| OLD | NEW |
| (Empty) |
| 1 diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h | |
| 2 --- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:12:15.720044263 -0800 | |
| 3 +++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:18:04.824794558 -0800 | |
| 4 @@ -774,6 +774,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteI | |
| 5 /* Returnes negotiated through SNI host info. */ | |
| 6 SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd); | |
| 7 | |
| 8 +/* Export keying material according to RFC 5705. | |
| 9 +** fd must correspond to a TLS 1.0 or higher socket and out must | |
| 10 +** already be allocated. If contextLen is zero it uses the no-context | |
| 11 +** construction from the RFC. | |
| 12 +*/ | |
| 13 +SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, | |
| 14 + const char *label, | |
| 15 + unsigned int labelLen, | |
| 16 + const unsigned char *context, | |
| 17 + unsigned int contextLen, | |
| 18 + unsigned char *out, | |
| 19 + unsigned int outLen); | |
| 20 + | |
| 21 /* | |
| 22 ** Return a new reference to the certificate that was most recently sent | |
| 23 ** to the peer on this SSL/TLS connection, or NULL if none has been sent. | |
| 24 diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/s
sl3con.c | |
| 25 --- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 20:34:50.114663722 -0
800 | |
| 26 +++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 17:18:04.824794558 -0
800 | |
| 27 @@ -8368,33 +8368,33 @@ done: | |
| 28 return rv; | |
| 29 } | |
| 30 | |
| 31 -static SECStatus | |
| 32 -ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | |
| 33 - PRBool isServer, | |
| 34 - const SSL3Finished * hashes, | |
| 35 - TLSFinished * tlsFinished) | |
| 36 +/* The calling function must acquire and release the appropriate lock (i.e., | |
| 37 + * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any | |
| 38 + * label must already be concatenated onto the beginning of val. | |
| 39 + */ | |
| 40 +SECStatus | |
| 41 +ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, | |
| 42 + unsigned int labelLen, const unsigned char *val, unsigned int valLen, | |
| 43 + unsigned char *out, unsigned int outLen) | |
| 44 { | |
| 45 - const char * label; | |
| 46 - unsigned int len; | |
| 47 - SECStatus rv; | |
| 48 - | |
| 49 - label = isServer ? "server finished" : "client finished"; | |
| 50 - len = 15; | |
| 51 + SECStatus rv = SECSuccess; | |
| 52 | |
| 53 if (spec->master_secret && !spec->bypassCiphers) { | |
| 54 SECItem param = {siBuffer, NULL, 0}; | |
| 55 PK11Context *prf_context = | |
| 56 PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, | |
| 57 spec->master_secret, ¶m); | |
| 58 + unsigned int retLen; | |
| 59 + | |
| 60 if (!prf_context) | |
| 61 return SECFailure; | |
| 62 | |
| 63 rv = PK11_DigestBegin(prf_context); | |
| 64 - rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len); | |
| 65 - rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes); | |
| 66 - rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, | |
| 67 - &len, sizeof tlsFinished->verify_data); | |
| 68 - PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished); | |
| 69 + rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); | |
| 70 + rv |= PK11_DigestOp(prf_context, val, valLen); | |
| 71 + rv |= PK11_DigestFinal(prf_context, out, | |
| 72 + &retLen, outLen); | |
| 73 + PORT_Assert(rv != SECSuccess || retLen == outLen); | |
| 74 | |
| 75 PK11_DestroyContext(prf_context, PR_TRUE); | |
| 76 } else { | |
| 77 @@ -8403,17 +8403,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec * | |
| 78 SECItem outData = { siBuffer, }; | |
| 79 PRBool isFIPS = PR_FALSE; | |
| 80 | |
| 81 - inData.data = (unsigned char *)hashes->md5; | |
| 82 - inData.len = sizeof hashes[0]; | |
| 83 - outData.data = tlsFinished->verify_data; | |
| 84 - outData.len = sizeof tlsFinished->verify_data; | |
| 85 + inData.data = (unsigned char *) val; | |
| 86 + inData.len = valLen; | |
| 87 + outData.data = out; | |
| 88 + outData.len = outLen; | |
| 89 rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS); | |
| 90 - PORT_Assert(rv != SECSuccess || \ | |
| 91 - outData.len == sizeof tlsFinished->verify_data); | |
| 92 + PORT_Assert(rv != SECSuccess || outData.len == outLen); | |
| 93 } | |
| 94 return rv; | |
| 95 } | |
| 96 | |
| 97 +static SECStatus | |
| 98 +ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, | |
| 99 + PRBool isServer, | |
| 100 + const SSL3Finished * hashes, | |
| 101 + TLSFinished * tlsFinished) | |
| 102 +{ | |
| 103 + const char * label; | |
| 104 + SECStatus rv; | |
| 105 + unsigned int len; | |
| 106 + | |
| 107 + label = isServer ? "server finished" : "client finished"; | |
| 108 + len = 15; | |
| 109 + | |
| 110 + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, | |
| 111 + sizeof *hashes, tlsFinished->verify_data, | |
| 112 + sizeof tlsFinished->verify_data); | |
| 113 + | |
| 114 + return rv; | |
| 115 +} | |
| 116 + | |
| 117 /* called from ssl3_HandleServerHelloDone | |
| 118 */ | |
| 119 static SECStatus | |
| 120 diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
slimpl.h | |
| 121 --- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:12:15.720044263 -0
800 | |
| 122 +++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:16:59.143900589 -0
800 | |
| 123 @@ -1709,6 +1709,11 @@ SECStatus SSL_DisableDefaultExportCipher | |
| 124 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | |
| 125 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | |
| 126 | |
| 127 +SECStatus ssl3_TLSPRFWithMasterSecret( | |
| 128 + ssl3CipherSpec *spec, const char *label, | |
| 129 + unsigned int labelLen, const unsigned char *val, | |
| 130 + unsigned int valLen, unsigned char *out, | |
| 131 + unsigned int outLen); | |
| 132 | |
| 133 #ifdef TRACE | |
| 134 #define SSL_TRACE(msg) ssl_Trace msg | |
| 135 diff -up a/src/net/third_party/nss/ssl/sslinfo.c b/src/net/third_party/nss/ssl/s
slinfo.c | |
| 136 --- a/src/net/third_party/nss/ssl/sslinfo.c 2010-09-01 18:12:57.000000000 -0
700 | |
| 137 +++ b/src/net/third_party/nss/ssl/sslinfo.c 2012-02-29 17:18:04.824794558 -0
800 | |
| 138 @@ -20,6 +20,7 @@ | |
| 139 * | |
| 140 * Contributor(s): | |
| 141 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories | |
| 142 + * Douglas Stebila <douglas@stebila.ca> | |
| 143 * | |
| 144 * Alternatively, the contents of this file may be used under the terms of | |
| 145 * either the GNU General Public License Version 2 or later (the "GPL"), or | |
| 146 @@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherS | |
| 147 return PR_FALSE; | |
| 148 } | |
| 149 | |
| 150 +/* Export keying material according to RFC 5705. | |
| 151 +** fd must correspond to a TLS 1.0 or higher socket, out must | |
| 152 +** be already allocated. | |
| 153 +*/ | |
| 154 +SECStatus | |
| 155 +SSL_ExportKeyingMaterial(PRFileDesc *fd, | |
| 156 + const char *label, | |
| 157 + unsigned int labelLen, | |
| 158 + const unsigned char *context, | |
| 159 + unsigned int contextLen, | |
| 160 + unsigned char *out, | |
| 161 + unsigned int outLen) | |
| 162 +{ | |
| 163 + sslSocket *ss; | |
| 164 + unsigned char *val = NULL; | |
| 165 + unsigned int valLen, i; | |
| 166 + SECStatus rv = SECFailure; | |
| 167 + | |
| 168 + ss = ssl_FindSocket(fd); | |
| 169 + if (!ss) { | |
| 170 + SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial", | |
| 171 + SSL_GETPID(), fd)); | |
| 172 + return SECFailure; | |
| 173 + } | |
| 174 + | |
| 175 + if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) { | |
| 176 + PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION); | |
| 177 + return SECFailure; | |
| 178 + } | |
| 179 + | |
| 180 + valLen = SSL3_RANDOM_LENGTH * 2; | |
| 181 + if (contextLen > 0) | |
| 182 + valLen += 2 /* uint16 length */ + contextLen; | |
| 183 + val = PORT_Alloc(valLen); | |
| 184 + if (val == NULL) | |
| 185 + return SECFailure; | |
| 186 + i = 0; | |
| 187 + PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); | |
| 188 + i += SSL3_RANDOM_LENGTH; | |
| 189 + PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); | |
| 190 + i += SSL3_RANDOM_LENGTH; | |
| 191 + if (contextLen > 0) { | |
| 192 + val[i++] = contextLen >> 8; | |
| 193 + val[i++] = contextLen; | |
| 194 + PORT_Memcpy(val + i, context, contextLen); | |
| 195 + i += contextLen; | |
| 196 + } | |
| 197 + PORT_Assert(i == valLen); | |
| 198 + | |
| 199 + ssl_GetSpecReadLock(ss); | |
| 200 + if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { | |
| 201 + PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); | |
| 202 + rv = SECFailure; | |
| 203 + } else { | |
| 204 + rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val, | |
| 205 + valLen, out, outLen); | |
| 206 + } | |
| 207 + ssl_ReleaseSpecReadLock(ss); | |
| 208 + | |
| 209 + PORT_ZFree(val, valLen); | |
| 210 + return rv; | |
| 211 +} | |
| 212 + | |
| 213 SECItem* | |
| 214 SSL_GetNegotiatedHostInfo(PRFileDesc *fd) | |
| 215 { | |
| OLD | NEW |