Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(506)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 9663043: Add a boolean |had_context| argument to the TLS ExportKeyingMaterial (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Make suggested changes, add patch file Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | remoting/protocol/auth_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 8466 matching lines...) Expand 10 before | Expand all | Expand 10 after
8477 rv = SECSuccess; 8477 rv = SECSuccess;
8478 } 8478 }
8479 8479
8480 done: 8480 done:
8481 ssl_ReleaseSSL3HandshakeLock(ss); 8481 ssl_ReleaseSSL3HandshakeLock(ss);
8482 ssl_ReleaseRecvBufLock(ss); 8482 ssl_ReleaseRecvBufLock(ss);
8483 8483
8484 return rv; 8484 return rv;
8485 } 8485 }
8486 8486
8487 /* The calling function must acquire and release the appropriate lock (i.e., 8487 /* The calling function must acquire and release the appropriate
8488 * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any 8488 * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
8489 * label must already be concatenated onto the beginning of val. 8489 * ss->ssl3.crSpec).
8490 */ 8490 */
8491 SECStatus 8491 SECStatus
8492 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, 8492 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
8493 unsigned int labelLen, const unsigned char *val, unsigned int valLen, 8493 unsigned int labelLen, const unsigned char *val, unsigned int valLen,
8494 unsigned char *out, unsigned int outLen) 8494 unsigned char *out, unsigned int outLen)
8495 { 8495 {
8496 SECStatus rv = SECSuccess; 8496 SECStatus rv = SECSuccess;
8497 8497
8498 if (spec->master_secret && !spec->bypassCiphers) { 8498 if (spec->master_secret && !spec->bypassCiphers) {
8499 SECItem param = {siBuffer, NULL, 0}; 8499 SECItem param = {siBuffer, NULL, 0};
8500 PK11Context *prf_context = 8500 PK11Context *prf_context =
8501 PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, 8501 PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN,
8502 spec->master_secret, &param); 8502 spec->master_secret, &param);
8503 unsigned int retLen; 8503 unsigned int retLen;
8504 8504
8505 if (!prf_context) 8505 if (!prf_context)
8506 return SECFailure; 8506 return SECFailure;
8507 8507
8508 rv = PK11_DigestBegin(prf_context); 8508 rv = PK11_DigestBegin(prf_context);
8509 rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); 8509 rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
8510 rv |= PK11_DigestOp(prf_context, val, valLen); 8510 rv |= PK11_DigestOp(prf_context, val, valLen);
8511 » rv |= PK11_DigestFinal(prf_context, out, 8511 » rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
8512 » » » &retLen, outLen);
8513 PORT_Assert(rv != SECSuccess || retLen == outLen); 8512 PORT_Assert(rv != SECSuccess || retLen == outLen);
8514 8513
8515 PK11_DestroyContext(prf_context, PR_TRUE); 8514 PK11_DestroyContext(prf_context, PR_TRUE);
8516 } else { 8515 } else {
8517 /* bypass PKCS11 */ 8516 /* bypass PKCS11 */
8518 SECItem inData = { siBuffer, }; 8517 SECItem inData = { siBuffer, };
8519 SECItem outData = { siBuffer, }; 8518 SECItem outData = { siBuffer, };
8520 PRBool isFIPS = PR_FALSE; 8519 PRBool isFIPS = PR_FALSE;
8521 8520
8522 inData.data = (unsigned char *) val; 8521 inData.data = (unsigned char *) val;
8523 inData.len = valLen; 8522 inData.len = valLen;
8524 outData.data = out; 8523 outData.data = out;
8525 outData.len = outLen; 8524 outData.len = outLen;
8526 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); 8525 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
8527 PORT_Assert(rv != SECSuccess || outData.len == outLen); 8526 PORT_Assert(rv != SECSuccess || outData.len == outLen);
8528 } 8527 }
8529 return rv; 8528 return rv;
8530 } 8529 }
8531 8530
8532 static SECStatus 8531 static SECStatus
8533 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, 8532 ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
8534 PRBool isServer, 8533 PRBool isServer,
8535 » » const SSL3Finished * hashes, 8534 const SSL3Finished * hashes,
8536 » » » TLSFinished * tlsFinished) 8535 TLSFinished * tlsFinished)
8537 { 8536 {
8538 const char * label; 8537 const char * label;
8538 unsigned int len;
8539 SECStatus rv; 8539 SECStatus rv;
8540 unsigned int len;
8541 8540
8542 label = isServer ? "server finished" : "client finished"; 8541 label = isServer ? "server finished" : "client finished";
8543 len = 15; 8542 len = 15;
8544 8543
8545 rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, 8544 rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
8546 sizeof *hashes, tlsFinished->verify_data, 8545 sizeof *hashes, tlsFinished->verify_data,
8547 sizeof tlsFinished->verify_data); 8546 sizeof tlsFinished->verify_data);
8548 8547
8549 return rv; 8548 return rv;
8550 } 8549 }
8551 8550
8552 /* called from ssl3_HandleServerHelloDone 8551 /* called from ssl3_HandleServerHelloDone
8553 */ 8552 */
(...skipping 1433 matching lines...) Expand 10 before | Expand all | Expand 10 after
9987 /* free up the CipherSpecs */ 9986 /* free up the CipherSpecs */
9988 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/); 9987 ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE/*freeSrvName*/);
9989 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/); 9988 ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
9990 9989
9991 ss->ssl3.initialized = PR_FALSE; 9990 ss->ssl3.initialized = PR_FALSE;
9992 9991
9993 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 9992 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
9994 } 9993 }
9995 9994
9996 /* End of ssl3con.c */ 9995 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/ssl.h ('k') | net/third_party/nss/ssl/sslimpl.h » ('j') | remoting/protocol/auth_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698