6 files changed, 58 insertions, 52 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index eddac5c..42acb81 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -529,9 +529,8 @@ int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
-  std::string label_string(label.data(), label.length());
   SECStatus result = SSL_ExportKeyingMaterial(
-      nss_fd_, label_string.c_str(),
+      nss_fd_, label.data(), label.size(),
       reinterpret_cast<const unsigned char*>(context.data()),
       context.length(), out, outlen);
   if (result != SECSuccess) {
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index c364173..08d84b9 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -132,9 +132,8 @@ int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
-  std::string label_string(label.data(), label.length());
   SECStatus result = SSL_ExportKeyingMaterial(
-      nss_fd_, label_string.c_str(),
+      nss_fd_, label.data(), label.size(),
       reinterpret_cast<const unsigned char*>(context.data()),
       context.length(), out, outlen);
   if (result != SECSuccess) {
diff --git a/net/third_party/nss/patches/secret_exporter.patch b/net/third_party/nss/patches/secret_exporter.patch
index 8e04252..7e6eaa0 100644
--- a/net/third_party/nss/patches/secret_exporter.patch
+++ b/net/third_party/nss/patches/secret_exporter.patch
@@ -1,4 +1,4 @@
-commit 58913147a052b19246ac946077484d033d309287
+commit c92170f883e6cfdc2c2dc6dbb49d3e6b8e9928f1
 Author: Adam Langley <agl@chromium.org>
 Date:   Thu Jul 21 11:34:32 2011 -0400
 
@@ -17,32 +17,34 @@ index 7ef15db..1993d3e 100644
  SSL_GetStapledOCSPResponse;
  SSL_HandshakeResumedSession;
 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 53ca301..1537aae 100644
+index 53ca301..6b364bb 100644
 --- a/mozilla/security/nss/lib/ssl/ssl.h
 +++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -686,6 +686,17 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
+@@ -686,6 +686,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
  /* Returnes negotiated through SNI host info. */
  SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
  
 +/* Export keying material according to RFC 5705.
 +** fd must correspond to a TLS 1.0 or higher socket and out must
-+** already be allocated.
++** already be allocated. If contextLen is zero it uses the no-context
++** construction from the RFC.
 +*/
 +SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
 +                                              const char *label,
++                                              unsigned int labelLen,
 +                                              const unsigned char *context,
-+                                              unsigned int contextlen,
++                                              unsigned int contextLen,
 +                                              unsigned char *out,
-+                                              unsigned int outlen);
++                                              unsigned int outLen);
 +
  /*
  ** Return a new reference to the certificate that was most recently sent
  ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index c39b8f8..dee5555 100644
+index 66071d2..3bda2f3 100644
 --- a/mozilla/security/nss/lib/ssl/ssl3con.c
 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -8442,18 +8442,17 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
+@@ -8443,33 +8443,33 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
      return rv;
  }
  
@@ -67,11 +69,15 @@ index c39b8f8..dee5555 100644
 -    label = isServer ? "server finished" : "client finished";
 -    len   = 15;
 +    SECStatus rv = SECSuccess;
-+    unsigned int retLen;
  
      if (spec->master_secret && !spec->bypassCiphers) {
  	SECItem      param       = {siBuffer, NULL, 0};
-@@ -8464,11 +8463,11 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
+ 	PK11Context *prf_context =
+ 	    PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, 
+ 				       spec->master_secret, &param);
++	unsigned int retLen;
++
+ 	if (!prf_context)
  	    return SECFailure;
  
  	rv  = PK11_DigestBegin(prf_context);
@@ -88,7 +94,7 @@ index c39b8f8..dee5555 100644
  
  	PK11_DestroyContext(prf_context, PR_TRUE);
      } else {
-@@ -8477,17 +8476,34 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
+@@ -8478,17 +8478,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
  	SECItem outData = { siBuffer, };
  	PRBool isFIPS   = PR_FALSE;
  
@@ -116,10 +122,12 @@ index c39b8f8..dee5555 100644
 +{
 +    const char * label;
 +    SECStatus    rv;
++    unsigned int len;
 +
 +    label = isServer ? "server finished" : "client finished";
++    len = 15;
 +
-+    rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5,
++    rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
 +	sizeof *hashes, tlsFinished->verify_data,
 +	sizeof tlsFinished->verify_data);
 +
@@ -147,7 +155,7 @@ index df30029..073616f 100644
  
  void FNV1A64_Init(PRUint64 *digest);
 diff --git a/mozilla/security/nss/lib/ssl/sslinfo.c b/mozilla/security/nss/lib/ssl/sslinfo.c
-index 96377b0..9a58b4d 100644
+index 96377b0..cf870c7 100644
 --- a/mozilla/security/nss/lib/ssl/sslinfo.c
 +++ b/mozilla/security/nss/lib/ssl/sslinfo.c
 @@ -20,6 +20,7 @@
@@ -158,24 +166,18 @@ index 96377b0..9a58b4d 100644
   *
   * Alternatively, the contents of this file may be used under the terms of
   * either the GNU General Public License Version 2 or later (the "GPL"), or
-@@ -38,6 +39,7 @@
- #include "ssl.h"
- #include "sslimpl.h"
- #include "sslproto.h"
-+#include "pk11func.h"
- 
- static const char *
- ssl_GetCompressionMethodName(SSLCompressionMethod compression)
-@@ -316,6 +318,67 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
+@@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
      return PR_FALSE;
  }
  
-+/* Export keying material according to draft-ietf-tls-extractor-06.
++/* Export keying material according to RFC 5705.
 +** fd must correspond to a TLS 1.0 or higher socket, out must
 +** be already allocated.
 +*/
 +SECStatus
-+SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
++SSL_ExportKeyingMaterial(PRFileDesc *fd,
++			 const char *label,
++			 unsigned int labelLen,
 +			 const unsigned char *context,
 +			 unsigned int contextLen,
 +			 unsigned char *out,
@@ -198,11 +200,6 @@ index 96377b0..9a58b4d 100644
 +	return SECFailure;
 +    }
 +
-+    if (ss->ssl3.hs.ws != idle_handshake) {
-+	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-+	return SECFailure;
-+    }
-+
 +    valLen = SSL3_RANDOM_LENGTH * 2;
 +    if (contextLen > 0)
 +	valLen += 2 /* uint16 length */ + contextLen;
@@ -223,11 +220,16 @@ index 96377b0..9a58b4d 100644
 +    PORT_Assert(i == valLen);
 +
 +    ssl_GetSpecReadLock(ss);
-+    rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);
++    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
++	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
++	rv = SECFailure;
++    } else {
++	rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
++					 valLen, out, outLen);
++    }
 +    ssl_ReleaseSpecReadLock(ss);
 +
-+    if (val != NULL)
-+	PORT_ZFree(val, valLen);
++    PORT_ZFree(val, valLen);
 +    return rv;
 +}
 +
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 1537aae..6b364bb 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -688,14 +688,16 @@ SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
 
 /* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket and out must
-** already be allocated.
+** already be allocated. If contextLen is zero it uses the no-context
+** construction from the RFC.
 */
 SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
                                               const char *label,
+                                              unsigned int labelLen,
                                               const unsigned char *context,
-                                              unsigned int contextlen,
+                                              unsigned int contextLen,
                                               unsigned char *out,
-                                              unsigned int outlen);
+                                              unsigned int outLen);
 
 /*
 ** Return a new reference to the certificate that was most recently sent
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index dee5555..3ae9167 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -8452,13 +8452,14 @@ ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
     unsigned char *out, unsigned int outLen)
 {
     SECStatus rv = SECSuccess;
-    unsigned int retLen;
 
     if (spec->master_secret && !spec->bypassCiphers) {
 	SECItem      param       = {siBuffer, NULL, 0};
 	PK11Context *prf_context =
 	    PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN, 
 				       spec->master_secret, &param);
+	unsigned int retLen;
+
 	if (!prf_context)
 	    return SECFailure;
 
@@ -8494,10 +8495,12 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
 {
     const char * label;
     SECStatus    rv;
+    unsigned int len;
 
     label = isServer ? "server finished" : "client finished";
+    len = 15;
 
-    rv = ssl3_TLSPRFWithMasterSecret(spec, label, 15, hashes->md5,
+    rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
 	sizeof *hashes, tlsFinished->verify_data,
 	sizeof tlsFinished->verify_data);
 
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 9a58b4d..cf870c7 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -39,7 +39,6 @@
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
-#include "pk11func.h"
 
 static const char *
 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
@@ -318,12 +317,14 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
     return PR_FALSE;
 }
 
-/* Export keying material according to draft-ietf-tls-extractor-06.
+/* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket, out must
 ** be already allocated.
 */
 SECStatus
-SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
+SSL_ExportKeyingMaterial(PRFileDesc *fd,
+			 const char *label,
+			 unsigned int labelLen,
 			 const unsigned char *context,
 			 unsigned int contextLen,
 			 unsigned char *out,
@@ -346,11 +347,6 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
 	return SECFailure;
     }
 
-    if (ss->ssl3.hs.ws != idle_handshake) {
-	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-	return SECFailure;
-    }
-
     valLen = SSL3_RANDOM_LENGTH * 2;
     if (contextLen > 0)
 	valLen += 2 /* uint16 length */ + contextLen;
@@ -371,11 +367,16 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
     PORT_Assert(i == valLen);
 
     ssl_GetSpecReadLock(ss);
-    rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);
+    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
+	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
+	rv = SECFailure;
+    } else {
+	rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
+					 valLen, out, outLen);
+    }
     ssl_ReleaseSpecReadLock(ss);
 
-    if (val != NULL)
-	PORT_ZFree(val, valLen);
+    PORT_ZFree(val, valLen);
     return rv;
 }