Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 577475 Details for
Bug 806588
Disable SSL PKCS #11 bypass at build time
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Disable sslbypass at build time
Bug-806588-disable-sslbypass.patch (text/plain), 14.78 KB, created by
Elio Maldonado Batiz
on 2012-04-14 18:34:17 UTC
(
hide
)
Description:
Disable sslbypass at build time
Filename:
MIME Type:
Creator:
Elio Maldonado Batiz
Created:
2012-04-14 18:34:17 UTC
Size:
14.78 KB
patch
obsolete
>diff -up ./mozilla/security/nss/lib/ssl/ssl3con.c.806588 ./mozilla/security/nss/lib/ssl/ssl3con.c >--- ./mozilla/security/nss/lib/ssl/ssl3con.c.806588 2012-03-05 18:23:25.000000000 -0800 >+++ ./mozilla/security/nss/lib/ssl/ssl3con.c 2012-04-14 10:28:29.479564192 -0700 >@@ -1007,10 +1007,8 @@ ssl3_ComputeCommonKeyHash(PRUint8 * hash > { > SECStatus rv = SECSuccess; > >- if (bypassPKCS11) { >- MD5_HashBuf (hashes->md5, hashBuf, bufLen); >- SHA1_HashBuf(hashes->sha, hashBuf, bufLen); >- } else { >+ PORT_Assert (bypassPKCS11 == PR_FALSE); >+ > rv = PK11_HashBuf(SEC_OID_MD5, hashes->md5, hashBuf, bufLen); > if (rv != SECSuccess) { > ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); >@@ -1023,7 +1021,7 @@ ssl3_ComputeCommonKeyHash(PRUint8 * hash > ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); > rv = SECFailure; > } >- } >+ > done: > return rv; > } >@@ -1788,21 +1786,8 @@ ssl3_InitPendingCipherSpec(sslSocket *ss > goto done; /* err code set by ssl3_DeriveMasterSecret */ > } > } >- if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { >- /* Double Bypass succeeded in extracting the master_secret */ >- const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; >- PRBool isTLS = (PRBool)(kea_def->tls_keygen || >- (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); >- pwSpec->bypassCiphers = PR_TRUE; >- rv = ssl3_KeyAndMacDeriveBypass( pwSpec, >- (const unsigned char *)&ss->ssl3.hs.client_random, >- (const unsigned char *)&ss->ssl3.hs.server_random, >- isTLS, >- (PRBool)(kea_def->is_limited)); >- if (rv == SECSuccess) { >- rv = ssl3_InitPendingContextsBypass(ss); >- } >- } else if (pwSpec->master_secret) { >+ PORT_Assert(ss->opt.bypassPKCS11 == PR_FALSE); >+ if (pwSpec->master_secret) { > rv = ssl3_DeriveConnectionKeysPKCS11(ss); > if (rv == SECSuccess) { > rv = ssl3_InitPendingContextsPKCS11(ss); >@@ -3177,11 +3162,7 @@ ssl3_RestartHandshakeHashes(sslSocket *s > { > SECStatus rv = SECSuccess; > >- if (ss->opt.bypassPKCS11) { >- ss->ssl3.hs.messages.len = 0; >- MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); >- SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); >- } else { >+ PORT_Assert(ss->opt.bypassPKCS11 == PR_FALSE); > rv = PK11_DigestBegin(ss->ssl3.hs.md5); > if (rv != SECSuccess) { > ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); >@@ -3192,7 +3173,6 @@ ssl3_RestartHandshakeHashes(sslSocket *s > ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); > return rv; > } >- } > return rv; > } > >@@ -3208,11 +3188,7 @@ ssl3_NewHandshakeHashes(sslSocket *ss) > * that the master secret will wind up in ... > */ > SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); >- if (ss->opt.bypassPKCS11) { >- PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); >- ss->ssl3.hs.messages.buf = NULL; >- ss->ssl3.hs.messages.space = 0; >- } else { >+ PORT_Assert(ss->opt.bypassPKCS11 == PR_FALSE); > ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); > ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); > if (md5 == NULL) { >@@ -3223,7 +3199,6 @@ ssl3_NewHandshakeHashes(sslSocket *ss) > ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); > goto loser; > } >- } > if (SECSuccess == ssl3_RestartHandshakeHashes(ss)) { > return SECSuccess; > } >@@ -3260,14 +3235,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss > > PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); > >- if (ss->opt.bypassPKCS11) { >- MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); >- SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); >-#if defined(NSS_SURVIVE_DOUBLE_BYPASS_FAILURE) >- rv = sslBuffer_Append(&ss->ssl3.hs.messages, b, l); >-#endif >- return rv; >- } >+ PORT_Assert(ss->opt.bypassPKCS11 == PR_FALSE); > rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); > if (rv != SECSuccess) { > ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); >@@ -3524,89 +3492,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * > > PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); > >- if (ss->opt.bypassPKCS11) { >- /* compute them without PKCS11 */ >- PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; >- PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; >- >-#define md5cx ((MD5Context *)md5_cx) >-#define shacx ((SHA1Context *)sha_cx) >- >- if (!spec->msItem.data) { >- PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); >- return SECFailure; >- } >- >- MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx); >- SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx); >- >- if (!isTLS) { >- /* compute hashes for SSL3. */ >- unsigned char s[4]; >- >- s[0] = (unsigned char)(sender >> 24); >- s[1] = (unsigned char)(sender >> 16); >- s[2] = (unsigned char)(sender >> 8); >- s[3] = (unsigned char)sender; >- >- if (sender != 0) { >- MD5_Update(md5cx, s, 4); >- PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4)); >- } >- >- PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1, >- mac_defs[mac_md5].pad_size)); >- >- MD5_Update(md5cx, spec->msItem.data, spec->msItem.len); >- MD5_Update(md5cx, mac_pad_1, mac_defs[mac_md5].pad_size); >- MD5_End(md5cx, md5_inner, &outLength, MD5_LENGTH); >- >- PRINT_BUF(95, (NULL, "MD5 inner: result", md5_inner, outLength)); >- >- if (sender != 0) { >- SHA1_Update(shacx, s, 4); >- PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4)); >- } >- >- PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1, >- mac_defs[mac_sha].pad_size)); >- >- SHA1_Update(shacx, spec->msItem.data, spec->msItem.len); >- SHA1_Update(shacx, mac_pad_1, mac_defs[mac_sha].pad_size); >- SHA1_End(shacx, sha_inner, &outLength, SHA1_LENGTH); >- >- PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength)); >- PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2, >- mac_defs[mac_md5].pad_size)); >- PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH)); >- >- MD5_Begin(md5cx); >- MD5_Update(md5cx, spec->msItem.data, spec->msItem.len); >- MD5_Update(md5cx, mac_pad_2, mac_defs[mac_md5].pad_size); >- MD5_Update(md5cx, md5_inner, MD5_LENGTH); >- } >- MD5_End(md5cx, hashes->md5, &outLength, MD5_LENGTH); >- >- PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->md5, MD5_LENGTH)); >- >- if (!isTLS) { >- PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2, >- mac_defs[mac_sha].pad_size)); >- PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH)); >- >- SHA1_Begin(shacx); >- SHA1_Update(shacx, spec->msItem.data, spec->msItem.len); >- SHA1_Update(shacx, mac_pad_2, mac_defs[mac_sha].pad_size); >- SHA1_Update(shacx, sha_inner, SHA1_LENGTH); >- } >- SHA1_End(shacx, hashes->sha, &outLength, SHA1_LENGTH); >- >- PRINT_BUF(60, (NULL, "SHA outer: result", hashes->sha, SHA1_LENGTH)); >- >- rv = SECSuccess; >-#undef md5cx >-#undef shacx >- } else { >+ PORT_Assert(ss->opt.bypassPKCS11 == PR_FALSE); >+ { > /* compute hases with PKCS11 */ > PK11Context * md5; > PK11Context * sha = NULL; >@@ -6453,12 +6340,6 @@ compression_found: > if (pwSpec->master_secret == NULL) { > break; /* not an error */ > } >- } else if (ss->opt.bypassPKCS11) { >- wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; >- wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; >- memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); >- pwSpec->msItem.data = pwSpec->raw_master_secret; >- pwSpec->msItem.len = wrappedMS.len; > } else { > /* We CAN restart a bypass session in a non-bypass socket. */ > /* need to import the raw master secret to session object */ >@@ -9587,10 +9468,6 @@ ssl3_DestroySSL3Info(sslSocket *ss) > } > > /* clean up handshake */ >- if (ss->opt.bypassPKCS11) { >- SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); >- MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); >- } > if (ss->ssl3.hs.md5) { > PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); > } >diff -up ./mozilla/security/nss/lib/ssl/ssl3ext.c.806588 ./mozilla/security/nss/lib/ssl/ssl3ext.c >--- ./mozilla/security/nss/lib/ssl/ssl3ext.c.806588 2012-03-12 12:14:12.000000000 -0700 >+++ ./mozilla/security/nss/lib/ssl/ssl3ext.c 2012-04-14 10:19:41.364576109 -0700 >@@ -721,13 +721,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > rv = PK11_GenerateRandom(iv, sizeof(iv)); > if (rv != SECSuccess) goto loser; > >- if (ss->opt.bypassPKCS11) { >- rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, >- &mac_key, &mac_key_length); >- } else { > rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, > &mac_key_pkcs11); >- } > if (rv != SECSuccess) goto loser; > > if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) { >@@ -891,17 +886,6 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > } > > /* Generate encrypted portion of ticket. */ >- if (ss->opt.bypassPKCS11) { >- aes_ctx = (AESContext *)aes_ctx_buf; >- rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, >- NSS_AES_CBC, 1, AES_BLOCK_SIZE); >- if (rv != SECSuccess) goto loser; >- >- rv = AES_Encrypt(aes_ctx, ciphertext.data, &ciphertext.len, >- ciphertext.len, plaintext_item.data, >- plaintext_item.len); >- if (rv != SECSuccess) goto loser; >- } else { > aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, > CKA_ENCRYPT, aes_key_pkcs11, &ivItem); > if (!aes_ctx_pkcs11) >@@ -913,28 +897,13 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > PK11_Finalize(aes_ctx_pkcs11); > PK11_DestroyContext(aes_ctx_pkcs11, PR_TRUE); > if (rv != SECSuccess) goto loser; >- } > > /* Convert ciphertext length to network order. */ > length_buf[0] = (ciphertext.len >> 8) & 0xff; > length_buf[1] = (ciphertext.len ) & 0xff; > > /* Compute MAC. */ >- if (ss->opt.bypassPKCS11) { >- hmac_ctx = (HMACContext *)hmac_ctx_buf; >- hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); >- if (HMAC_Init(hmac_ctx, hashObj, mac_key, >- mac_key_length, PR_FALSE) != SECSuccess) >- goto loser; >- >- HMAC_Begin(hmac_ctx); >- HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); >- HMAC_Update(hmac_ctx, iv, sizeof(iv)); >- HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); >- HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); >- HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, >- sizeof(computed_mac)); >- } else { >+ { > SECItem macParam; > macParam.data = NULL; > macParam.len = 0; >@@ -1074,13 +1043,8 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > return SECFailure; > > /* Get session ticket keys. */ >- if (ss->opt.bypassPKCS11) { >- rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, >- &mac_key, &mac_key_length); >- } else { >- rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, >+ rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, > &mac_key_pkcs11); >- } > if (rv != SECSuccess) { > SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.", > SSL_GETPID(), ss->fd)); >@@ -1100,19 +1064,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > /* Verify the MAC on the ticket. MAC verification may also > * fail if the MAC key has been recently refreshed. > */ >- if (ss->opt.bypassPKCS11) { >- hmac_ctx = (HMACContext *)hmac_ctx_buf; >- hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); >- if (HMAC_Init(hmac_ctx, hashObj, mac_key, >- sizeof(session_ticket_mac_key), PR_FALSE) != SECSuccess) >- goto no_ticket; >- HMAC_Begin(hmac_ctx); >- HMAC_Update(hmac_ctx, extension_data.data, >- extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); >- if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, >- sizeof(computed_mac)) != SECSuccess) >- goto no_ticket; >- } else { >+ { > SECItem macParam; > macParam.data = NULL; > macParam.len = 0; >@@ -1156,24 +1108,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > decrypted_state = SECITEM_AllocItem(NULL, NULL, > enc_session_ticket.encrypted_state.len); > >- if (ss->opt.bypassPKCS11) { >- aes_ctx = (AESContext *)aes_ctx_buf; >- rv = AES_InitContext(aes_ctx, aes_key, >- sizeof(session_ticket_enc_key), enc_session_ticket.iv, >- NSS_AES_CBC, 0,AES_BLOCK_SIZE); >- if (rv != SECSuccess) { >- SSL_DBG(("%d: SSL[%d]: Unable to create AES context.", >- SSL_GETPID(), ss->fd)); >- goto no_ticket; >- } >- >- rv = AES_Decrypt(aes_ctx, decrypted_state->data, >- &decrypted_state->len, decrypted_state->len, >- enc_session_ticket.encrypted_state.data, >- enc_session_ticket.encrypted_state.len); >- if (rv != SECSuccess) >- goto no_ticket; >- } else { >+ { > SECItem ivItem; > ivItem.data = enc_session_ticket.iv; > ivItem.len = AES_BLOCK_SIZE; >@@ -1347,9 +1282,6 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > sid->keaKeyBits = parsed_session_ticket->keaKeyBits; > > /* Copy master secret. */ >- if (ss->opt.bypassPKCS11 && >- parsed_session_ticket->ms_is_wrapped) >- goto no_ticket; > if (parsed_session_ticket->ms_length > > sizeof(sid->u.ssl3.keys.wrapped_master_secret)) > goto no_ticket; >diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.806588 ./mozilla/security/nss/lib/ssl/sslsock.c >--- ./mozilla/security/nss/lib/ssl/sslsock.c.806588 2012-04-14 10:09:14.625590279 -0700 >+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-04-14 10:15:11.919582189 -0700 >@@ -686,15 +686,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh > PORT_SetError(PR_INVALID_STATE_ERROR); > rv = SECFailure; > } else { >- if (PR_FALSE != on) { >- if (PR_SUCCESS == SSL_BypassSetup() ) { >- ss->opt.bypassPKCS11 = on; >- } else { >- rv = SECFailure; >- } >- } else { >- ss->opt.bypassPKCS11 = PR_FALSE; >- } >+ ss->opt.bypassPKCS11 = PR_FALSE; > } > break; > >@@ -970,15 +962,7 @@ SSL_OptionSetDefault(PRInt32 which, PRBo > break; > > case SSL_BYPASS_PKCS11: >- if (PR_FALSE != on) { >- if (PR_SUCCESS == SSL_BypassSetup()) { >- ssl_defaults.bypassPKCS11 = on; >- } else { >- return SECFailure; >- } >- } else { >- ssl_defaults.bypassPKCS11 = PR_FALSE; >- } >+ ssl_defaults.bypassPKCS11 = PR_FALSE; > break; > > case SSL_NO_LOCKS: >diff -up ./mozilla/security/nss/tests/ssl/ssl.sh.806588 ./mozilla/security/nss/tests/ssl/ssl.sh >--- ./mozilla/security/nss/tests/ssl/ssl.sh.806588 2012-02-13 05:00:09.000000000 -0800 >+++ ./mozilla/security/nss/tests/ssl/ssl.sh 2012-04-14 10:10:29.559588573 -0700 >@@ -958,7 +958,7 @@ ssl_run_tests() > SERVER_OPTIONS= > ;; > "bypass") >- SERVER_OPTIONS="-B -s" >+ echo "${SCRIPTNAME}: sslbypass not supported." > ;; > "fips") > SERVER_OPTIONS= >@@ -975,7 +975,7 @@ ssl_run_tests() > CLIENT_OPTIONS= > ;; > "bypass") >- CLIENT_OPTIONS="-B -s" >+ echo "${SCRIPTNAME}: sslbypass not supported." > ;; > "fips") > SERVER_OPTIONS=
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=577475">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 806588
:
572564
|
574100
|
577475
|
584430
|
594623
|
594787
|
641885