net/third_party/nss/ssl/ssl3con.c - Issue 7464031: net: add NSS support for RFC 5705

Unified Diff: net/third_party/nss/ssl/ssl3con.c

Issue 7464031: net: add NSS support for RFC 5705 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: net/third_party/nss/ssl/ssl3con.c

diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c

index c39b8f8899ff43b7ae744095ac5b741c9c7ee6d6..dee55559c9e07f0e97361ad33acf675e0bf920ff 100644

--- a/net/third_party/nss/ssl/ssl3con.c

+++ b/net/third_party/nss/ssl/ssl3con.c

@@ -8442,18 +8442,17 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)

return rv;

}

-static SECStatus

-ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,

- PRBool isServer,

- const SSL3Finished * hashes,

- TLSFinished * tlsFinished)

+/* The calling function must acquire and release the appropriate lock (i.e.,

+ * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any

+ * label must already be concatenated onto the beginning of val.

+ */

+SECStatus

+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,

+ unsigned int labelLen, const unsigned char *val, unsigned int valLen,

+ unsigned char *out, unsigned int outLen)

{

- const char * label;

- unsigned int len;

- SECStatus rv;

- label = isServer ? "server finished" : "client finished";

- len = 15;

+ SECStatus rv = SECSuccess;

+ unsigned int retLen;

wtc 2011/07/21 19:56:16 Move retLen into the if block, at line 8458.

agl 2011/07/22 14:05:40 Done.

if (spec->master_secret && !spec->bypassCiphers) {

SECItem param = {siBuffer, NULL, 0};

@@ -8464,11 +8463,11 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,

return SECFailure;

rv = PK11_DigestBegin(prf_context);

- rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len);

- rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes);

- rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data,

- &len, sizeof tlsFinished->verify_data);

- PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished);

+ rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);

+ rv |= PK11_DigestOp(prf_context, val, valLen);

+ rv |= PK11_DigestFinal(prf_context, out,

+ &retLen, outLen);

+ PORT_Assert(rv != SECSuccess || retLen == outLen);

PK11_DestroyContext(prf_context, PR_TRUE);

} else {

@@ -8477,17 +8476,34 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,

SECItem outData = { siBuffer, };

PRBool isFIPS = PR_FALSE;

- inData.data = (unsigned char *)hashes->md5;

- inData.len = sizeof hashes[0];

- outData.data = tlsFinished->verify_data;

- outData.len = sizeof tlsFinished->verify_data;

+ inData.data = (unsigned char *) val;

+ inData.len = valLen;

+ outData.data = out;

+ outData.len = outLen;

rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);

- PORT_Assert(rv != SECSuccess || \

- outData.len == sizeof tlsFinished->verify_data);

+ PORT_Assert(rv != SECSuccess || outData.len == outLen);

}

return rv;

}

+static SECStatus

+ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,

+ PRBool isServer,

+ const SSL3Finished * hashes,

+ TLSFinished * tlsFinished)

+ const char * label;

+ SECStatus rv;

+ label = isServer ? "server finished" : "client finished";

wtc 2011/07/21 19:56:16 Nit: use an unsigned int len local variable and se

agl 2011/07/22 14:05:40 Done.

+ rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5,

+ sizeof *hashes, tlsFinished->verify_data,

+ sizeof tlsFinished->verify_data);

+ return rv;

/* called from ssl3_HandleServerHelloDone

static SECStatus

« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | net/third_party/nss/ssl/sslinfo.c » ('J')