net: allow SSL secrets to be exported sooner.

This also addresses some follows up from previous CLs. BUG=none TEST=none Review URL: http://codereview.chromium.org/7493056 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94105 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-26 16:04:20 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-26 16:04:20 +0000
commit: deffb93ae82baf9125ab1129a64ad087f602ee6b (patch)
tree: 11bd5e7229dfa4eaeacda28cd18d099f97c75769 /net/third_party/nss/ssl
parent: 33ca366d226f980c5a8513f09258ca84addc8f47 (diff)
download: chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.zip
chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.tar.gz
chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.tar.bz2
3 files changed, 22 insertions, 16 deletions
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 1537aae..6b364bb 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -688,14 +688,16 @@ SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
 
 /* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket and out must
-** already be allocated.
+** already be allocated. If contextLen is zero it uses the no-context
+** construction from the RFC.
 */
 SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
                                               const char *label,
+                                              unsigned int labelLen,
                                               const unsigned char *context,
-                                              unsigned int contextlen,
+                                              unsigned int contextLen,
                                               unsigned char *out,
-                                              unsigned int outlen);
+                                              unsigned int outLen);
 
 /*
 ** Return a new reference to the certificate that was most recently sent
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index dee5555..3ae9167 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -8452,13 +8452,14 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
     unsigned char *out, unsigned int outLen)
 {
     SECStatus rv = SECSuccess;
-    unsigned int retLen;
 
     if (spec->master_secret && !spec->bypassCiphers) {
 	SECItem      param       = {siBuffer, NULL, 0};
 	PK11Context *prf_context =
 	    PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, 
 				       spec->master_secret, &param);
+	unsigned int retLen;
+
 	if (!prf_context)
 	    return SECFailure;
 
@@ -8494,10 +8495,12 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
 {
     const char * label;
     SECStatus    rv;
+    unsigned int len;
 
     label = isServer ? "server finished" : "client finished";
+    len = 15;
 
-    rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5,
+    rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
 	sizeof *hashes, tlsFinished->verify_data,
 	sizeof tlsFinished->verify_data);
 
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 9a58b4d..cf870c7 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -39,7 +39,6 @@
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
-#include "pk11func.h"
 
 static const char *
 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
@@ -318,12 +317,14 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
     return PR_FALSE;
 }
 
-/* Export keying material according to draft-ietf-tls-extractor-06.
+/* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket, out must
 ** be already allocated.
 */
 SECStatus
-SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
+SSL_ExportKeyingMaterial(PRFileDesc *fd,
+			 const char *label,
+			 unsigned int labelLen,
 			 const unsigned char *context,
 			 unsigned int contextLen,
 			 unsigned char *out,
@@ -346,11 +347,6 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
 	return SECFailure;
     }
 
-    if (ss->ssl3.hs.ws != idle_handshake) {
-	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-	return SECFailure;
-    }
-
     valLen = SSL3_RANDOM_LENGTH * 2;
     if (contextLen > 0)
 	valLen += 2 /* uint16 length */ + contextLen;
@@ -371,11 +367,16 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
     PORT_Assert(i == valLen);
 
     ssl_GetSpecReadLock(ss);
-    rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);
+    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
+	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
+	rv = SECFailure;
+    } else {
+	rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
+					 valLen, out, outLen);
+    }
     ssl_ReleaseSpecReadLock(ss);
 
-    if (val != NULL)
-	PORT_ZFree(val, valLen);
+    PORT_ZFree(val, valLen);
     return rv;
 }
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-26 16:04:20 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-26 16:04:20 +0000
commit	deffb93ae82baf9125ab1129a64ad087f602ee6b (patch)
tree	11bd5e7229dfa4eaeacda28cd18d099f97c75769 /net/third_party/nss/ssl
parent	33ca366d226f980c5a8513f09258ca84addc8f47 (diff)
download	chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.zip chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.tar.gz chromium_src-deffb93ae82baf9125ab1129a64ad087f602ee6b.tar.bz2