Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 594623 Details for
Bug 806588
Disable SSL PKCS #11 bypass at build time
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Disable ssl pkcs #11 bypass at buitime
Bug-806588-disable-sslbypass.patch (text/plain), 23.20 KB, created by
Elio Maldonado Batiz
on 2012-06-26 22:06:36 UTC
(
hide
)
Description:
Disable ssl pkcs #11 bypass at buitime
Filename:
MIME Type:
Creator:
Elio Maldonado Batiz
Created:
2012-06-26 22:06:36 UTC
Size:
23.20 KB
patch
obsolete
>Index: mozilla/security/nss/lib/ssl/Makefile >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/Makefile,v >retrieving revision 1.9 >diff -u -p -r1.9 Makefile >--- mozilla/security/nss/lib/ssl/Makefile 4 Feb 2010 19:09:08 -0000 1.9 >+++ mozilla/security/nss/lib/ssl/Makefile 26 Jun 2012 18:21:33 -0000 >@@ -89,5 +89,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk > > export:: private_export > >+ifndef NSS_NO_PKCS11_BYPASS > # indicates dependency on freebl static lib > $(SHARED_LIBRARY): $(CRYPTOLIB) >+endif >Index: mozilla/security/nss/lib/ssl/config.mk >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/config.mk,v >retrieving revision 1.31.6.2 >diff -u -p -r1.31.6.2 config.mk >--- mozilla/security/nss/lib/ssl/config.mk 20 Apr 2012 00:37:53 -0000 1.31.6.2 >+++ mozilla/security/nss/lib/ssl/config.mk 26 Jun 2012 18:21:33 -0000 >@@ -43,11 +43,15 @@ ifdef NSS_SURVIVE_DOUBLE_BYPASS_FAILURE > DEFINES += -DNSS_SURVIVE_DOUBLE_BYPASS_FAILURE > endif > >+ifdef NSS_NO_PKCS11_BYPASS >+DEFINES += -DNO_PKCS11_BYPASS >+else > CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX) > > EXTRA_LIBS += \ > $(CRYPTOLIB) \ > $(NULL) >+endif > > ifeq (,$(filter-out WIN%,$(OS_TARGET))) > >Index: mozilla/security/nss/lib/ssl/derive.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/derive.c,v >retrieving revision 1.13.2.2 >diff -u -p -r1.13.2.2 derive.c >--- mozilla/security/nss/lib/ssl/derive.c 20 Apr 2012 00:37:53 -0000 1.13.2.2 >+++ mozilla/security/nss/lib/ssl/derive.c 26 Jun 2012 18:21:33 -0000 >@@ -42,7 +42,9 @@ > #include "certt.h" /* prereq to sslimpl.h */ > #include "keythi.h" /* prereq to sslimpl.h */ > #include "sslimpl.h" >+#ifndef NO_PKCS11_BYPASS > #include "blapi.h" >+#endif > > #include "keyhi.h" > #include "pk11func.h" >@@ -53,6 +55,7 @@ > #include "sslproto.h" > #include "sslerr.h" > >+#ifndef NO_PKCS11_BYPASS > /* make this a macro! */ > #ifdef NOT_A_MACRO > static void >@@ -570,6 +573,7 @@ ssl_canExtractMS(PK11SymKey *pms, PRBool > return(rv); > > } >+#endif /* !NO_PKCS11_BYPASS */ > > /* Check the key exchange algorithm for each cipher in the list to see if > * a master secret key can be extracted. If the KEA will use keys from the >@@ -587,7 +591,16 @@ SECStatus > SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey, > PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites, > PRBool *pcanbypass, void *pwArg) >-{ SECStatus rv; >+{ >+#ifdef NO_PKCS11_BYPASS >+ if (!pcanbypass) { >+ PORT_SetError(SEC_ERROR_INVALID_ARGS); >+ return SECFailure; >+ } >+ *pcanbypass = PR_FALSE; >+ return SECSuccess; >+#else >+ SECStatus rv; > int i; > PRUint16 suite; > PK11SymKey * pms = NULL; >@@ -877,5 +890,6 @@ SSL_CanBypass(CERTCertificate *cert, SEC > > > return rv; >+#endif /* NO_PKCS11_BYPASS */ > } > >Index: mozilla/security/nss/lib/ssl/ssl3con.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v >retrieving revision 1.167.2.2 >diff -u -p -r1.167.2.2 ssl3con.c >--- mozilla/security/nss/lib/ssl/ssl3con.c 20 Apr 2012 00:37:53 -0000 1.167.2.2 >+++ mozilla/security/nss/lib/ssl/ssl3con.c 26 Jun 2012 18:21:34 -0000 >@@ -60,7 +60,9 @@ > > #include "pk11func.h" > #include "secmod.h" >+#ifndef NO_PKCS11_BYPASS > #include "blapi.h" >+#endif > > #include <stdio.h> > #ifdef NSS_ENABLE_ZLIB >@@ -1008,8 +1010,10 @@ ssl3_ComputeCommonKeyHash(PRUint8 * hash > SECStatus rv = SECSuccess; > > if (bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > MD5_HashBuf (hashes->md5, hashBuf, bufLen); > SHA1_HashBuf(hashes->sha, hashBuf, bufLen); >+#endif > } else { > rv = PK11_HashBuf(SEC_OID_MD5, hashes->md5, hashBuf, bufLen); > if (rv != SECSuccess) { >@@ -1425,6 +1429,7 @@ ssl3_InitCompressionContext(ssl3CipherSp > return SECSuccess; > } > >+#ifndef NO_PKCS11_BYPASS > /* Initialize encryption and MAC contexts for pending spec. > * Master Secret already is derived in spec->msItem > * Caller holds Spec write lock. >@@ -1591,6 +1596,7 @@ success: > bail_out: > return SECFailure; > } >+#endif > > /* This function should probably be moved to pk11wrap and be named > * PK11_ParamFromIVAndEffectiveKeyBits >@@ -1789,6 +1795,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss > } > } > if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) { >+#ifndef NO_PKCS11_BYPASS > /* Double Bypass succeeded in extracting the master_secret */ > const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; > PRBool isTLS = (PRBool)(kea_def->tls_keygen || >@@ -1802,6 +1809,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss > if (rv == SECSuccess) { > rv = ssl3_InitPendingContextsBypass(ss); > } >+#endif > } else if (pwSpec->master_secret) { > rv = ssl3_DeriveConnectionKeysPKCS11(ss); > if (rv == SECSuccess) { >@@ -1914,6 +1922,7 @@ ssl3_ComputeRecordMAC( > rv |= PK11_DigestOp(mac_context, input, inputLength); > rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size); > } else { >+#ifndef NO_PKCS11_BYPASS > /* bypass version */ > const SECHashObject *hashObj = NULL; > unsigned int pad_bytes = 0; >@@ -1996,6 +2005,7 @@ ssl3_ComputeRecordMAC( > } > #undef cx > } >+#endif > } > > PORT_Assert(rv != SECSuccess || *outLength == (unsigned)spec->mac_size); >@@ -2995,6 +3005,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P > ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); > return rv; > } >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11) { > SECItem * keydata; > /* In hope of doing a "double bypass", >@@ -3030,6 +3041,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, P > return SECFailure; > } > } >+#endif > return SECSuccess; > } > >@@ -3178,9 +3190,11 @@ ssl3_RestartHandshakeHashes(sslSocket *s > SECStatus rv = SECSuccess; > > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > ss->ssl3.hs.messages.len = 0; > MD5_Begin((MD5Context *)ss->ssl3.hs.md5_cx); > SHA1_Begin((SHA1Context *)ss->ssl3.hs.sha_cx); >+#endif > } else { > rv = PK11_DigestBegin(ss->ssl3.hs.md5); > if (rv != SECSuccess) { >@@ -3209,9 +3223,11 @@ ssl3_NewHandshakeHashes(sslSocket *ss) > */ > SSL_TRC(30,("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd)); > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space); > ss->ssl3.hs.messages.buf = NULL; > ss->ssl3.hs.messages.space = 0; >+#endif > } else { > ss->ssl3.hs.md5 = md5 = PK11_CreateDigestContext(SEC_OID_MD5); > ss->ssl3.hs.sha = sha = PK11_CreateDigestContext(SEC_OID_SHA1); >@@ -3260,6 +3276,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss > > PRINT_BUF(90, (NULL, "MD5 & SHA handshake hash input:", b, l)); > >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11) { > MD5_Update((MD5Context *)ss->ssl3.hs.md5_cx, b, l); > SHA1_Update((SHA1Context *)ss->ssl3.hs.sha_cx, b, l); >@@ -3268,6 +3285,7 @@ ssl3_UpdateHandshakeHashes(sslSocket *ss > #endif > return rv; > } >+#endif > rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l); > if (rv != SECSuccess) { > ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); >@@ -3525,6 +3543,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * > PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); > > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > /* compute them without PKCS11 */ > PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; > PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; >@@ -3606,6 +3625,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * > rv = SECSuccess; > #undef md5cx > #undef shacx >+#endif > } else { > /* compute hases with PKCS11 */ > PK11Context * md5; >@@ -5139,12 +5159,14 @@ ssl3_HandleServerHello(sslSocket *ss, SS > PK11SymKey * wrapKey; /* wrapping key */ > CK_FLAGS keyFlags = 0; > >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11) { > /* we cannot restart a non-bypass session in a > ** bypass socket. > */ > break; > } >+#endif > /* unwrap master secret with PKCS11 */ > slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID, > sid->u.ssl3.masterSlotID); >@@ -5179,6 +5201,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS > if (pwSpec->master_secret == NULL) { > break; /* errorCode set just after call to UnwrapSymKey. */ > } >+#ifndef NO_PKCS11_BYPASS > } else if (ss->opt.bypassPKCS11) { > /* MS is not wrapped */ > wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; >@@ -5186,6 +5209,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS > memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); > pwSpec->msItem.data = pwSpec->raw_master_secret; > pwSpec->msItem.len = wrappedMS.len; >+#endif > } else { > /* We CAN restart a bypass session in a non-bypass socket. */ > /* need to import the raw master secret to session object */ >@@ -6422,12 +6446,14 @@ compression_found: > if (sid->u.ssl3.keys.msIsWrapped) { > PK11SymKey * wrapKey; /* wrapping key */ > CK_FLAGS keyFlags = 0; >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11) { > /* we cannot restart a non-bypass session in a > ** bypass socket. > */ > break; > } >+#endif > > wrapKey = getWrappingKey(ss, NULL, sid->u.ssl3.exchKeyType, > sid->u.ssl3.masterWrapMech, >@@ -6453,12 +6479,14 @@ compression_found: > if (pwSpec->master_secret == NULL) { > break; /* not an error */ > } >+#ifndef NO_PKCS11_BYPASS > } else if (ss->opt.bypassPKCS11) { > wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret; > wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; > memcpy(pwSpec->raw_master_secret, wrappedMS.data, wrappedMS.len); > pwSpec->msItem.data = pwSpec->raw_master_secret; > pwSpec->msItem.len = wrappedMS.len; >+#endif > } else { > /* We CAN restart a bypass session in a non-bypass socket. */ > /* need to import the raw master secret to session object */ >@@ -7377,10 +7405,12 @@ ssl3_HandleRSAClientKeyExchange(sslSocke > SECKEYPrivateKey *serverKey) > { > PK11SymKey * pms; >+#ifndef NO_PKCS11_BYPASS > unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random; > unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random; > ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; > unsigned int outLen = 0; >+#endif > PRBool isTLS = PR_FALSE; > SECStatus rv; > SECItem enc_pms; >@@ -7411,6 +7441,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocke > } > > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > /* TRIPLE BYPASS, get PMS directly from RSA decryption. > * Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer, > * then, check for version rollback attack, then >@@ -7441,8 +7472,11 @@ ssl3_HandleRSAClientKeyExchange(sslSocke > PK11_GenerateRandom(pwSpec->msItem.data, pwSpec->msItem.len); > } > rv = ssl3_InitPendingCipherSpec(ss, NULL); >+#endif > } else { >+#ifndef NO_PKCS11_BYPASS > double_bypass: >+#endif > /* > * unwrap pms out of the incoming buffer > * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do >@@ -8225,6 +8259,11 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec * > PK11_DestroyContext(prf_context, PR_TRUE); > } else { > /* bypass PKCS11 */ >+#ifdef NO_PKCS11_BYPASS >+ PORT_Assert(spec->master_secret); >+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); >+ rv = SECFailure; >+#else > SECItem inData = { siBuffer, }; > SECItem outData = { siBuffer, }; > PRBool isFIPS = PR_FALSE; >@@ -8236,6 +8275,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec * > rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); > PORT_Assert(rv != SECSuccess || \ > outData.len == sizeof tlsFinished->verify_data); >+#endif > } > return rv; > } >@@ -9587,10 +9627,12 @@ ssl3_DestroySSL3Info(sslSocket *ss) > } > > /* clean up handshake */ >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11) { > SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE); > MD5_DestroyContext((MD5Context *)ss->ssl3.hs.md5_cx, PR_FALSE); > } >+#endif > if (ss->ssl3.hs.md5) { > PK11_DestroyContext(ss->ssl3.hs.md5,PR_TRUE); > } >Index: mozilla/security/nss/lib/ssl/ssl3ecc.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ecc.c,v >retrieving revision 1.26 >diff -u -p -r1.26 ssl3ecc.c >--- mozilla/security/nss/lib/ssl/ssl3ecc.c 13 Feb 2012 17:19:40 -0000 1.26 >+++ mozilla/security/nss/lib/ssl/ssl3ecc.c 26 Jun 2012 18:21:34 -0000 >@@ -62,8 +62,10 @@ > > #include "pk11func.h" > #include "secmod.h" >+#ifndef NO_PKCS11_BYPASS > #include "ec.h" > #include "blapi.h" >+#endif > > #include <stdio.h> > >Index: mozilla/security/nss/lib/ssl/ssl3ext.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ext.c,v >retrieving revision 1.22.2.2 >diff -u -p -r1.22.2.2 ssl3ext.c >--- mozilla/security/nss/lib/ssl/ssl3ext.c 20 Apr 2012 00:37:53 -0000 1.22.2.2 >+++ mozilla/security/nss/lib/ssl/ssl3ext.c 26 Jun 2012 18:21:34 -0000 >@@ -49,17 +49,23 @@ > #include "sslproto.h" > #include "sslimpl.h" > #include "pk11pub.h" >+#ifdef NO_PKCS11_BYPASS >+#include "blapit.h" >+#else > #include "blapi.h" >+#endif > #include "prinit.h" > > static unsigned char key_name[SESS_TICKET_KEY_NAME_LEN]; > static PK11SymKey *session_ticket_enc_key_pkcs11 = NULL; > static PK11SymKey *session_ticket_mac_key_pkcs11 = NULL; > >+#ifndef NO_PKCS11_BYPASS > static unsigned char session_ticket_enc_key[AES_256_KEY_LENGTH]; > static unsigned char session_ticket_mac_key[SHA256_LENGTH]; > > static PRBool session_ticket_keys_initialized = PR_FALSE; >+#endif > static PRCallOnceType generate_session_keys_once; > > /* forward static function declarations */ >@@ -71,9 +77,11 @@ static SECStatus ssl3_AppendNumberToItem > PRInt32 lenSize); > static SECStatus ssl3_GetSessionTicketKeysPKCS11(sslSocket *ss, > PK11SymKey **aes_key, PK11SymKey **mac_key); >+#ifndef NO_PKCS11_BYPASS > static SECStatus ssl3_GetSessionTicketKeys(const unsigned char **aes_key, > PRUint32 *aes_key_length, const unsigned char **mac_key, > PRUint32 *mac_key_length); >+#endif > static PRInt32 ssl3_SendRenegotiationInfoXtn(sslSocket * ss, > PRBool append, PRUint32 maxBytes); > static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, >@@ -194,6 +202,7 @@ ssl3_GetSessionTicketKeysPKCS11(sslSocke > return SECSuccess; > } > >+#ifndef NO_PKCS11_BYPASS > static PRStatus > ssl3_GenerateSessionTicketKeys(void) > { >@@ -227,6 +236,7 @@ ssl3_GetSessionTicketKeys(const unsigned > > return SECSuccess; > } >+#endif > > /* Table of handlers for received TLS hello extensions, one per extension. > * In the second generation, this table will be dynamic, and functions >@@ -683,17 +693,21 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > PRUint32 now; > PK11SymKey *aes_key_pkcs11; > PK11SymKey *mac_key_pkcs11; >+#ifndef NO_PKCS11_BYPASS > const unsigned char *aes_key; > const unsigned char *mac_key; > PRUint32 aes_key_length; > PRUint32 mac_key_length; > PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; > AESContext *aes_ctx; >+#endif > CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; > PK11Context *aes_ctx_pkcs11; >+#ifndef NO_PKCS11_BYPASS > const SECHashObject *hashObj = NULL; > PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; > HMACContext *hmac_ctx; >+#endif > CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; > PK11Context *hmac_ctx_pkcs11; > unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; >@@ -722,8 +736,10 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > if (rv != SECSuccess) goto loser; > > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, > &mac_key, &mac_key_length); >+#endif > } else { > rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, > &mac_key_pkcs11); >@@ -892,6 +908,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > > /* Generate encrypted portion of ticket. */ > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > aes_ctx = (AESContext *)aes_ctx_buf; > rv = AES_InitContext(aes_ctx, aes_key, aes_key_length, iv, > NSS_AES_CBC, 1, AES_BLOCK_SIZE); >@@ -901,6 +918,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > ciphertext.len, plaintext_item.data, > plaintext_item.len); > if (rv != SECSuccess) goto loser; >+#endif > } else { > aes_ctx_pkcs11 = PK11_CreateContextBySymKey(cipherMech, > CKA_ENCRYPT, aes_key_pkcs11, &ivItem); >@@ -921,6 +939,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > > /* Compute MAC. */ > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > hmac_ctx = (HMACContext *)hmac_ctx_buf; > hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); > if (HMAC_Init(hmac_ctx, hashObj, mac_key, >@@ -934,6 +953,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) > HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); > HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, > sizeof(computed_mac)); >+#endif > } else { > SECItem macParam; > macParam.data = NULL; >@@ -1032,19 +1052,25 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > EncryptedSessionTicket enc_session_ticket; > unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; > unsigned int computed_mac_length; >+#ifndef NO_PKCS11_BYPASS > const SECHashObject *hashObj; > const unsigned char *aes_key; > const unsigned char *mac_key; >+#endif > PK11SymKey *aes_key_pkcs11; > PK11SymKey *mac_key_pkcs11; >+#ifndef NO_PKCS11_BYPASS > PRUint32 aes_key_length; > PRUint32 mac_key_length; > PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; > HMACContext *hmac_ctx; >+#endif > PK11Context *hmac_ctx_pkcs11; > CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; >+#ifndef NO_PKCS11_BYPASS > PRUint64 aes_ctx_buf[MAX_CIPHER_CONTEXT_LLONGS]; > AESContext *aes_ctx; >+#endif > PK11Context *aes_ctx_pkcs11; > CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; > unsigned char * padding; >@@ -1075,8 +1101,10 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > > /* Get session ticket keys. */ > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > rv = ssl3_GetSessionTicketKeys(&aes_key, &aes_key_length, > &mac_key, &mac_key_length); >+#endif > } else { > rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11, > &mac_key_pkcs11); >@@ -1101,6 +1129,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > * fail if the MAC key has been recently refreshed. > */ > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > hmac_ctx = (HMACContext *)hmac_ctx_buf; > hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); > if (HMAC_Init(hmac_ctx, hashObj, mac_key, >@@ -1112,6 +1141,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, > sizeof(computed_mac)) != SECSuccess) > goto no_ticket; >+#endif > } else { > SECItem macParam; > macParam.data = NULL; >@@ -1157,6 +1187,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > enc_session_ticket.encrypted_state.len); > > if (ss->opt.bypassPKCS11) { >+#ifndef NO_PKCS11_BYPASS > aes_ctx = (AESContext *)aes_ctx_buf; > rv = AES_InitContext(aes_ctx, aes_key, > sizeof(session_ticket_enc_key), enc_session_ticket.iv, >@@ -1173,6 +1204,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > enc_session_ticket.encrypted_state.len); > if (rv != SECSuccess) > goto no_ticket; >+#endif > } else { > SECItem ivItem; > ivItem.data = enc_session_ticket.iv; >@@ -1347,9 +1379,11 @@ ssl3_ServerHandleSessionTicketXtn(sslSoc > sid->keaKeyBits = parsed_session_ticket->keaKeyBits; > > /* Copy master secret. */ >+#ifndef NO_PKCS11_BYPASS > if (ss->opt.bypassPKCS11 && > parsed_session_ticket->ms_is_wrapped) > goto no_ticket; >+#endif > if (parsed_session_ticket->ms_length > > sizeof(sid->u.ssl3.keys.wrapped_master_secret)) > goto no_ticket; >Index: mozilla/security/nss/lib/ssl/sslsnce.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsnce.c,v >retrieving revision 1.59 >diff -u -p -r1.59 sslsnce.c >--- mozilla/security/nss/lib/ssl/sslsnce.c 22 Oct 2011 16:45:40 -0000 1.59 >+++ mozilla/security/nss/lib/ssl/sslsnce.c 26 Jun 2012 18:21:34 -0000 >@@ -86,7 +86,12 @@ > #include "pk11func.h" > #include "base64.h" > #include "keyhi.h" >+#ifdef NO_PKCS11_BYPASS >+#include "blapit.h" >+#include "sechash.h" >+#else > #include "blapi.h" >+#endif > > #include <stdio.h> > >@@ -448,8 +453,12 @@ CacheSrvName(cacheDesc * cache, SECItem > snce.type = name->type; > snce.nameLen = name->len; > PORT_Memcpy(snce.name, name->data, snce.nameLen); >+#ifdef NO_PKCS11_BYPASS >+ HASH_HashBuf(HASH_AlgSHA256, snce.nameHash, name->data, name->len); >+#else > SHA256_HashBuf(snce.nameHash, (unsigned char*)name->data, > name->len); >+#endif > /* get index of the next name */ > ndx = Get32BitNameHash(name); > /* get lock on cert cache */ >Index: mozilla/security/nss/lib/ssl/sslsock.c >=================================================================== >RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v >retrieving revision 1.82.2.3 >diff -u -p -r1.82.2.3 sslsock.c >--- mozilla/security/nss/lib/ssl/sslsock.c 20 Apr 2012 00:37:53 -0000 1.82.2.3 >+++ mozilla/security/nss/lib/ssl/sslsock.c 26 Jun 2012 18:21:34 -0000 >@@ -49,7 +49,9 @@ > #include "sslproto.h" > #include "nspr.h" > #include "private/pprio.h" >+#ifndef NO_PKCS11_BYPASS > #include "blapi.h" >+#endif > #include "nss.h" > > #define SET_ERROR_CODE /* reminder */ >@@ -539,6 +541,7 @@ SSL_Enable(PRFileDesc *fd, int which, PR > return SSL_OptionSet(fd, which, on); > } > >+#ifndef NO_PKCS11_BYPASS > static const PRCallOnceType pristineCallOnce; > static PRCallOnceType setupBypassOnce; > >@@ -556,10 +559,16 @@ static PRStatus SSL_BypassRegisterShutdo > PORT_Assert(SECSuccess == rv); > return SECSuccess == rv ? PR_SUCCESS : PR_FAILURE; > } >+#endif > > static PRStatus SSL_BypassSetup(void) > { >+#ifdef NO_PKCS11_BYPASS >+ /* Guarantee binary compatibility */ >+ return PR_SUCCESS; >+#else > return PR_CallOnce(&setupBypassOnce, &SSL_BypassRegisterShutdown); >+#endif > } > > SECStatus >@@ -688,7 +697,11 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh > } else { > if (PR_FALSE != on) { > if (PR_SUCCESS == SSL_BypassSetup() ) { >+#ifdef NO_PKCS11_BYPASS >+ ss->opt.bypassPKCS11 = PR_FALSE; >+#else > ss->opt.bypassPKCS11 = on; >+#endif > } else { > rv = SECFailure; > } >@@ -972,7 +985,11 @@ SSL_OptionSetDefault(PRInt32 which, PRBo > case SSL_BYPASS_PKCS11: > if (PR_FALSE != on) { > if (PR_SUCCESS == SSL_BypassSetup()) { >+#ifdef NO_PKCS11_BYPASS >+ ssl_defaults.bypassPKCS11 = PR_FALSE; >+#else > ssl_defaults.bypassPKCS11 = on; >+#endif > } else { > return SECFailure; > } >@@ -2475,12 +2492,14 @@ ssl_SetDefaultsFromEnvironment(void) > SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); > } > #endif /* DEBUG */ >+#ifndef NO_PKCS11_BYPASS > ev = getenv("SSLBYPASS"); > if (ev && ev[0]) { > ssl_defaults.bypassPKCS11 = (ev[0] == '1'); > SSL_TRACE(("SSL: bypass default set to %d", \ > ssl_defaults.bypassPKCS11)); > } >+#endif /* NO_PKCS11_BYPASS */ > ev = getenv("SSLFORCELOCKS"); > if (ev && ev[0] == '1') { > ssl_force_locks = PR_TRUE;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=594623">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 806588
:
572564
|
574100
|
577475
|
584430
|
594623
|
594787
|
641885