBC_WITH_MD5, "SSL_EN_DES_192_EDE3_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'd',SSL_EN_DES_64_CBC_WITH_MD5, "SSL_EN_DES_64_CBC_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'e',SSL_EN_RC4_128_EXPORT40_WITH_MD5, "SSL_EN_RC4_128_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'f',SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2)",1, SSL_ALLOWED,SSL_ALLOWED },
#ifdef FORTEZZA
{ 'g',SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",1,SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'h',SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "SSL_FORTEZZA_DMS_WITH_RC4_128_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
#endif
{ 'i',SSL_RSA_WITH_RC4_128_MD5, "SSL_RSA_WITH_RC4_128_MD5 (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
{ 'j',SSL_RSA_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_RESTRICTED },
{ 'k',SSL_RSA_WITH_DES_CBC_SHA, "SSL_RSA_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'l',SSL_RSA_EXPORT_WITH_RC4_40_MD5, "SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'm',SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
#ifdef FORTEZZA
{ 'n',SSL_FORTEZZA_DMS_WITH_NULL_SHA, "SSL_FORTEZZA_DMS_WITH_NULL_SHA",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
#endif
{ 'o',SSL_RSA_WITH_NULL_MD5, "SSL_RSA_WITH_NULL_MD5 (ssl3)",1, SSL_ALLOWED,SSL_ALLOWED },
{ 'p',SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED },
{ 'q',SSL_RSA_FIPS_WITH_DES_CBC_SHA, "SSL_RSA_FIPS_WITH_DES_CBC_SHA (ssl3)",1, SSL_ALLOWED,SSL_NOT_ALLOWED }
};
void PrintErrString(char *progName,char *msg) {
PRErrorCode e = PORT_GetError();
char *s=NULL;
if ((e >= PR_NSPR_ERROR_BASE) && (e < PR_MAX_ERROR)) {
if (e == PR_DIRECTORY_LOOKUP_ERROR)
s = PL_strdup("Hostname Lookup Failed");
else if (e == PR_NETWORK_UNREACHABLE_ERROR)
s = PL_strdup("Network Unreachable");
else if (e == PR_CONNECT_TIMEOUT_ERROR)
s = PL_strdup("Connection Timed Out");
else s = PR_smprintf("%d",e);
if (!s) return;
}
else {
s = PL_strdup(SECU_ErrorString(e));
}
PR_fprintf(PR_STDOUT,"%s: ",progName);
if (s) {
if (*s)
PR_fprintf(PR_STDOUT, "%s\n", s);
else
PR_fprintf(PR_STDOUT, "\n");
PR_Free(s);
}
}
void PrintCiphers(int onlyenabled) {
int ciphercount,i;
if (onlyenabled) {
PR_fprintf(PR_STDOUT,"Your Cipher preference:\n");
}
ciphercount = sizeof(ciphers)/sizeof(struct CipherPolicy);
PR_fprintf(PR_STDOUT,
" %s %-45s %-12s %-12s\n","id","CipherName","Domestic","Export");
for (i=0;i<ciphercount;i++) {
if ( (onlyenabled ==0) || ((onlyenabled==1)&&(ciphers[i].pref))) {
PR_fprintf(PR_STDOUT,
" %c %-45s %-12s %-12s\n",ciphers[i].number,ciphers[i].name,
(ciphers[i].domestic==SSL_ALLOWED)?"Yes":
( (ciphers[i].domestic==SSL_NOT_ALLOWED)?"No":"Step-up only"),
(ciphers[i].export==SSL_ALLOWED)?"Yes":
( (ciphers[i].export==SSL_NOT_ALLOWED)?"No":"Step-up only"));
}
}
}
void SetPolicy(char *c,int policy) { /* policy==1 : domestic, policy==0, export */
int i,j,cpolicy;
/* first, enable all relevant ciphers according to policy */
for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
SSL_CipherPolicySet(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export);
SSL_CipherPrefSetDefault(ciphers[j].id, PR_FALSE);
ciphers[j].pref =0;
}
for (i=0;i<(int)PL_strlen(c);i++) {
for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
if (ciphers[j].number == c[i]) {
cpolicy = policy?ciphers[j].domestic:ciphers[j].export;
if (cpolicy == SSL_NOT_ALLOWED) {
PR_fprintf(PR_STDOUT, "You're trying to enable a cipher (%c:%s) outside of your policy. ignored\n",
c[i],ciphers[j].name);
}
else {
ciphers[j].pref=1;
SSL_CipherPrefSetDefault(ciphers[j].id, PR_TRUE);
}
}
}
}
}
int MyAuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checksig, PRBool isserver) {
return SECSuccess;
}
void Usage() {
#ifdef SSLTELNET
PR_fprintf(PR_STDOUT,"SSLTelnet ");
#else
PR_fprintf(PR_STDOUT,"SSLStrength (No telnet functionality) ");
#endif
PR_fprintf(PR_STDOUT,"Version 1.5\n");
PR_fprintf(PR_STDOUT,"Usage:\n sslstrength hostname[:port] [ciphers=xyz] [certdir=x] [debug] [verbose] "
#ifdef SSLTELNET
"[telnet]|[servertype]|[querystring=<string>] "
#endif
"[policy=export|domestic]\n sslstrength ciphers\n");
}
PRInt32 debug = 0;
PRInt32 verbose = 0;
PRInt32 main(PRInt32 argc,char **argv, char **envp)
{
/* defaults for command line arguments */
char *hostnamearg=NULL;
char *portnumarg=NULL;
char *sslversionarg=NULL;
char *keylenarg=NULL;
char *certdir=NULL;
char *hostname;
char *nickname=NULL;
char *progname=NULL;
/* struct sockaddr_in addr; */
PRNetAddr addr;
int ss_on;
char *ss_cipher;
int ss_keysize;
int ss_secretsize;
char *ss_issuer;
char *ss_subject;
int policy=1;
char *set_ssl_policy=NULL;
int print_ciphers=0;
char buf[10];
char netdbbuf[PR_NETDB_BUF_SIZE];
PRHostEnt hp;
PRStatus r;
PRNetAddr na;
SECStatus rv;
int portnum=443; /* default https: port */
PRFileDesc *s,*fd;
CERTCertDBHandle *handle;
CERTCertificate *c;
PRInt32 i;
#ifdef SSLTELNET
struct termios tmp_tc;
char cb;
int prev_lflag,prev_oflag,prev_iflag;
int t_fin,t_fout;
int servertype=0, telnet=0;
char *querystring=NULL;
#endif
debug = 0;
progname = (char *)PL_strrchr(argv[0], '/');
progname = progname ? progname+1 : argv[0];
/* Read in command line args */
if (argc == 1) {
Usage();
return(0);
}
if (! PL_strcmp("ciphers",argv[1])) {
PrintCiphers(0);
exit(0);
}
hostname = argv[1];
if (!PL_strcmp(hostname , "usage") || !PL_strcmp(hostname, "-help") ) {
Usage();
exit(0);
}
if ((portnumarg = PL_strchr(hostname,':'))) {
*portnumarg = 0;
portnumarg = &portnumarg[1];
}
if (portnumarg) {
if (*portnumarg == 0) {
PR_fprintf(PR_STDOUT,"malformed port number supplied\n");
return(1);
}
portnum = atoi(portnumarg);
}
for (i = 2 ; i < argc; i++)
{
if (!PL_strncmp(argv[i] , "sslversion=",11) )
sslversionarg=&(argv[i][11]);
else if (!PL_strncmp(argv[i], "certdir=",8) )
certdir = &(argv[i][8]);
else if (!PL_strncmp(argv[i], "ciphers=",8) )
{
set_ssl_policy=&(argv[i][8]);
}
else if (!PL_strncmp(argv[i], "policy=",7) ) {
if (!PL_strcmp(&(argv[i][7]),"domestic")) policy=1;
else if (!PL_strcmp(&(argv[i][7]),"export")) policy=0;
else {
PR_fprintf(PR_STDOUT,"sslstrength: invalid argument. policy must be one of (domestic,export)\n");
}
}
else if (!PL_strcmp(argv[i] , "debug") )
debug = 1;
#ifdef SSLTELNET
else if (!PL_strcmp(argv[i] , "telnet") )
telnet = 1;
else if (!PL_strcmp(argv[i] , "servertype") )
servertype = 1;
else if (!PL_strncmp(argv[i] , "querystring=",11) )
querystring = &argv[i][12];
#endif
else if (!PL_strcmp(argv[i] , "verbose") )
verbose = 1;
}
#ifdef SSLTELNET
if (telnet && (servertype || querystring)) {
PR_fprintf(PR_STDOUT,"You can't use telnet and (server or querystring) options at the same time\n");
exit(1);
}
#endif
PR_fprintf(PR_STDOUT,"Using %s policy\n",policy?"domestic":"export");
/* allow you to set env var SSLDIR to set the cert directory */
if (! certdir) certdir = SECU_DefaultSSLDir();
/* if we don't have one still, initialize with no databases */
if (!certdir) {
rv = NSS_NoDB_Init(NULL);
(void) SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX,0,0);
} else {
rv = NSS_Init(certdir);
SECU_ConfigDirectory(certdir);
}
/* Lookup host */
r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp);
if (r) {
PrintErrString(progname,"Host Name lookup failed");
return(1);
}
/* should the third field really be 0? */
PR_EnumerateHostEnt(0,&hp,0,&na);
PR_InitializeNetAddr(PR_IpAddrNull,portnum,&na);
PR_fprintf(PR_STDOUT,"Connecting to %s:%d\n",hostname, portnum);
/* Create socket */
fd = PR_NewTCPSocket();
if (fd == NULL) {
PrintErrString(progname, "error creating socket");
return -1;
}
s = SSL_ImportFD(NULL,fd);
if (s == NULL) {
PrintErrString(progname, "error creating socket");
return -1;
}
dbmsg("10: About to enable security\n");
rv = SSL_OptionSet(s, SSL_SECURITY, PR_TRUE);
if (rv < 0) {
PrintErrString(progname, "error enabling socket");
return -1;
}
if (set_ssl_policy) {
SetPolicy(set_ssl_policy,policy);
}
else {
PR_fprintf(PR_STDOUT,"Using all ciphersuites usually found in client\n");
if (policy) {
SetPolicy("abcdefghijklmnopqrst",policy);
}
else {
SetPolicy("efghijlmo",policy);
}
}
PrintCiphers(1);
rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (rv < 0) {
PrintErrString(progname, "error enabling client handshake");
return -1;
}
dbmsg("30: About to set AuthCertificateHook\n");
SSL_AuthCertificateHook(s, MyAuthCertificateHook, (void *)handle);
/* SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); */
/* SSL_GetClientAuthDataHook(s, GetClientAuthDataHook, (void *)nickname);*/
dbmsg("40: About to SSLConnect\n");
/* Try to connect to the server */
/* now SSL_Connect takes new arguments. */
r = PR_Connect(s, &na, PR_TicksPerSecond()*5);
if (r < 0) {
PrintErrString(progname, "unable to connect");
return -1;
}
rv = SSL_ForceHandshake(s);
if (rv) {
PrintErrString(progname,"SSL Handshake failed. ");
exit(1);
}
rv = SSL_SecurityStatus(s, &ss_on, &ss_cipher,
&ss_keysize, &ss_secretsize,
&ss_issuer, &ss_subject);
dbmsg("60: done with security status, about to print\n");
c = SSL_PeerCertificate(s);
if (!c) PR_fprintf(PR_STDOUT,"Couldn't retrieve peers Certificate\n");
PR_fprintf(PR_STDOUT,"SSL Connection Status\n",rv);
PR_fprintf(PR_STDOUT," Cipher: %s\n",ss_cipher);
PR_fprintf(PR_STDOUT," Key Size: %d\n",ss_keysize);
PR_fprintf(PR_STDOUT," Secret Key Size: %d\n",ss_secretsize);
PR_fprintf(PR_STDOUT," Issuer: %s\n",ss_issuer);
PR_fprintf(PR_STDOUT," Subject: %s\n",ss_subject);
PR_fprintf(PR_STDOUT," Valid: from %s to %s\n",
c==NULL?"???":DER_TimeChoiceDayToAscii(&c->validity.notBefore),
c==NULL?"???":DER_TimeChoiceDayToAscii(&c->validity.notAfter));
#ifdef SSLTELNET
if (servertype || querystring) {
char buffer[1024];
char ch;
char qs[] = "HEAD / HTTP/1.0";
if (!querystring) querystring = qs;
PR_fprintf(PR_STDOUT,"\nServer query mode\n>>Sending:\n%s\n",querystring);
PR_fprintf(PR_STDOUT,"\n*** Server said:\n");
ch = querystring[PL_strlen(querystring)-1];
if (ch == '"' || ch == '\'') {
PR_fprintf(PR_STDOUT,"Warning: I'm not smart enough to cope with quotes mid-string like that\n");
}
rv = PR_Write(s,querystring,PL_strlen(querystring));
if ((rv < 1) ) {
PR_fprintf(PR_STDOUT,"Oh dear - couldn't send servertype query\n");
goto closedown;
}
rv = PR_Write(s,"\r\n\r\n",4);
rv = PR_Read(s,buffer,1024);
if ((rv < 1) ) {
PR_fprintf(PR_STDOUT,"Oh dear - couldn't read server repsonse\n");
goto closedown;
}
PR_Write(PR_STDOUT,buffer,rv);
}
if (telnet) {
PR_fprintf(PR_STDOUT,"---------------------------\n"
"telnet mode. CTRL-C to exit\n"
"---------------------------\n");
/* fudge terminal attributes */
t_fin = PR_FileDesc2NativeHandle(PR_STDIN);
t_fout = PR_FileDesc2NativeHandle(PR_STDOUT);
tcgetattr(t_fin,&tmp_tc);
prev_lflag = tmp_tc.c_lflag;
prev_oflag = tmp_tc.c_oflag;
prev_iflag = tmp_tc.c_iflag;
tmp_tc.c_lflag &= ~ECHO;
/* tmp_tc.c_oflag &= ~ONLCR; */
tmp_tc.c_lflag &= ~ICANON;
tmp_tc.c_iflag &= ~ICRNL;
tmp_tc.c_cflag |= CS8;
tmp_tc.c_cc[VMIN] = 1;
tmp_tc.c_cc[VTIME] = 0;
tcsetattr(t_fin, TCSANOW, &tmp_tc);
/* ioctl(tin, FIONBIO, (char *)&onoff);
ioctl(tout, FIONBIO, (char *)&onoff);*/
{
PRPollDesc pds[2];
char buffer[1024];
int amt,amtwritten;
char *x;
/* STDIN */
pds[0].fd = PR_STDIN;
pds[0].in_flags = PR_POLL_READ;
pds[1].fd = s;
pds[1].in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
while (1) {
int nfds;
nfds = PR_Poll(pds,2,PR_SecondsToInterval(2));
if (nfds == 0) continue;
/** read input from keyboard*/
/* note: this is very inefficient if reading from a file */
if (pds[0].out_flags & PR_POLL_READ) {
amt = PR_Read(PR_STDIN,&buffer,1);
/* PR_fprintf(PR_STDOUT,"fd[0]:%d=%d\r\n",amt,buffer[0]); */
if (amt == 0) {
PR_fprintf(PR_STDOUT,"\n");
goto loser;
}
if (buffer[0] == '\r') {
buffer[0] = '\r';
buffer[1] = '\n';
amt = 2;
}
rv = PR_Write(PR_STDOUT,buffer,amt);
rv = PR_Write(s,buffer,amt);
if (rv == -1) {
PR_fprintf(PR_STDOUT,"Error writing to socket: %d\n",PR_GetError());
}
}
/***/
/***/
if (pds[1].out_flags & PR_POLL_EXCEPT) {
PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
goto loser;
}
if (pds[1].out_flags & PR_POLL_READ) {
amt = PR_Read(s,&buffer,1024);
if (amt == 0) {
PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
goto loser;
}
rv = PR_Write(PR_STDOUT,buffer,amt);
}
/***/
}
}
loser:
/* set terminal back to normal */
tcgetattr(t_fin,&tmp_tc);
tmp_tc.c_lflag = prev_lflag;
tmp_tc.c_oflag = prev_oflag;
tmp_tc.c_iflag = prev_iflag;
tcsetattr(t_fin, TCSANOW, &tmp_tc);
/* ioctl(tin, FIONBIO, (char *)&onoff);
ioctl(tout, FIONBIO, (char *)&onoff); */
}
#endif
/* SSLTELNET */
closedown:
PR_Close(s);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
return(0);
} /* main */
/*EOF*/

8
security/nss/cmd/strsclnt/strsclnt.c
Просмотреть файл

@ -111,14 +111,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -1143,7 +1143,7 @@ client_main(
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus rv;
rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
if (rv != SECSuccess) {

11
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -108,14 +108,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
@ -257,14 +257,11 @@ static void Usage(const char *progName)
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
#endif /* NSS_ENABLE_ECC */
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
@ -672,7 +669,7 @@ int main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SECStatus status;
status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
if (status != SECSuccess)

2
security/nss/cmd/vfyserv/vfyserv.c
Просмотреть файл

@ -444,7 +444,7 @@ main(int argc, char **argv)
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
if (cipher > 0) {
SSL_CipherPrefSetDefault(cipher, PR_TRUE);
}
}

6
security/nss/cmd/vfyserv/vfyutil.c
Просмотреть файл

@ -53,14 +53,14 @@ int ssl2CipherSuites[] = {
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */

4
security/nss/lib/manifest.mn
Просмотреть файл

@ -47,7 +47,6 @@ DEPTH = ../..
# smime
# ckfw (builtins module)
# crmf jar (not dll's)
# fortcrypt
DIRS = util freebl softoken \
base asn1 dev pki pki1 \
certdb certhigh pk11wrap cryptohi nss \
@ -55,9 +54,10 @@ DIRS = util freebl softoken \
pkcs12 pkcs7 smime \
crmf jar \
ckfw \
fortcrypt \
$(NULL)
# fortcrypt is no longer built
# NSS 4.0 build - pure stan libraries
ifdef PURE_STAN_BUILD
DIRS = base asn1 dev pki pki1

8
security/nss/lib/ssl/nsskea.c
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nsskea.c,v 1.6 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: nsskea.c,v 1.7 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "ssl.h" /* for SSLKEAType */
@ -58,12 +58,6 @@ NSS_FindCertKEAType(CERTCertificate * cert)
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
case SEC_OID_MISSI_KEA_DSS_OLD:
case SEC_OID_MISSI_KEA_DSS:
case SEC_OID_MISSI_DSS_OLD:
case SEC_OID_MISSI_DSS:
keaType = kt_fortezza;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;

96
security/nss/lib/ssl/preenc.h
Просмотреть файл

@ -1,8 +1,7 @@
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
/*
* Functions and types used by https servers to send (download) pre-encrypted
* files over SSL connections that use Fortezza ciphersuites.
* Fortezza support is removed.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
@ -39,7 +38,12 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: preenc.h,v 1.5 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: preenc.h,v 1.6 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
/* Fortezza support is removed.
* This file remains so that old programs will continue to compile,
* But this functionality is no longer supported or implemented.
*/
#include "seccomon.h"
#include "prio.h"
@ -48,53 +52,44 @@ typedef struct PEHeaderStr PEHeader;
#define PE_MIME_TYPE "application/pre-encrypted"
/*
* unencrypted header. The 'top' half of this header is generic. The union
* is type specific, and may include bulk cipher type information
* (Fortezza supports only Fortezza Bulk encryption). Only fortezza
* pre-encrypted is defined.
*/
typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
struct PEFortezzaHeaderStr {
unsigned char key[12]; /* Ks wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char serial[8]; /* serial number of the card that owns
* Ks */
unsigned char key[12];
unsigned char iv[24];
unsigned char hash[20];
unsigned char serial[8];
};
struct PEFortezzaGeneratedHeaderStr {
unsigned char key[12]; /* TEK wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char Ra[128]; /* RA to generate TEK */
unsigned char Y[128]; /* Y to generate TEK */
unsigned char key[12];
unsigned char iv[24];
unsigned char hash[20];
unsigned char Ra[128];
unsigned char Y[128];
};
struct PEFixedKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char labelLen[2]; /* length of the token label */
unsigned char keyIDLen[2]; /* length of the token Key ID */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (DES3_ECB encrypted) */
unsigned char data[1]; /* start of data */
unsigned char pkcs11Mech[4];
unsigned char labelLen[2];
unsigned char keyIDLen[2];
unsigned char ivLen[2];
unsigned char keyLen[2];
unsigned char data[1];
};
struct PERSAKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char issuerLen[2]; /* length of cert issuer */
unsigned char serialLen[2]; /* length of the cert serial */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (RSA encrypted) */
unsigned char data[1]; /* start of data */
unsigned char pkcs11Mech[4];
unsigned char issuerLen[2];
unsigned char serialLen[2];
unsigned char ivLen[2];
unsigned char keyLen[2];
unsigned char data[1];
};
/* macros to get at the variable length data fields */
#define PEFIXED_Label(header) (header->data)
#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen)\
@ -108,10 +103,10 @@ struct PERSAKeyHeaderStr {
#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen)\
+GetInt2(header->serialLen)+GetInt2(header->keyLen)])
struct PEHeaderStr {
unsigned char magic [2]; /* always 0xC0DE */
unsigned char len [2]; /* length of PEHeader */
unsigned char type [2]; /* FORTEZZA, DIFFIE-HELMAN, RSA */
unsigned char version[2]; /* version number: 1.0 */
unsigned char magic [2];
unsigned char len [2];
unsigned char type [2];
unsigned char version[2];
union {
PEFortezzaHeader fortezza;
PEFortezzaGeneratedHeader g_fortezza;
@ -124,12 +119,9 @@ struct PEHeaderStr {
#define PE_INTRO_LEN 4
#define PE_BASE_HEADER_LEN 8
#define PRE_BLOCK_SIZE 8 /* for decryption blocks */
#define PRE_BLOCK_SIZE 8
/*
* Platform neutral encode/decode macros.
*/
#define GetInt2(c) ((c[0] << 8) | c[1])
#define GetInt4(c) (((unsigned long)c[0] << 24)|((unsigned long)c[1] << 16)\
|((unsigned long)c[2] << 8)| ((unsigned long)c[3]))
@ -137,28 +129,18 @@ struct PEHeaderStr {
#define PutInt4(c,i) ((c[0]=((i) >> 24) & 0xff),(c[1]=((i) >> 16) & 0xff),\
(c[2] = ((i) >> 8) & 0xff), (c[3] = (i) & 0xff))
/*
* magic numbers.
*/
#define PRE_MAGIC 0xc0de
#define PRE_VERSION 0x1010
#define PRE_FORTEZZA_FILE 0x00ff /* pre-encrypted file on disk */
#define PRE_FORTEZZA_STREAM 0x00f5 /* pre-encrypted file in stream */
#define PRE_FORTEZZA_GEN_STREAM 0x00f6 /* Generated pre-encrypted file */
#define PRE_FIXED_FILE 0x000f /* fixed key on disk */
#define PRE_RSA_FILE 0x001f /* RSA in file */
#define PRE_FIXED_STREAM 0x0005 /* fixed key in stream */
#define PRE_FORTEZZA_FILE 0x00ff
#define PRE_FORTEZZA_STREAM 0x00f5
#define PRE_FORTEZZA_GEN_STREAM 0x00f6
#define PRE_FIXED_FILE 0x000f
#define PRE_RSA_FILE 0x001f
#define PRE_FIXED_STREAM 0x0005
/*
* internal implementation info
*/
/* convert an existing stream header to a version with local parameters */
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
int *headerSize);
/* convert an existing file header to one suitable for streaming out */
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
int *headerSize);

199
security/nss/lib/ssl/prelib.c
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: prelib.c,v 1.6 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: prelib.c,v 1.7 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "ssl.h"
@ -50,205 +50,18 @@
#include "preenc.h"
#include "pk11func.h"
static unsigned char fromHex(char x) {
if ((x >= '0') && (x <= '9')) return x-'0';
if ((x >= 'a') && (x <= 'f')) return x-'a'+10;
return x-'A'+10;
}
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
int *headerSize)
int *headerSize)
{
PK11SymKey *key, *tek, *Ks;
sslSocket *ss;
PK11SlotInfo *slot;
CK_TOKEN_INFO info;
int oldHeaderSize;
PEHeader *header;
SECStatus rv;
SECItem item;
int i;
if (fd == NULL) {
/* XXX set an error */
return NULL;
}
ss = ssl_FindSocket(fd);
if (ss == NULL) {
return NULL;
}
PORT_Assert(ss->ssl3 != NULL);
if (ss->ssl3 == NULL) {
return NULL;
}
if (GetInt2(inHeader->magic) != PRE_MAGIC) {
return NULL;
}
oldHeaderSize = GetInt2(inHeader->len);
header = (PEHeader *) PORT_ZAlloc(oldHeaderSize);
if (header == NULL) {
return NULL;
}
switch (GetInt2(inHeader->type)) {
case PRE_FORTEZZA_FILE:
case PRE_FORTEZZA_GEN_STREAM:
case PRE_FIXED_FILE:
case PRE_RSA_FILE:
default:
*headerSize = oldHeaderSize;
PORT_Memcpy(header,inHeader,oldHeaderSize);
return header;
case PRE_FORTEZZA_STREAM:
*headerSize = PE_BASE_HEADER_LEN + sizeof(PEFortezzaHeader);
PutInt2(header->magic,PRE_MAGIC);
PutInt2(header->len,*headerSize);
PutInt2(header->type, PRE_FORTEZZA_FILE);
PORT_Memcpy(header->version,inHeader->version,sizeof(header->version));
PORT_Memcpy(header->u.fortezza.hash,inHeader->u.fortezza.hash,
sizeof(header->u.fortezza.hash));
PORT_Memcpy(header->u.fortezza.iv,inHeader->u.fortezza.iv,
sizeof(header->u.fortezza.iv));
/* get the kea context from the session */
tek = ss->ssl3->fortezza.tek;
if (tek == NULL) {
PORT_Free(header);
return NULL;
}
/* get the slot and the serial number */
slot = PK11_GetSlotFromKey(tek);
if (slot == NULL) {
PORT_Free(header);
return NULL;
}
rv = PK11_GetTokenInfo(slot,&info);
if (rv != SECSuccess) {
PORT_Free(header);
PK11_FreeSlot(slot);
return NULL;
}
/* Look up the Token Fixed Key */
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, ss->pkcs11PinArg);
PK11_FreeSlot(slot);
if (Ks == NULL) {
PORT_Free(header);
return NULL;
}
/* unwrap the key with the TEK */
item.data = inHeader->u.fortezza.key;
item.len = sizeof(inHeader->u.fortezza.key);
key = PK11_UnwrapSymKey(tek,CKM_SKIPJACK_WRAP,
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
if (key == NULL) {
PORT_Free(header);
PK11_FreeSymKey(Ks);
return NULL;
}
/* rewrap with the local Ks */
item.data = header->u.fortezza.key;
item.len = sizeof(header->u.fortezza.key);
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, Ks, key, &item);
PK11_FreeSymKey(Ks);
PK11_FreeSymKey(key);
if (rv != SECSuccess) {
PORT_Free(header);
return NULL;
}
/* copy our local serial number into header */
for (i=0; i < sizeof(header->u.fortezza.serial); i++) {
header->u.fortezza.serial[i] =
(fromHex(info.serialNumber[i*2]) << 4) |
fromHex(info.serialNumber[i*2 + 1]);
}
break;
case PRE_FIXED_STREAM:
/* not implemented yet */
PORT_Free(header);
return NULL;
}
return(header);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
}
/*
* this one needs to allocate space and work for RSA & FIXED key files as well
*/
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
int *headerSize)
{
PK11SymKey *key, *tek, *Ks;
sslSocket *ss;
PK11SlotInfo *slot;
SECStatus rv;
SECItem item;
*headerSize = 0; /* hack */
if (fd == NULL) {
/* XXX set an error */
return NULL;
}
ss = ssl_FindSocket(fd);
if (ss == NULL) {
return NULL;
}
PORT_Assert(ss->ssl3 != NULL);
if (ss->ssl3 == NULL) {
return NULL;
}
/* get the kea context from the session */
tek = ss->ssl3->fortezza.tek;
if (tek == NULL) {
return NULL;
}
slot = PK11_GetSlotFromKey(tek);
if (slot == NULL) return NULL;
Ks = PK11_FindFixedKey(slot, CKM_SKIPJACK_WRAP, NULL, PK11_GetWindow(tek));
PK11_FreeSlot(slot);
if (Ks == NULL) return NULL;
/* unwrap with the local Ks */
item.data = header->u.fortezza.key;
item.len = sizeof(header->u.fortezza.key);
/* rewrap the key with the TEK */
key = PK11_UnwrapSymKey(Ks,CKM_SKIPJACK_WRAP,
NULL, &item, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
if (key == NULL) {
PK11_FreeSymKey(Ks);
return NULL;
}
rv = PK11_WrapSymKey(CKM_SKIPJACK_WRAP, NULL, tek, key, &item);
PK11_FreeSymKey(Ks);
PK11_FreeSymKey(key);
if (rv != SECSuccess) {
return NULL;
}
/* copy over our local serial number */
PORT_Memset(header->u.fortezza.serial,0,sizeof(header->u.fortezza.serial));
/* change type to stream */
PutInt2(header->type, PRE_FORTEZZA_STREAM);
return(header);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
}

4
security/nss/lib/ssl/ssl.h
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl.h,v 1.21 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: ssl.h,v 1.22 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#ifndef __ssl_h_
#define __ssl_h_
@ -190,7 +190,7 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
#define SSL_SECURITY_STATUS_OFF 0
#define SSL_SECURITY_STATUS_ON_HIGH 1
#define SSL_SECURITY_STATUS_ON_LOW 2
#define SSL_SECURITY_STATUS_FORTEZZA 3
#define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
/*
** Return the certificate for our SSL peer. If the client calls this

1007
security/nss/lib/ssl/ssl3con.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

19
security/nss/lib/ssl/ssl3prot.h
Просмотреть файл

@ -1,4 +1,4 @@
/*
/* Private header file of libSSL.
* Various and sundry protocol constants. DON'T CHANGE THESE. These
* values are defined by the SSL 3.0 protocol specification.
*
@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl3prot.h,v 1.8 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: ssl3prot.h,v 1.9 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#ifndef __ssl3proto_h_
#define __ssl3proto_h_
@ -206,7 +206,6 @@ typedef enum {
kea_dhe_rsa_export,
kea_dh_anon,
kea_dh_anon_export,
kea_fortezza,
kea_rsa_fips,
kea_ecdh_ecdsa,
kea_ecdhe_ecdsa,
@ -259,7 +258,6 @@ typedef enum {
ct_RSA_fixed_ECDH = 8,
ct_ECDSA_fixed_ECDH = 9,
ct_Fortezza = 20
} SSL3ClientCertificateType;
typedef SECItem *SSL3DistinquishedName;
@ -271,18 +269,6 @@ typedef struct {
typedef SECItem SSL3EncryptedPreMasterSecret;
/* Following struct is the format of a Fortezza ClientKeyExchange message. */
typedef struct {
SECItem y_c;
SSL3Opaque r_c [128];
SSL3Opaque y_signature [40];
SSL3Opaque wrapped_client_write_key [12];
SSL3Opaque wrapped_server_write_key [12];
SSL3Opaque client_write_iv [24];
SSL3Opaque server_write_iv [24];
SSL3Opaque master_secret_iv [24];
SSL3Opaque encrypted_preMasterSecret[48];
} SSL3FortezzaKeys;
typedef SSL3Opaque SSL3MasterSecret[48];
@ -299,7 +285,6 @@ typedef struct {
union {
SSL3EncryptedPreMasterSecret rsa;
SSL3ClientDiffieHellmanPublic diffie_helman;
SSL3FortezzaKeys fortezza;
} exchange_keys;
} SSL3ClientKeyExchange;

5
security/nss/lib/ssl/sslauth.c
Просмотреть файл

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslauth.c,v 1.13 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslauth.c,v 1.14 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "secitem.h"
#include "ssl.h"
@ -117,8 +117,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
cipherName = ssl3_cipherName[ss->sec.cipherType];
}
if (cipherName && PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;
/* do same key stuff for fortezza */
if (cp) {
*cp = PORT_Strdup(cipherName);
}

4
security/nss/lib/ssl/sslcon.c
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslcon.c,v 1.26 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslcon.c,v 1.27 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "nssrenam.h"
#include "cert.h"
@ -145,7 +145,7 @@ const char * const ssl_cipherName[] = {
"DES-CBC",
"DES-EDE3-CBC",
"unknown",
"Fortezza",
"unknown", /* was fortezza, NO LONGER USED */
};

7
security/nss/lib/ssl/sslenum.c
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslenum.c,v 1.11 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslenum.c,v 1.12 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "ssl.h"
#include "sslproto.h"
@ -56,7 +56,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_RSA_WITH_AES_256_CBC_SHA,
/* 128-bit */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
@ -84,9 +83,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
/* 80 bit skipjack */
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* KEA + SkipJack */
/* 56-bit DES "domestic" cipher suites */
SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA,
@ -106,7 +102,6 @@ const PRUint16 SSL_ImplementedCiphers[] = {
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
/* ciphersuites with no encryption */
SSL_FORTEZZA_DMS_WITH_NULL_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDH_RSA_WITH_NULL_SHA,
TLS_ECDH_ECDSA_WITH_NULL_SHA,

18
security/nss/lib/ssl/sslimpl.h
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslimpl.h,v 1.38 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslimpl.h,v 1.39 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@ -84,7 +84,7 @@ typedef SSLSignType SSL3SignType;
#define calg_des ssl_calg_des
#define calg_3des ssl_calg_3des
#define calg_idea ssl_calg_idea
#define calg_fortezza ssl_calg_fortezza
#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
#define calg_aes ssl_calg_aes
#define mac_null ssl_mac_null
@ -414,7 +414,6 @@ typedef enum {
cipher_3des,
cipher_des40,
cipher_idea,
cipher_fortezza,
cipher_aes_128,
cipher_aes_256,
cipher_missing /* reserved for no such supported cipher */
@ -522,7 +521,6 @@ struct sslSessionIDStr {
SSL3CompressionMethod compression;
PRBool resumable;
int policy;
PRBool hasFortezza;
ssl3SidKeys keys;
CK_MECHANISM_TYPE masterWrapMech;
/* mechanism used to wrap master secret */
@ -560,11 +558,6 @@ struct sslSessionIDStr {
char masterValid;
char clAuthValid;
/* the following values are used only in the client, and only
* with fortezza.
*/
SSL3Opaque clientWriteSave[80];
int clientWriteSaveLen;
} ssl3;
} u;
};
@ -660,12 +653,7 @@ const ssl3CipherSuiteDef *suite_def;
/* protected by recvBufLock */
} SSL3HandshakeState;
struct SSL3FortezzaKEAParamsStr {
unsigned char R_s[128]; /* server's "random" public key */
PK11SymKey * tek;
};
typedef struct SSL3FortezzaKEAParamsStr SSL3FortezzaKEAParams;
/*
** This is the "ssl3" struct, as in "ss->ssl3".
@ -704,7 +692,7 @@ struct ssl3StateStr {
/* chain while we are trying to validate it. */
CERTDistNames * ca_list;
/* used by server. trusted CAs for this socket. */
SSL3FortezzaKEAParams fortezza;
};
typedef struct {

7
security/nss/lib/ssl/sslinfo.c
Просмотреть файл

@ -34,7 +34,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslinfo.c,v 1.11 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslinfo.c,v 1.12 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
@ -100,8 +100,6 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
return SECSuccess;
}
#define kt_kea kt_fortezza
#define calg_sj calg_fortezza
#define CS(x) x, #x
#define CK(x) x | 0xff00, #x
@ -143,7 +141,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 0, 0, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_RC4_128_SHA), S_KEA, K_KEA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 0, 0, 0, },
@ -156,7 +153,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),S_KEA, K_KEA, C_SJ, B_SJ, M_SHA, 1, 0, 0, },
{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, 0, 1, },
@ -166,7 +162,6 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
{0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5), S_RSA, K_RSA, C_RC4, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5), S_RSA, K_RSA, C_RC2, B_40, M_MD5, 0, 1, 0, },
{0,CS(SSL_FORTEZZA_DMS_WITH_NULL_SHA), S_KEA, K_KEA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL,B_0, M_SHA, 0, 1, 0, },
{0,CS(SSL_RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL,B_0, M_MD5, 0, 1, 0, },

8
security/nss/lib/ssl/sslproto.h
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslproto.h,v 1.8 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslproto.h,v 1.9 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#ifndef __sslproto_h_
#define __sslproto_h_
@ -139,9 +139,9 @@
#define SSL_DH_ANON_WITH_DES_CBC_SHA 0x001a
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA 0x001b
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA 0x001c /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA 0x001d /* deprecated */
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA 0x001e /* deprecated */
/* New TLS cipher suites */
#define TLS_RSA_WITH_AES_128_CBC_SHA 0x002F

9
security/nss/lib/ssl/sslsecur.c
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsecur.c,v 1.30 2005-06-28 17:48:26 wtchang%redhat.com Exp $ */
/* $Id: sslsecur.c,v 1.31 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "cert.h"
#include "secitem.h"
#include "keyhi.h"
@ -576,12 +576,7 @@ ssl_FindCertKEAType(CERTCertificate * cert)
case SEC_OID_PKCS1_RSA_ENCRYPTION:
keaType = kt_rsa;
break;
case SEC_OID_MISSI_KEA_DSS_OLD:
case SEC_OID_MISSI_KEA_DSS:
case SEC_OID_MISSI_DSS_OLD:
case SEC_OID_MISSI_DSS:
keaType = kt_fortezza;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
keaType = kt_dh;
break;

8
security/nss/lib/ssl/sslsnce.c
Просмотреть файл

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsnce.c,v 1.33 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslsnce.c,v 1.34 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
* cache sids!
@ -147,7 +147,7 @@ struct sidCacheEntryStr {
/* 2 */ PRUint16 compression; /* SSL3CompressionMethod */
/*122 */ ssl3SidKeys keys; /* keys and ivs, wrapped as needed. */
/* 1 */ PRUint8 hasFortezza;
/* 1 */ PRUint8 unused; /* was hasFortezza; */
/* 1 */ PRUint8 resumable;
/* 4 */ PRUint32 masterWrapMech;
@ -442,7 +442,6 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (uint16)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
@ -518,7 +517,6 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
to->u.ssl3.compression = (SSL3CompressionMethod)from->u.ssl3.compression;
to->u.ssl3.resumable = from->u.ssl3.resumable;
to->u.ssl3.hasFortezza = from->u.ssl3.hasFortezza;
to->u.ssl3.keys = from->u.ssl3.keys;
to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
to->u.ssl3.exchKeyType = from->u.ssl3.exchKeyType;
@ -544,8 +542,6 @@ ConvertToSID(sidCacheEntry *from, certCacheEntry *pcce,
to->u.ssl3.clAuthSeries = 0;
to->u.ssl3.clAuthValid = PR_FALSE;
to->u.ssl3.clientWriteSaveLen = 0;
if (from->u.ssl3.certIndex != -1 && pcce) {
SECItem derCert;

5
security/nss/lib/ssl/sslsock.c
Просмотреть файл

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.37 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslsock.c,v 1.38 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -71,8 +71,6 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_EN_DES_64_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_EN_DES_192_EDE3_CBC_WITH_MD5, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_RSA_WITH_RC4_128_MD5, SSL_RESTRICTED, SSL_NOT_ALLOWED },
{ SSL_RSA_WITH_RC4_128_SHA, SSL_RESTRICTED, SSL_NOT_ALLOWED },
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
@ -81,7 +79,6 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ SSL_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_ALLOWED, SSL_ALLOWED },
{ SSL_FORTEZZA_DMS_WITH_NULL_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },

8
security/nss/lib/ssl/sslt.h
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslt.h,v 1.8 2005-04-06 21:35:45 nelsonb%netscape.com Exp $ */
/* $Id: sslt.h,v 1.9 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
#ifndef __sslt_h_
#define __sslt_h_
@ -66,7 +66,7 @@ typedef enum {
ssl_kea_null = 0,
ssl_kea_rsa = 1,
ssl_kea_dh = 2,
ssl_kea_fortezza = 3,
ssl_kea_fortezza = 3, /* deprecated, now unused */
ssl_kea_ecdh = 4,
ssl_kea_size /* number of ssl_kea_ algorithms */
} SSLKEAType;
@ -79,7 +79,7 @@ typedef enum {
#define kt_null ssl_kea_null
#define kt_rsa ssl_kea_rsa
#define kt_dh ssl_kea_dh
#define kt_fortezza ssl_kea_fortezza
#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
#define kt_ecdh ssl_kea_ecdh
#define kt_kea_size ssl_kea_size
@ -105,7 +105,7 @@ typedef enum {
ssl_calg_des = 3,
ssl_calg_3des = 4,
ssl_calg_idea = 5,
ssl_calg_fortezza = 6, /* skipjack */
ssl_calg_fortezza = 6, /* deprecated, now unused */
ssl_calg_aes = 7 /* coming soon */
} SSLCipherAlgorithm;