Bug 571722: merge with the "Implement SSL Version Range API [v5]" pat…

…ch by

Brian Smith <bsmith@mozilla.com>.  Comment changes only.  Export
SSL_VersionRangeGetDefault, SSL_VersionRangeGetSupported, and
SSL_VersionRangeSetDefault.  r=wtc.
Modified Files:
	ssl.def ssl.h ssl3con.c sslcon.c sslimpl.h sslsock.c

security/nss/lib/ssl/ssl.def

@@ -177,7 +177,10 @@ SSL_AuthCertificateComplete;
 ;+    global:
 SSL_ExportKeyingMaterial;
 SSL_VersionRangeGet;
+SSL_VersionRangeGetDefault;
+SSL_VersionRangeGetSupported;
 SSL_VersionRangeSet;
+SSL_VersionRangeSetDefault;
 ;+    local:
 ;+*;
 ;+};

security/nss/lib/ssl/ssl.h

@@ -100,11 +100,13 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
                                		  /* (off by default) */
 #define SSL_HANDSHAKE_AS_SERVER		6 /* force connect to hs as server */
                                		  /* (off by default) */
+
+/* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
 #define SSL_ENABLE_SSL2			7 /* enable ssl v2 (off by default) */
 
 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
- * description of the non-obvious semantics of using SSL_ENABLE_SSL3.
- */
+** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
+*/
 #define SSL_ENABLE_SSL3		        8 /* enable ssl v3 (on by default) */
 
 #define SSL_NO_CACHE		        9 /* don't use the session cache */
@@ -113,12 +115,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
                                           /* by default) */
 #define SSL_ENABLE_FDX                 11 /* permit simultaneous read/write */
                                           /* (off by default) */
+
+/* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
+** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
+** removed soon.
+*/
 #define SSL_V2_COMPATIBLE_HELLO        12 /* send v3 client hello in v2 fmt */
                                           /* (off by default) */
 
 /* OBSOLETE: See "SSL Version Range API" below for the replacement and a
- * description of the non-obvious semantics of using SSL_ENABLE_TLS.
- */
+** description of the non-obvious semantics of using SSL_ENABLE_TLS.
+*/
 #define SSL_ENABLE_TLS		       13 /* enable TLS (on by default) */
 
 #define SSL_ROLLBACK_DETECTION         14 /* for compatibility, default: on */
@@ -273,8 +280,8 @@ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
 ** This API should be used to control SSL 3.0 & TLS support instead of the
 ** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
 ** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
-** enabled by default. Future versions may change which versions of the
-** protocol are enabled by default.
+** enabled by default. Future versions of libssl may change which versions of
+** the protocol are enabled by default.
 **
 ** The SSLProtocolVariant enum indicates whether the protocol is of type
 ** stream or datagram. This must be provided to the functions that do not
@@ -285,23 +292,31 @@ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
 ** SSL_OptionSet-based API for controlling the enabled protocol versions may
 ** cause unexpected results. Going forward, we guarantee only the following:
 **
+** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
+** are enabled.
+**
 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
 ** including TLS 1.0 and later.
 **
+** The above two properties provide compatibility for applications that use
+** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
+**
 ** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
-** enable some later versions of TLS. For example, if TLS 1.2 is enabled at the
-** time the call is made, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE),
-** TLS 1.0, TLS 1.1, and TLS 1.2 will be enabled, and the call will have no
-** effect on whether SSL 3.0 is enabled. If no later versions of TLS are
-** enabled at the time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then
-** no later versions of TLS will be enabled by the call.
+** enable some later versions of TLS, if it is necessary to do so in order to
+** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
+** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
+** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
+** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
+** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
+** versions of TLS will be enabled by the call.
 **
 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
 ** change the set of TLS versions that are enabled.
 **
 ** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
 ** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
-** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works.
+** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
+** order to keep the set of enabled versions contiguous.
 */
 
 /* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the

security/nss/lib/ssl/ssl3con.c

@@ -773,8 +773,12 @@ Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
  * SSL3 Utility functions
  */
 
-/* If allowLargerPeerVersion is true, peerVersion is the peer's max version
- * and is allowed to be larger than our max version.
+/* allowLargerPeerVersion controls whether the function will select the
+ * highest enabled SSL version or fail when peerVersion is greater than the
+ * highest enabled version.
+ *
+ * If allowLargerPeerVersion is true, peerVersion is the peer's highest
+ * enabled version rather than the peer's selected version.
  */
 SECStatus
 ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,

security/nss/lib/ssl/sslcon.c

@@ -3111,7 +3111,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
     PORT_Assert(sid != NULL);
 
     if ((sid->version >= SSL_LIBRARY_VERSION_3_0 || !ss->opt.v2CompatibleHello) &&
-        !SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+	!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange)) {
 	ss->gs.state      = GS_INIT;
 	ss->handshake     = ssl_GatherRecord1stHandshake;
 

security/nss/lib/ssl/sslimpl.h

@@ -324,8 +324,8 @@ typedef struct sslOptionsStr {
     unsigned int handshakeAsClient	: 1;  /*  6 */
     unsigned int handshakeAsServer	: 1;  /*  7 */
     unsigned int enableSSL2		: 1;  /*  8 */
-    unsigned int unused9		: 1;  /*  9 */
-    unsigned int unused10		: 1;  /* 10 */
+    unsigned int unusedBit9		: 1;  /*  9 */
+    unsigned int unusedBit10		: 1;  /* 10 */
     unsigned int noCache		: 1;  /* 11 */
     unsigned int fdx			: 1;  /* 12 */
     unsigned int v2CompatibleHello	: 1;  /* 13 */

security/nss/lib/ssl/sslsock.c

@@ -171,8 +171,8 @@ static sslOptions ssl_defaults = {
     PR_FALSE,	/* handshakeAsClient  */
     PR_FALSE,	/* handshakeAsServer  */
     PR_FALSE,	/* enableSSL2         */ /* now defaults to off in NSS 3.13 */
-    PR_FALSE,	/* unused9            */
-    PR_FALSE, 	/* unused10           */
+    PR_FALSE,	/* unusedBit9         */
+    PR_FALSE, 	/* unusedBit10        */
     PR_FALSE,	/* noCache            */
     PR_FALSE,	/* fdx                */
     PR_FALSE,	/* v2CompatibleHello  */ /* now defaults to off in NSS 3.13 */
@@ -623,7 +623,7 @@ ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
 	vrange->min = SSL_LIBRARY_VERSION_3_0;
    } else {
 	/* Disable SSL 3.0, leaving TLS unaffected. */
-	if (vrange->max != SSL_LIBRARY_VERSION_3_0) {
+	if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
 	    vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
 	} else {
 	    /* Only SSL 3.0 was enabled, so now no versions are. */