| blob | 0cf49a1edc23da711944ac106c819d2690b92e10 |
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 --- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800
3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800
4 @@ -8,6 +8,7 @@
6 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
8 +#define _GNU_SOURCE 1
9 #include "cert.h"
10 #include "ssl.h"
11 #include "cryptohi.h" /* for DSAU_ stuff */
12 @@ -44,6 +45,9 @@
13 #ifdef NSS_ENABLE_ZLIB
14 #include "zlib.h"
15 #endif
16 +#ifdef LINUX
17 +#include <dlfcn.h>
18 +#endif
20 #ifndef PK11_SETATTRS
21 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
22 @@ -1842,6 +1846,63 @@ ssl3_BuildRecordPseudoHeader(unsigned ch
23 return 13;
24 }
26 +typedef SECStatus (*PK11CryptFcn)(
27 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param,
28 + unsigned char *out, unsigned int *outLen, unsigned int maxLen,
29 + const unsigned char *in, unsigned int inLen);
30 +
31 +static PK11CryptFcn pk11_encrypt = NULL;
32 +static PK11CryptFcn pk11_decrypt = NULL;
33 +
34 +static PRCallOnceType resolvePK11CryptOnce;
35 +
36 +static PRStatus
37 +ssl3_ResolvePK11CryptFunctions(void)
38 +{
39 +#ifdef LINUX
40 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and
41 + * PK11_Decrypt functions at run time. */
42 + pk11_encrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Encrypt");
43 + pk11_decrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Decrypt");
44 + return PR_SUCCESS;
45 +#else
46 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and
47 + * PK11_Decrypt are known to be available. */
48 + pk11_encrypt = PK11_Encrypt;
49 + pk11_decrypt = PK11_Decrypt;
50 + return PR_SUCCESS;
51 +#endif
52 +}
53 +
54 +/*
55 + * In NSS 3.15, PK11_Encrypt and PK11_Decrypt were added to provide access
56 + * to the AES GCM implementation in the NSS softoken. So the presence of
57 + * these two functions implies the NSS version supports AES GCM.
58 + */
59 +static PRBool
60 +ssl3_HasGCMSupport(void)
61 +{
62 + (void)PR_CallOnce(&resolvePK11CryptOnce, ssl3_ResolvePK11CryptFunctions);
63 + return pk11_encrypt != NULL;
64 +}
65 +
66 +/* On this socket, disable the GCM cipher suites */
67 +SECStatus
68 +ssl3_DisableGCMSuites(sslSocket * ss)
69 +{
70 + unsigned int i;
71 +
72 + for (i = 0; i < PR_ARRAY_SIZE(cipher_suite_defs); i++) {
73 + const ssl3CipherSuiteDef *cipher_def = &cipher_suite_defs[i];
74 + if (cipher_def->bulk_cipher_alg == cipher_aes_128_gcm) {
75 + SECStatus rv = ssl3_CipherPrefSet(ss, cipher_def->cipher_suite,
76 + PR_FALSE);
77 + PORT_Assert(rv == SECSuccess); /* else is coding error */
78 + }
79 + }
80 + return SECSuccess;
81 +}
82 +
83 static SECStatus
84 ssl3_AESGCM(ssl3KeyMaterial *keys,
85 PRBool doDecrypt,
86 @@ -1893,10 +1960,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
87 gcmParams.ulTagBits = tagSize * 8;
89 if (doDecrypt) {
90 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
91 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
92 maxout, in, inlen);
93 } else {
94 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
95 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen,
96 maxout, in, inlen);
97 }
98 *outlen += (int) uOutLen;
99 @@ -5103,6 +5170,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
100 ssl3_DisableNonDTLSSuites(ss);
101 }
103 + if (!ssl3_HasGCMSupport()) {
104 + ssl3_DisableGCMSuites(ss);
105 + }
106 +
107 /* how many suites are permitted by policy and user preference? */
108 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
109 if (!num_suites) {
110 @@ -8080,6 +8151,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS
111 ssl3_DisableNonDTLSSuites(ss);
112 }
114 + if (!ssl3_HasGCMSupport()) {
115 + ssl3_DisableGCMSuites(ss);
116 + }
117 +
118 #ifdef PARANOID
119 /* Look for a matching cipher suite. */
120 j = ssl3_config_match_init(ss);