Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(723)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/cbc.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add CT TLS extension bug number Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/canfalsestart.patch ('k') | net/third_party/nss/patches/chacha20poly1305.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 --- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:10:35.113325316 -0700
3 +++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:12:00.254575103 -0700
4 @@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
5 return rv;
6 }
7
8 +/* This is a bodge to allow this code to be compiled against older NSS headers
9 + * that don't contain the CBC constant-time changes. */
10 +#ifndef CKM_NSS_HMAC_CONSTANT_TIME
11 +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
12 +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
13 +
14 +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
15 + CK_MECHANISM_TYPE macAlg; /* in */
16 + CK_ULONG ulBodyTotalLen; /* in */
17 + CK_BYTE * pHeader; /* in */
18 + CK_ULONG ulHeaderLen; /* in */
19 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
20 +#endif
21 +
22 /* Called from: ssl3_HandleRecord()
23 * Caller must already hold the SpecReadLock. (wish we could assert that!)
24 *
25 @@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
26 {
27 CK_MECHANISM_TYPE macType;
28 CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
29 - SECItem param, inputItem, outputItem;
30 + PK11Context * mac_context;
31 + SECItem param;
32 SECStatus rv;
33 unsigned char header[13];
34 PK11SymKey * key;
35 @@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
36 param.len = sizeof(params);
37 param.type = 0;
38
39 - inputItem.data = (unsigned char *) input;
40 - inputItem.len = inputLen;
41 - inputItem.type = 0;
42 -
43 - outputItem.data = outbuf;
44 - outputItem.len = *outLen;
45 - outputItem.type = 0;
46 -
47 key = spec->server.write_mac_key;
48 if (!useServerMacKey) {
49 key = spec->client.write_mac_key;
50 }
51 + mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
52 + if (mac_context == NULL) {
53 + /* Older versions of NSS may not support constant-time MAC. */
54 + goto fallback;
55 + }
56
57 - rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
58 - if (rv != SECSuccess) {
59 - if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
60 - goto fallback;
61 - }
62 + rv = PK11_DigestBegin(mac_context);
63 + rv |= PK11_DigestOp(mac_context, input, inputLen);
64 + rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
65 + PK11_DestroyContext(mac_context, PR_TRUE);
66
67 - *outLen = 0;
68 + PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
69 +
70 + if (rv != SECSuccess) {
71 rv = SECFailure;
72 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
73 - return rv;
74 }
75 -
76 - PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
77 - *outLen = outputItem.len;
78 -
79 return rv;
80
81 fallback:
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/canfalsestart.patch ('k') | net/third_party/nss/patches/chacha20poly1305.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698