Home | History | Annotate | Download | only in patches 
      1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
      2 --- a/nss/lib/ssl/ssl3con.c	2013-07-31 14:10:35.113325316 -0700
      3 +++ b/nss/lib/ssl/ssl3con.c	2013-07-31 14:12:00.254575103 -0700
      4 @@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
      5      return rv;
      6  }
      7  
      8 +/* This is a bodge to allow this code to be compiled against older NSS headers
      9 + * that don't contain the CBC constant-time changes. */
     10 +#ifndef CKM_NSS_HMAC_CONSTANT_TIME
     11 +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
     12 +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
     13 +
     14 +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
     15 +    CK_MECHANISM_TYPE macAlg;   /* in */
     16 +    CK_ULONG ulBodyTotalLen;    /* in */
     17 +    CK_BYTE * pHeader;          /* in */
     18 +    CK_ULONG ulHeaderLen;       /* in */
     19 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
     20 +#endif
     21 +
     22  /* Called from: ssl3_HandleRecord()
     23   * Caller must already hold the SpecReadLock. (wish we could assert that!)
     24   *
     25 @@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
     26  {
     27      CK_MECHANISM_TYPE            macType;
     28      CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
     29 -    SECItem                      param, inputItem, outputItem;
     30 +    PK11Context *                mac_context;
     31 +    SECItem                      param;
     32      SECStatus                    rv;
     33      unsigned char                header[13];
     34      PK11SymKey *                 key;
     35 @@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
     36      param.len = sizeof(params);
     37      param.type = 0;
     38  
     39 -    inputItem.data = (unsigned char *) input;
     40 -    inputItem.len = inputLen;
     41 -    inputItem.type = 0;
     42 -
     43 -    outputItem.data = outbuf;
     44 -    outputItem.len = *outLen;
     45 -    outputItem.type = 0;
     46 -
     47      key = spec->server.write_mac_key;
     48      if (!useServerMacKey) {
     49  	key = spec->client.write_mac_key;
     50      }
     51 +    mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
     52 +    if (mac_context == NULL) {
     53 +	/* Older versions of NSS may not support constant-time MAC. */
     54 +	goto fallback;
     55 +    }
     56  
     57 -    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
     58 -    if (rv != SECSuccess) {
     59 -	if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
     60 -	    goto fallback;
     61 -	}
     62 +    rv  = PK11_DigestBegin(mac_context);
     63 +    rv |= PK11_DigestOp(mac_context, input, inputLen);
     64 +    rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
     65 +    PK11_DestroyContext(mac_context, PR_TRUE);
     66  
     67 -	*outLen = 0;
     68 +    PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
     69 +
     70 +    if (rv != SECSuccess) {
     71  	rv = SECFailure;
     72  	ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
     73 -	return rv;
     74      }
     75 -
     76 -    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
     77 -    *outLen = outputItem.len;
     78 -
     79      return rv;
     80  
     81  fallback:
     82