| blob | 6172a0928a481910822ec96cb73ce0cc6156662f |
1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
2 index 1167d6d..dabe333 100644
3 --- a/ssl/ssl3con.c
4 +++ b/ssl/ssl3con.c
5 @@ -8,6 +8,7 @@
7 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
9 +#define _GNU_SOURCE 1
10 #include "cert.h"
11 #include "ssl.h"
12 #include "cryptohi.h" /* for DSAU_ stuff */
13 @@ -44,6 +45,9 @@
14 #ifdef NSS_ENABLE_ZLIB
15 #include "zlib.h"
16 #endif
17 +#ifdef LINUX
18 +#include <dlfcn.h>
19 +#endif
21 #ifndef PK11_SETATTRS
22 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
23 @@ -1874,6 +1878,63 @@ ssl3_BuildRecordPseudoHeader(unsigned char *out,
24 return 13;
25 }
27 +typedef SECStatus (*PK11CryptFcn)(
28 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param,
29 + unsigned char *out, unsigned int *outLen, unsigned int maxLen,
30 + const unsigned char *in, unsigned int inLen);
31 +
32 +static PK11CryptFcn pk11_encrypt = NULL;
33 +static PK11CryptFcn pk11_decrypt = NULL;
34 +
35 +static PRCallOnceType resolvePK11CryptOnce;
36 +
37 +static PRStatus
38 +ssl3_ResolvePK11CryptFunctions(void)
39 +{
40 +#ifdef LINUX
41 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and
42 + * PK11_Decrypt functions at run time. */
43 + pk11_encrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Encrypt");
44 + pk11_decrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Decrypt");
45 + return PR_SUCCESS;
46 +#else
47 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and
48 + * PK11_Decrypt are known to be available. */
49 + pk11_encrypt = PK11_Encrypt;
50 + pk11_decrypt = PK11_Decrypt;
51 + return PR_SUCCESS;
52 +#endif
53 +}
54 +
55 +/*
56 + * In NSS 3.15, PK11_Encrypt and PK11_Decrypt were added to provide access
57 + * to the AES GCM implementation in the NSS softoken. So the presence of
58 + * these two functions implies the NSS version supports AES GCM.
59 + */
60 +static PRBool
61 +ssl3_HasGCMSupport(void)
62 +{
63 + (void)PR_CallOnce(&resolvePK11CryptOnce, ssl3_ResolvePK11CryptFunctions);
64 + return pk11_encrypt != NULL;
65 +}
66 +
67 +/* On this socket, disable the GCM cipher suites */
68 +SECStatus
69 +ssl3_DisableGCMSuites(sslSocket * ss)
70 +{
71 + unsigned int i;
72 +
73 + for (i = 0; i < PR_ARRAY_SIZE(cipher_suite_defs); i++) {
74 + const ssl3CipherSuiteDef *cipher_def = &cipher_suite_defs[i];
75 + if (cipher_def->bulk_cipher_alg == cipher_aes_128_gcm) {
76 + SECStatus rv = ssl3_CipherPrefSet(ss, cipher_def->cipher_suite,
77 + PR_FALSE);
78 + PORT_Assert(rv == SECSuccess); /* else is coding error */
79 + }
80 + }
81 + return SECSuccess;
82 +}
83 +
84 static SECStatus
85 ssl3_AESGCM(ssl3KeyMaterial *keys,
86 PRBool doDecrypt,
87 @@ -1925,10 +1986,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
88 gcmParams.ulTagBits = tagSize * 8;
90 if (doDecrypt) {
91 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
92 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
93 maxout, in, inlen);
94 } else {
95 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
96 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
97 maxout, in, inlen);
98 }
99 *outlen += (int) uOutLen;
100 @@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
101 ssl3_DisableNonDTLSSuites(ss);
102 }
104 + if (!ssl3_HasGCMSupport()) {
105 + ssl3_DisableGCMSuites(ss);
106 + }
107 +
108 /* how many suites are permitted by policy and user preference? */
109 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
110 if (!num_suites) {
111 @@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
112 ssl3_DisableNonDTLSSuites(ss);
113 }
115 + if (!ssl3_HasGCMSupport()) {
116 + ssl3_DisableGCMSuites(ss);
117 + }
118 +
119 #ifdef PARANOID
120 /* Look for a matching cipher suite. */
121 j = ssl3_config_match_init(ss);