1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index ce92cf1..c5cb1eb 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -33,6 +33,15 @@
#include "blapi.h"
#endif
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256
+#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
#include <stdio.h>
#ifdef NSS_ENABLE_ZLIB
#include "zlib.h"
diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
index 6d89bbe..cf8e741 100644
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -31,6 +31,12 @@
#include <stdio.h>
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
#ifndef NSS_DISABLE_ECC
#ifndef PK11_SETATTRS
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index c9a4493..6d700a7 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -17,9 +17,16 @@
#ifndef NO_PKCS11_BYPASS
#include "blapi.h"
#endif
+#include "pk11pub.h"
#include "nss.h"
#include "pk11pqg.h"
+/* This is a bodge to allow this code to be compiled against older NSS headers
+ * that don't contain the TLS 1.2 changes. */
+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+#endif
+
#define SET_ERROR_CODE /* reminder */
static const sslSocketOps ssl_default_ops = { /* No SSL. */
@@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
return SECSuccess;
}
+static PRCallOnceType checkTLS12TokenOnce;
+static PRBool tls12TokenExists;
+
+static PRStatus
+ssl_CheckTLS12Token(void)
+{
+ tls12TokenExists =
+ PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
+ return PR_SUCCESS;
+}
+
+static PRBool
+ssl_TLS12TokenExists(void)
+{
+ (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
+ return tls12TokenExists;
+}
+
SECStatus
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
{
@@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
ssl_GetSSL3HandshakeLock(ss);
ss->vrange = *vrange;
+ /* If we don't have a sufficiently up-to-date softoken then we cannot do
+ * TLS 1.2. */
+ if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
+ !ssl_TLS12TokenExists()) {
+ /* If the user requested a minimum version of 1.2, then we don't
+ * silently downgrade. */
+ if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ ssl_ReleaseSSL3HandshakeLock(ss);
+ ssl_Release1stHandshakeLock(ss);
+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ return SECFailure;
+ }
+ ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
+ }
ssl_ReleaseSSL3HandshakeLock(ss);
ssl_Release1stHandshakeLock(ss);
|
