1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 2 --- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:10:35.113325316 -0700 3 +++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:12:00.254575103 -0700 4 @@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC( 5 return rv; 6 } 7 8 +/* This is a bodge to allow this code to be compiled against older NSS headers 9 + * that don't contain the CBC constant-time changes. */ 10 +#ifndef CKM_NSS_HMAC_CONSTANT_TIME 11 +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) 12 +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) 13 + 14 +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { 15 + CK_MECHANISM_TYPE macAlg; /* in */ 16 + CK_ULONG ulBodyTotalLen; /* in */ 17 + CK_BYTE * pHeader; /* in */ 18 + CK_ULONG ulHeaderLen; /* in */ 19 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS; 20 +#endif 21 + 22 /* Called from: ssl3_HandleRecord() 23 * Caller must already hold the SpecReadLock. (wish we could assert that!) 24 * 25 @@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime( 26 { 27 CK_MECHANISM_TYPE macType; 28 CK_NSS_MAC_CONSTANT_TIME_PARAMS params; 29 - SECItem param, inputItem, outputItem; 30 + PK11Context * mac_context; 31 + SECItem param; 32 SECStatus rv; 33 unsigned char header[13]; 34 PK11SymKey * key; 35 @@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime( 36 param.len = sizeof(params); 37 param.type = 0; 38 39 - inputItem.data = (unsigned char *) input; 40 - inputItem.len = inputLen; 41 - inputItem.type = 0; 42 - 43 - outputItem.data = outbuf; 44 - outputItem.len = *outLen; 45 - outputItem.type = 0; 46 - 47 key = spec->server.write_mac_key; 48 if (!useServerMacKey) { 49 key = spec->client.write_mac_key; 50 } 51 + mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, ¶m); 52 + if (mac_context == NULL) { 53 + /* Older versions of NSS may not support constant-time MAC. */ 54 + goto fallback; 55 + } 56 57 - rv = PK11_SignWithSymKey(key, macType, ¶m, &outputItem, &inputItem); 58 - if (rv != SECSuccess) { 59 - if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) { 60 - goto fallback; 61 - } 62 + rv = PK11_DigestBegin(mac_context); 63 + rv |= PK11_DigestOp(mac_context, input, inputLen); 64 + rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size); 65 + PK11_DestroyContext(mac_context, PR_TRUE); 66 67 - *outLen = 0; 68 + PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size); 69 + 70 + if (rv != SECSuccess) { 71 rv = SECFailure; 72 ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE); 73 - return rv; 74 } 75 - 76 - PORT_Assert(outputItem.len == (unsigned)spec->mac_size); 77 - *outLen = outputItem.len; 78 - 79 return rv; 80 81 fallback: 82