net/third_party/nss/ssl/sslinfo.c - Issue 7493056: net: allow SSL secrets to be exported sooner.

Unified Diff: net/third_party/nss/ssl/sslinfo.c

Issue 7493056: net: allow SSL secrets to be exported sooner. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/ssl/sslinfo.c

diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c

index 9a58b4d3b9174443c01b2845c49b2ddfbb54e43d..a707395ec48f6a4267964dfaa1a2da8aac52e583 100644

--- a/net/third_party/nss/ssl/sslinfo.c

+++ b/net/third_party/nss/ssl/sslinfo.c

@@ -39,7 +39,6 @@

#include "ssl.h"

#include "sslimpl.h"

#include "sslproto.h"

-#include "pk11func.h"

static const char *

ssl_GetCompressionMethodName(SSLCompressionMethod compression)

@@ -318,12 +317,14 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)

return PR_FALSE;

}

-/* Export keying material according to draft-ietf-tls-extractor-06.

+/* Export keying material according to RFC 5705.

** fd must correspond to a TLS 1.0 or higher socket, out must

** be already allocated.

SECStatus

-SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,

+SSL_ExportKeyingMaterial(PRFileDesc *fd,

+ const char *label,

+ unsigned int labelLen,

const unsigned char *context,

unsigned int contextLen,

unsigned char *out,

@@ -346,11 +347,6 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,

return SECFailure;

}

- if (ss->ssl3.hs.ws != idle_handshake) {

- PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

- return SECFailure;

- }

valLen = SSL3_RANDOM_LENGTH * 2;

if (contextLen > 0)

valLen += 2 /* uint16 length */ + contextLen;

@@ -371,11 +367,16 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,

PORT_Assert(i == valLen);

ssl_GetSpecReadLock(ss);

- rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);

+ if (ss->ssl3.cwSpec->master_secret == NULL) {

wtc 2011/07/25 17:31:13 I'd like to doublecheck this ss->ssl3.cwSpec->mast

wtc 2011/07/25 18:51:22 I checked this test again. There are two possible

agl 2011/07/26 13:50:04 Done.

+ PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);

+ rv = SECFailure;

+ } else {

+ rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,

+ valLen, out, outLen);

+ }

ssl_ReleaseSpecReadLock(ss);

- if (val != NULL)

- PORT_ZFree(val, valLen);

+ PORT_ZFree(val, valLen);

return rv;

}

« net/third_party/nss/ssl/ssl.h ('K') | « net/third_party/nss/ssl/ssl3con.c ('k') | no next file » | no next file with comments »