1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 index bc54c99..1245393 100644
3 --- a/nss/lib/ssl/ssl3con.c
4 +++ b/nss/lib/ssl/ssl3con.c
5 @@ -631,8 +631,9 @@ void SSL_AtomicIncrementLong(long * x)
9 -ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite,
10 - SSL3ProtocolVersion version)
11 +ssl3_CipherSuiteAllowedForVersionRange(
12 + ssl3CipherSuite cipherSuite,
13 + const SSLVersionRange *vrange)
15 switch (cipherSuite) {
16 /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or
17 @@ -649,7 +650,9 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite,
18 * SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5: never implemented
19 * SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: never implemented
21 - return version <= SSL_LIBRARY_VERSION_TLS_1_0;
22 + return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
23 + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:
24 + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
25 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
26 case TLS_RSA_WITH_AES_256_CBC_SHA256:
27 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
28 @@ -661,7 +664,7 @@ ssl3_CipherSuiteAllowedForVersion(ssl3CipherSuite cipherSuite,
29 case TLS_RSA_WITH_AES_128_CBC_SHA256:
30 case TLS_RSA_WITH_AES_128_GCM_SHA256:
31 case TLS_RSA_WITH_NULL_SHA256:
32 - return version >= SSL_LIBRARY_VERSION_TLS_1_2;
33 + return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
37 @@ -804,7 +807,8 @@ ssl3_config_match_init(sslSocket *ss)
41 -/* return PR_TRUE if suite matches policy and enabled state */
42 +/* return PR_TRUE if suite matches policy, enabled state and is applicable to
43 + * the given version range. */
44 /* It would be a REALLY BAD THING (tm) if we ever permitted the use
45 ** of a cipher that was NOT_ALLOWED. So, if this is ever called with
46 ** policy == SSL_NOT_ALLOWED, report no match.
47 @@ -812,7 +816,8 @@ ssl3_config_match_init(sslSocket *ss)
48 /* adjust suite enabled to the availability of a token that can do the
51 -config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled)
52 +config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled,
53 + const SSLVersionRange *vrange)
55 PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE);
56 if (policy == SSL_NOT_ALLOWED || !enabled)
57 @@ -820,10 +825,13 @@ config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled)
58 return (PRBool)(suite->enabled &&
60 suite->policy != SSL_NOT_ALLOWED &&
61 - suite->policy <= policy);
62 + suite->policy <= policy &&
63 + ssl3_CipherSuiteAllowedForVersionRange(
64 + suite->cipher_suite, vrange));
67 -/* return number of cipher suites that match policy and enabled state */
68 +/* return number of cipher suites that match policy, enabled state and are
69 + * applicable for the configured protocol version range. */
70 /* called from ssl3_SendClientHello and ssl3_ConstructV2CipherSpecsHack */
72 count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
73 @@ -834,7 +842,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled)
76 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
77 - if (config_match(&ss->cipherSuites[i], policy, enabled))
78 + if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange))
82 @@ -5294,7 +5302,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
84 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
85 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
86 - if (config_match(suite, ss->ssl3.policy, PR_TRUE)) {
87 + if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) {
89 if (actual_count > num_suites) {
90 /* set error card removal/insertion error */
91 @@ -6359,15 +6367,19 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
92 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
93 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
94 if (temp == suite->cipher_suite) {
95 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE)) {
96 + SSLVersionRange vrange = {ss->version, ss->version};
97 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
98 + /* config_match already checks whether the cipher suite is
99 + * acceptable for the version, but the check is repeated here
100 + * in order to give a more precise error code. */
101 + if (!ssl3_CipherSuiteAllowedForVersionRange(temp, &vrange)) {
102 + desc = handshake_failure;
103 + errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION;
109 - if (!ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite,
111 - desc = handshake_failure;
112 - errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION;
116 suite_found = PR_TRUE;
118 @@ -8008,6 +8020,9 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
121 ssl3CipherSuiteCfg *suite;
123 + SSLVersionRange vrange = {ss->version, ss->version};
126 /* Check that the cached compression method is still enabled. */
127 if (!compressionEnabled(ss, sid->u.ssl3.compression))
128 @@ -8036,7 +8051,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
129 * The product policy won't change during the process lifetime.
130 * Implemented ("isPresent") shouldn't change for servers.
132 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE))
133 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange))
137 @@ -8084,9 +8099,8 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
139 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
140 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
141 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) ||
142 - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite,
144 + SSLVersionRange vrange = {ss->version, ss->version};
145 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
148 for (i = 0; i + 1 < suites.len; i += 2) {
149 @@ -8619,9 +8633,8 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
151 for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
152 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
153 - if (!config_match(suite, ss->ssl3.policy, PR_TRUE) ||
154 - !ssl3_CipherSuiteAllowedForVersion(suite->cipher_suite,
156 + SSLVersionRange vrange = {ss->version, ss->version};
157 + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) {
160 for (i = 0; i+2 < suite_length; i += 3) {
161 @@ -12324,7 +12337,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size)
162 /* ssl3_config_match_init was called by the caller of this function. */
163 for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
164 ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
165 - if (config_match(suite, SSL_ALLOWED, PR_TRUE)) {
166 + if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) {
169 *cs++ = (suite->cipher_suite >> 8) & 0xFF;