net/third_party/nss/patches/cbc.patch

   1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
   2 --- a/nss/lib/ssl/ssl3con.c     2013-07-31 14:10:35.113325316 -0700
   3 +++ b/nss/lib/ssl/ssl3con.c     2013-07-31 14:12:00.254575103 -0700
   4 @@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
   5      return rv;
   6  }
   7
   8 +/* This is a bodge to allow this code to be compiled against older NSS headers
   9 + * that don't contain the CBC constant-time changes. */
  10 +#ifndef CKM_NSS_HMAC_CONSTANT_TIME
  11 +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
  12 +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
  13 +
  14 +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
  15 +    CK_MECHANISM_TYPE macAlg;   /* in */
  16 +    CK_ULONG ulBodyTotalLen;    /* in */
  17 +    CK_BYTE * pHeader;          /* in */
  18 +    CK_ULONG ulHeaderLen;       /* in */
  19 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
  20 +#endif
  21 +
  22  /* Called from: ssl3_HandleRecord()
  23   * Caller must already hold the SpecReadLock. (wish we could assert that!)
  24   *
  25 @@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
  26  {
  27      CK_MECHANISM_TYPE            macType;
  28      CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
  29 -    SECItem                      param, inputItem, outputItem;
  30 +    PK11Context *                mac_context;
  31 +    SECItem                      param;
  32      SECStatus                    rv;
  33      unsigned char                header[13];
  34      PK11SymKey *                 key;
  35 @@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
  36      param.len = sizeof(params);
  37      param.type = 0;
  38
  39 -    inputItem.data = (unsigned char *) input;
  40 -    inputItem.len = inputLen;
  41 -    inputItem.type = 0;
  42 -
  43 -    outputItem.data = outbuf;
  44 -    outputItem.len = *outLen;
  45 -    outputItem.type = 0;
  46 -
  47      key = spec->server.write_mac_key;
  48      if (!useServerMacKey) {
  49         key = spec->client.write_mac_key;
  50      }
  51 +    mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
  52 +    if (mac_context == NULL) {
  53 +       /* Older versions of NSS may not support constant-time MAC. */
  54 +       goto fallback;
  55 +    }
  56
  57 -    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
  58 -    if (rv != SECSuccess) {
  59 -       if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
  60 -           goto fallback;
  61 -       }
  62 +    rv  = PK11_DigestBegin(mac_context);
  63 +    rv |= PK11_DigestOp(mac_context, input, inputLen);
  64 +    rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
  65 +    PK11_DestroyContext(mac_context, PR_TRUE);
  66
  67 -       *outLen = 0;
  68 +    PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
  69 +
  70 +    if (rv != SECSuccess) {
  71         rv = SECFailure;
  72         ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
  73 -       return rv;
  74      }
  75 -
  76 -    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
  77 -    *outLen = outputItem.len;
  78 -
  79      return rv;
  80
  81  fallback: