diff options
author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-15 00:20:58 +0000 |
---|---|---|
committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-15 00:20:58 +0000 |
commit | 1bc6f5e2827bbf1fe571d2b6f085ceff23644e1a (patch) | |
tree | d804ca496db0952db185663f12193c7108854573 /net/third_party | |
parent | b518852c1a1ccf23fd3ee12d49895009cb8a5aa0 (diff) | |
download | chromium_src-1bc6f5e2827bbf1fe571d2b6f085ceff23644e1a.zip chromium_src-1bc6f5e2827bbf1fe571d2b6f085ceff23644e1a.tar.gz chromium_src-1bc6f5e2827bbf1fe571d2b6f085ceff23644e1a.tar.bz2 |
Add a boolean |has_context| argument to the TLS ExportKeyingMaterial
method to support both nonexistent context and zero-length context.
R=agl@chromium.org,rsleevi@chromium.org
BUG=none
TEST=existing unit tests
Review URL: http://codereview.chromium.org/9663043
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126799 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r-- | net/third_party/nss/README.chromium | 1 | ||||
-rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
-rw-r--r-- | net/third_party/nss/patches/secret_exporter2.patch | 228 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl.h | 6 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 17 | ||||
-rw-r--r-- | net/third_party/nss/ssl/sslimpl.h | 10 | ||||
-rw-r--r-- | net/third_party/nss/ssl/sslinfo.c | 26 |
7 files changed, 261 insertions, 29 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index b6435f2..dd8c15d 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -48,6 +48,7 @@ Patches: This is a reworked version of the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=507359 patches/secret_exporter.patch + patches/secret_exporter2.patch * Add a function to restart a handshake after a client certificate request. patches/restartclientauth.patch diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index 48cbe52..1356eab 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -38,3 +38,5 @@ patch -p6 < $patches_dir/restartclientauth.patch patch -p6 < $patches_dir/encryptedclientcerts.patch patch -p5 < $patches_dir/nextprotocleanup.patch + +patch -p4 < $patches_dir/secret_exporter2.patch diff --git a/net/third_party/nss/patches/secret_exporter2.patch b/net/third_party/nss/patches/secret_exporter2.patch new file mode 100644 index 0000000..695754d --- /dev/null +++ b/net/third_party/nss/patches/secret_exporter2.patch @@ -0,0 +1,228 @@ +Index: net/third_party/nss/ssl/ssl.h +=================================================================== +--- net/third_party/nss/ssl/ssl.h (revision 125777) ++++ net/third_party/nss/ssl/ssl.h (working copy) +@@ -792,12 +792,14 @@ + + /* Export keying material according to RFC 5705. + ** fd must correspond to a TLS 1.0 or higher socket and out must +-** already be allocated. If contextLen is zero it uses the no-context +-** construction from the RFC. ++** already be allocated. If hasContext is false, it uses the no-context ++** construction from the RFC and ignores the context and contextLen ++** arguments. + */ + SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, + const char *label, + unsigned int labelLen, ++ PRBool hasContext, + const unsigned char *context, + unsigned int contextLen, + unsigned char *out, +Index: net/third_party/nss/ssl/sslinfo.c +=================================================================== +--- net/third_party/nss/ssl/sslinfo.c (revision 125777) ++++ net/third_party/nss/ssl/sslinfo.c (working copy) +@@ -317,18 +317,12 @@ + return PR_FALSE; + } + +-/* Export keying material according to RFC 5705. +-** fd must correspond to a TLS 1.0 or higher socket, out must +-** be already allocated. +-*/ + SECStatus + SSL_ExportKeyingMaterial(PRFileDesc *fd, +- const char *label, +- unsigned int labelLen, +- const unsigned char *context, +- unsigned int contextLen, +- unsigned char *out, +- unsigned int outLen) ++ const char *label, unsigned int labelLen, ++ PRBool hasContext, ++ const unsigned char *context, unsigned int contextLen, ++ unsigned char *out, unsigned int outLen) + { + sslSocket *ss; + unsigned char *val = NULL; +@@ -347,18 +341,21 @@ + return SECFailure; + } + ++ /* construct PRF arguments */ + valLen = SSL3_RANDOM_LENGTH * 2; +- if (contextLen > 0) ++ if (hasContext) { + valLen += 2 /* uint16 length */ + contextLen; ++ } + val = PORT_Alloc(valLen); +- if (val == NULL) ++ if (!val) { + return SECFailure; ++ } + i = 0; + PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); + i += SSL3_RANDOM_LENGTH; + PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); + i += SSL3_RANDOM_LENGTH; +- if (contextLen > 0) { ++ if (hasContext) { + val[i++] = contextLen >> 8; + val[i++] = contextLen; + PORT_Memcpy(val + i, context, contextLen); +@@ -366,6 +363,9 @@ + } + PORT_Assert(i == valLen); + ++ /* Allow TLS keying material to be exported sooner, when the master ++ * secret is available and we have sent ChangeCipherSpec. ++ */ + ssl_GetSpecReadLock(ss); + if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { + PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); +Index: net/third_party/nss/ssl/sslimpl.h +=================================================================== +--- net/third_party/nss/ssl/sslimpl.h (revision 125777) ++++ net/third_party/nss/ssl/sslimpl.h (working copy) +@@ -1715,11 +1715,11 @@ + SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); + PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); + +-SECStatus ssl3_TLSPRFWithMasterSecret( +- ssl3CipherSpec *spec, const char *label, +- unsigned int labelLen, const unsigned char *val, +- unsigned int valLen, unsigned char *out, +- unsigned int outLen); ++extern SECStatus ++ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, ++ const char *label, unsigned int labelLen, ++ const unsigned char *val, unsigned int valLen, ++ unsigned char *out, unsigned int outLen); + + #ifdef TRACE + #define SSL_TRACE(msg) ssl_Trace msg +Index: net/third_party/nss/ssl/ssl3ext.c +=================================================================== +--- net/third_party/nss/ssl/ssl3ext.c (revision 125777) ++++ net/third_party/nss/ssl/ssl3ext.c (working copy) +@@ -606,10 +606,7 @@ + unsigned char resultBuffer[255]; + SECItem result = { siBuffer, resultBuffer, 0 }; + +- if (ss->firstHsDone) { +- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); +- return SECFailure; +- } ++ PORT_Assert(!ss->firstHsDone); + + rv = ssl3_ValidateNextProtoNego(data->data, data->len); + if (rv != SECSuccess) +@@ -621,6 +618,8 @@ + */ + PORT_Assert(ss->nextProtoCallback != NULL); + if (!ss->nextProtoCallback) { ++ /* XXX Use a better error code. This is an application error, not an ++ * NSS bug. */ + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } +@@ -631,7 +630,7 @@ + return rv; + /* If the callback wrote more than allowed to |result| it has corrupted our + * stack. */ +- if (result.len > sizeof result) { ++ if (result.len > sizeof resultBuffer) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } +Index: net/third_party/nss/ssl/sslsock.c +=================================================================== +--- net/third_party/nss/ssl/sslsock.c (revision 125777) ++++ net/third_party/nss/ssl/sslsock.c (working copy) +@@ -1344,7 +1344,7 @@ + return SECSuccess; + } + +-/* NextProtoStandardCallback is set as an NPN callback for the case when ++/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when + * SSL_SetNextProtoNego is used. + */ + static SECStatus +@@ -1390,12 +1390,12 @@ + result = ss->opt.nextProtoNego.data; + + found: +- *protoOutLen = result[0]; + if (protoMaxLen < result[0]) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + memcpy(protoOut, result + 1, result[0]); ++ *protoOutLen = result[0]; + return SECSuccess; + } + +@@ -1449,13 +1449,12 @@ + + if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT && + ss->ssl3.nextProto.data) { +- *bufLen = ss->ssl3.nextProto.len; +- if (*bufLen > bufLenMax) { ++ if (ss->ssl3.nextProto.len > bufLenMax) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); +- *bufLen = 0; + return SECFailure; + } + PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len); ++ *bufLen = ss->ssl3.nextProto.len; + } else { + *bufLen = 0; + } +Index: net/third_party/nss/ssl/ssl3con.c +=================================================================== +--- net/third_party/nss/ssl/ssl3con.c (revision 125777) ++++ net/third_party/nss/ssl/ssl3con.c (working copy) +@@ -8484,9 +8484,9 @@ + return rv; + } + +-/* The calling function must acquire and release the appropriate lock (i.e., +- * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any +- * label must already be concatenated onto the beginning of val. ++/* The calling function must acquire and release the appropriate ++ * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ++ * ss->ssl3.crSpec). + */ + SECStatus + ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, +@@ -8508,8 +8508,7 @@ + rv = PK11_DigestBegin(prf_context); + rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); + rv |= PK11_DigestOp(prf_context, val, valLen); +- rv |= PK11_DigestFinal(prf_context, out, +- &retLen, outLen); ++ rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen); + PORT_Assert(rv != SECSuccess || retLen == outLen); + + PK11_DestroyContext(prf_context, PR_TRUE); +@@ -8532,15 +8531,15 @@ + static SECStatus + ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, + PRBool isServer, +- const SSL3Finished * hashes, +- TLSFinished * tlsFinished) ++ const SSL3Finished * hashes, ++ TLSFinished * tlsFinished) + { + const char * label; +- SECStatus rv; + unsigned int len; ++ SECStatus rv; + + label = isServer ? "server finished" : "client finished"; +- len = 15; ++ len = 15; + + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, + sizeof *hashes, tlsFinished->verify_data, diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index 9f41e62..d8f8e2f 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -792,12 +792,14 @@ SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd); /* Export keying material according to RFC 5705. ** fd must correspond to a TLS 1.0 or higher socket and out must -** already be allocated. If contextLen is zero it uses the no-context -** construction from the RFC. +** already be allocated. If hasContext is false, it uses the no-context +** construction from the RFC and ignores the context and contextLen +** arguments. */ SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, unsigned int labelLen, + PRBool hasContext, const unsigned char *context, unsigned int contextLen, unsigned char *out, diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index ab17aa1..804feac 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -8484,9 +8484,9 @@ done: return rv; } -/* The calling function must acquire and release the appropriate lock (i.e., - * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any - * label must already be concatenated onto the beginning of val. +/* The calling function must acquire and release the appropriate + * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for + * ss->ssl3.crSpec). */ SECStatus ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, @@ -8508,8 +8508,7 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, rv = PK11_DigestBegin(prf_context); rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen); rv |= PK11_DigestOp(prf_context, val, valLen); - rv |= PK11_DigestFinal(prf_context, out, - &retLen, outLen); + rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen); PORT_Assert(rv != SECSuccess || retLen == outLen); PK11_DestroyContext(prf_context, PR_TRUE); @@ -8532,15 +8531,15 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label, static SECStatus ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, PRBool isServer, - const SSL3Finished * hashes, - TLSFinished * tlsFinished) + const SSL3Finished * hashes, + TLSFinished * tlsFinished) { const char * label; - SECStatus rv; unsigned int len; + SECStatus rv; label = isServer ? "server finished" : "client finished"; - len = 15; + len = 15; rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5, sizeof *hashes, tlsFinished->verify_data, diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h index 8f78670..e0e53e1 100644 --- a/net/third_party/nss/ssl/sslimpl.h +++ b/net/third_party/nss/ssl/sslimpl.h @@ -1715,11 +1715,11 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void); SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); -SECStatus ssl3_TLSPRFWithMasterSecret( - ssl3CipherSpec *spec, const char *label, - unsigned int labelLen, const unsigned char *val, - unsigned int valLen, unsigned char *out, - unsigned int outLen); +extern SECStatus +ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, + const char *label, unsigned int labelLen, + const unsigned char *val, unsigned int valLen, + unsigned char *out, unsigned int outLen); #ifdef TRACE #define SSL_TRACE(msg) ssl_Trace msg diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c index ea51039..5148364 100644 --- a/net/third_party/nss/ssl/sslinfo.c +++ b/net/third_party/nss/ssl/sslinfo.c @@ -317,18 +317,12 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite) return PR_FALSE; } -/* Export keying material according to RFC 5705. -** fd must correspond to a TLS 1.0 or higher socket, out must -** be already allocated. -*/ SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, - const char *label, - unsigned int labelLen, - const unsigned char *context, - unsigned int contextLen, - unsigned char *out, - unsigned int outLen) + const char *label, unsigned int labelLen, + PRBool hasContext, + const unsigned char *context, unsigned int contextLen, + unsigned char *out, unsigned int outLen) { sslSocket *ss; unsigned char *val = NULL; @@ -347,18 +341,21 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, return SECFailure; } + /* construct PRF arguments */ valLen = SSL3_RANDOM_LENGTH * 2; - if (contextLen > 0) + if (hasContext) { valLen += 2 /* uint16 length */ + contextLen; + } val = PORT_Alloc(valLen); - if (val == NULL) + if (!val) { return SECFailure; + } i = 0; PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH); i += SSL3_RANDOM_LENGTH; PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH); i += SSL3_RANDOM_LENGTH; - if (contextLen > 0) { + if (hasContext) { val[i++] = contextLen >> 8; val[i++] = contextLen; PORT_Memcpy(val + i, context, contextLen); @@ -366,6 +363,9 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, } PORT_Assert(i == valLen); + /* Allow TLS keying material to be exported sooner, when the master + * secret is available and we have sent ChangeCipherSpec. + */ ssl_GetSpecReadLock(ss); if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) { PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED); |