From f4a12fc67689a830e9da1c87fd11afe5bc09deb3 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 2 Jan 2020 21:06:40 +0100 Subject: Issue #1338 - Part 2: Update NSS to 3.48-RTM --- security/nss/cpputil/freebl_scoped_ptrs.h | 33 +++++++++++++++++++++++++ security/nss/cpputil/nss_scoped_ptrs.h | 40 +++++++++++++++++++++---------- security/nss/cpputil/scoped_ptrs_smime.h | 34 ++++++++++++++++++++++++++ security/nss/cpputil/scoped_ptrs_ssl.h | 6 +++++ security/nss/cpputil/scoped_ptrs_util.h | 6 +++++ security/nss/cpputil/tls_parser.h | 29 ++++++++++++++++++++++ 6 files changed, 135 insertions(+), 13 deletions(-) create mode 100644 security/nss/cpputil/freebl_scoped_ptrs.h create mode 100644 security/nss/cpputil/scoped_ptrs_smime.h (limited to 'security/nss/cpputil') diff --git a/security/nss/cpputil/freebl_scoped_ptrs.h b/security/nss/cpputil/freebl_scoped_ptrs.h new file mode 100644 index 000000000..2f21ca903 --- /dev/null +++ b/security/nss/cpputil/freebl_scoped_ptrs.h @@ -0,0 +1,33 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef freebl_scoped_ptrs_h__ +#define freebl_scoped_ptrs_h__ + +#include +#include "blapi.h" + +struct ScopedDelete { + void operator()(CMACContext* ctx) { CMAC_Destroy(ctx, PR_TRUE); } +}; + +template +struct ScopedMaybeDelete { + void operator()(T* ptr) { + if (ptr) { + ScopedDelete del; + del(ptr); + } + } +}; + +#define SCOPED(x) typedef std::unique_ptr > Scoped##x + +SCOPED(CMACContext); + +#undef SCOPED + +#endif // freebl_scoped_ptrs_h__ diff --git a/security/nss/cpputil/nss_scoped_ptrs.h b/security/nss/cpputil/nss_scoped_ptrs.h index 03979f2c5..501f9dfe8 100644 --- a/security/nss/cpputil/nss_scoped_ptrs.h +++ b/security/nss/cpputil/nss_scoped_ptrs.h @@ -11,21 +11,30 @@ #include "cert.h" #include "keyhi.h" #include "p12.h" +#include "pk11pqg.h" #include "pk11pub.h" #include "pkcs11uri.h" +#include "secmod.h" struct ScopedDelete { void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); } void operator()(CERTCertificateList* list) { CERT_DestroyCertificateList(list); } + void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); } void operator()(CERTName* name) { CERT_DestroyName(name); } void operator()(CERTCertList* list) { CERT_DestroyCertList(list); } void operator()(CERTSubjectPublicKeyInfo* spki) { SECKEY_DestroySubjectPublicKeyInfo(spki); } + void operator()(PK11Context* context) { PK11_DestroyContext(context, true); } + void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); } void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); } + void operator()(PK11SlotList* slots) { PK11_FreeSlotList(slots); } void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); } + void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); } + void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); } + void operator()(PQGParams* pqg) { PK11_PQG_DestroyParams(pqg); } void operator()(PRFileDesc* fd) { PR_Close(fd); } void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); } void operator()(SECKEYEncryptedPrivateKeyInfo* e) { @@ -37,14 +46,10 @@ struct ScopedDelete { void operator()(SECKEYPrivateKeyList* list) { SECKEY_DestroyPrivateKeyList(list); } - void operator()(PK11URI* uri) { PK11URI_DestroyURI(uri); } - void operator()(PLArenaPool* arena) { PORT_FreeArena(arena, PR_FALSE); } - void operator()(PK11Context* context) { PK11_DestroyContext(context, true); } - void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); } + void operator()(SECMODModule* module) { SECMOD_DestroyModule(module); } void operator()(SEC_PKCS12DecoderContext* dcx) { SEC_PKCS12DecoderFinish(dcx); } - void operator()(CERTDistNames* names) { CERT_FreeDistNames(names); } }; template @@ -59,27 +64,36 @@ struct ScopedMaybeDelete { #define SCOPED(x) typedef std::unique_ptr > Scoped##x +SCOPED(CERTCertList); SCOPED(CERTCertificate); SCOPED(CERTCertificateList); -SCOPED(CERTCertList); +SCOPED(CERTDistNames); SCOPED(CERTName); SCOPED(CERTSubjectPublicKeyInfo); +SCOPED(PK11Context); +SCOPED(PK11GenericObject); SCOPED(PK11SlotInfo); +SCOPED(PK11SlotList); SCOPED(PK11SymKey); +SCOPED(PK11URI); +SCOPED(PLArenaPool); +SCOPED(PQGParams); SCOPED(PRFileDesc); SCOPED(SECAlgorithmID); -SCOPED(SECKEYEncryptedPrivateKeyInfo); SCOPED(SECItem); -SCOPED(SECKEYPublicKey); +SCOPED(SECKEYEncryptedPrivateKeyInfo); SCOPED(SECKEYPrivateKey); SCOPED(SECKEYPrivateKeyList); -SCOPED(PK11URI); -SCOPED(PLArenaPool); -SCOPED(PK11Context); -SCOPED(PK11GenericObject); +SCOPED(SECKEYPublicKey); +SCOPED(SECMODModule); SCOPED(SEC_PKCS12DecoderContext); -SCOPED(CERTDistNames); #undef SCOPED +struct StackSECItem : public SECItem { + StackSECItem() : SECItem({siBuffer, nullptr, 0}) {} + ~StackSECItem() { Reset(); } + void Reset() { SECITEM_FreeItem(this, PR_FALSE); } +}; + #endif // nss_scoped_ptrs_h__ diff --git a/security/nss/cpputil/scoped_ptrs_smime.h b/security/nss/cpputil/scoped_ptrs_smime.h new file mode 100644 index 000000000..fc235f7eb --- /dev/null +++ b/security/nss/cpputil/scoped_ptrs_smime.h @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef scoped_ptrs_smime_h__ +#define scoped_ptrs_smime_h__ + +#include +#include "smime.h" + +struct ScopedDeleteSmime { + void operator()(NSSCMSMessage* id) { NSS_CMSMessage_Destroy(id); } +}; + +template +struct ScopedMaybeDeleteSmime { + void operator()(T* ptr) { + if (ptr) { + ScopedDeleteSmime del; + del(ptr); + } + } +}; + +#define SCOPED(x) \ + typedef std::unique_ptr > Scoped##x + +SCOPED(NSSCMSMessage); + +#undef SCOPED + +#endif // scoped_ptrs_smime_h__ diff --git a/security/nss/cpputil/scoped_ptrs_ssl.h b/security/nss/cpputil/scoped_ptrs_ssl.h index 7eeae8f8f..474187540 100644 --- a/security/nss/cpputil/scoped_ptrs_ssl.h +++ b/security/nss/cpputil/scoped_ptrs_ssl.h @@ -11,6 +11,10 @@ #include "sslexp.h" struct ScopedDeleteSSL { + void operator()(SSLAeadContext* ctx) { SSL_DestroyAead(ctx); } + void operator()(SSLAntiReplayContext* ctx) { + SSL_ReleaseAntiReplayContext(ctx); + } void operator()(SSLResumptionTokenInfo* token) { SSL_DestroyResumptionTokenInfo(token); } @@ -28,6 +32,8 @@ struct ScopedMaybeDeleteSSL { #define SCOPED(x) typedef std::unique_ptr > Scoped##x +SCOPED(SSLAeadContext); +SCOPED(SSLAntiReplayContext); SCOPED(SSLResumptionTokenInfo); #undef SCOPED diff --git a/security/nss/cpputil/scoped_ptrs_util.h b/security/nss/cpputil/scoped_ptrs_util.h index 2dbf34e1d..d0a42ee0b 100644 --- a/security/nss/cpputil/scoped_ptrs_util.h +++ b/security/nss/cpputil/scoped_ptrs_util.h @@ -33,7 +33,13 @@ struct ScopedMaybeDelete { SCOPED(SECAlgorithmID); SCOPED(SECItem); SCOPED(PK11URI); +SCOPED(PLArenaPool); #undef SCOPED +struct StackSECItem : public SECItem { + StackSECItem() : SECItem({siBuffer, nullptr, 0}) {} + ~StackSECItem() { SECITEM_FreeItem(this, PR_FALSE); } +}; + #endif // scoped_ptrs_util_h__ diff --git a/security/nss/cpputil/tls_parser.h b/security/nss/cpputil/tls_parser.h index cd9e28fc3..05dd99fc8 100644 --- a/security/nss/cpputil/tls_parser.h +++ b/security/nss/cpputil/tls_parser.h @@ -31,6 +31,7 @@ const uint8_t kTlsHandshakeCertificateRequest = 13; const uint8_t kTlsHandshakeCertificateVerify = 15; const uint8_t kTlsHandshakeClientKeyExchange = 16; const uint8_t kTlsHandshakeFinished = 20; +const uint8_t kTlsHandshakeKeyUpdate = 24; const uint8_t kTlsAlertWarning = 1; const uint8_t kTlsAlertFatal = 2; @@ -47,11 +48,13 @@ const uint8_t kTlsAlertIllegalParameter = 47; const uint8_t kTlsAlertDecodeError = 50; const uint8_t kTlsAlertDecryptError = 51; const uint8_t kTlsAlertProtocolVersion = 70; +const uint8_t kTlsAlertInsufficientSecurity = 71; const uint8_t kTlsAlertInternalError = 80; const uint8_t kTlsAlertInappropriateFallback = 86; const uint8_t kTlsAlertMissingExtension = 109; const uint8_t kTlsAlertUnsupportedExtension = 110; const uint8_t kTlsAlertUnrecognizedName = 112; +const uint8_t kTlsAlertCertificateRequired = 116; const uint8_t kTlsAlertNoApplicationProtocol = 120; const uint8_t kTlsFakeChangeCipherSpec[] = { @@ -80,6 +83,32 @@ inline std::ostream& operator<<(std::ostream& os, SSLProtocolVariant v) { return os << ((v == ssl_variant_stream) ? "TLS" : "DTLS"); } +inline std::ostream& operator<<(std::ostream& os, SSLContentType v) { + switch (v) { + case ssl_ct_change_cipher_spec: + return os << "CCS"; + case ssl_ct_alert: + return os << "alert"; + case ssl_ct_handshake: + return os << "handshake"; + case ssl_ct_application_data: + return os << "application data"; + case ssl_ct_ack: + return os << "ack"; + } + return os << "UNKNOWN content type " << static_cast(v); +} + +inline std::ostream& operator<<(std::ostream& os, SSLSecretDirection v) { + switch (v) { + case ssl_secret_read: + return os << "read"; + case ssl_secret_write: + return os << "write"; + } + return os << "UNKNOWN secret direction " << static_cast(v); +} + inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; } inline uint16_t NormalizeTlsVersion(uint16_t version) { -- cgit v1.2.3