net/third_party/nss/patches/cbc.patch - platform/external/chromium_org - Git at Google

 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
 --- a/nss/lib/ssl/ssl3con.c	2013-07-31 14:10:35.113325316 -0700
 +++ b/nss/lib/ssl/ssl3con.c	2013-07-31 14:12:00.254575103 -0700
 @@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
      return rv;
  }

 +/* This is a bodge to allow this code to be compiled against older NSS headers
 + * that don't contain the CBC constant-time changes. */
 +#ifndef CKM_NSS_HMAC_CONSTANT_TIME
 +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
 +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
 +
 +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
 +    CK_MECHANISM_TYPE macAlg;   /* in */
 +    CK_ULONG ulBodyTotalLen;    /* in */
 +    CK_BYTE * pHeader;          /* in */
 +    CK_ULONG ulHeaderLen;       /* in */
 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
 +#endif
 +
  /* Called from: ssl3_HandleRecord()
   * Caller must already hold the SpecReadLock. (wish we could assert that!)
   *
 @@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
  {
      CK_MECHANISM_TYPE            macType;
      CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
 -    SECItem                      param, inputItem, outputItem;
 +    PK11Context *                mac_context;
 +    SECItem                      param;
      SECStatus                    rv;
      unsigned char                header[13];
      PK11SymKey *                 key;
 @@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
      param.len = sizeof(params);
      param.type = 0;

 -    inputItem.data = (unsigned char *) input;
 -    inputItem.len = inputLen;
 -    inputItem.type = 0;
 -
 -    outputItem.data = outbuf;
 -    outputItem.len = *outLen;
 -    outputItem.type = 0;
 -
      key = spec->server.write_mac_key;
      if (!useServerMacKey) {
  	key = spec->client.write_mac_key;
      }
 +    mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
 +    if (mac_context == NULL) {
 +	/* Older versions of NSS may not support constant-time MAC. */
 +	goto fallback;
 +    }

 -    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
 -    if (rv != SECSuccess) {
 -	if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
 -	    goto fallback;
 -	}
 +    rv  = PK11_DigestBegin(mac_context);
 +    rv |= PK11_DigestOp(mac_context, input, inputLen);
 +    rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
 +    PK11_DestroyContext(mac_context, PR_TRUE);

 -	*outLen = 0;
 +    PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
 +
 +    if (rv != SECSuccess) {
  	rv = SECFailure;
  	ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
 -	return rv;
      }
 -
 -    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
 -    *outLen = outputItem.len;
 -
      return rv;

  fallback:
	diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
	--- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:10:35.113325316 -0700
	+++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:12:00.254575103 -0700
	@@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
	return rv;
	}

	+/* This is a bodge to allow this code to be compiled against older NSS headers
	+ * that don't contain the CBC constant-time changes. */
	+#ifndef CKM_NSS_HMAC_CONSTANT_TIME
	+#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
	+#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
	+
	+typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
	+ CK_MECHANISM_TYPE macAlg; /* in */
	+ CK_ULONG ulBodyTotalLen; /* in */
	+ CK_BYTE * pHeader; /* in */
	+ CK_ULONG ulHeaderLen; /* in */
	+} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
	+#endif
	+
	/* Called from: ssl3_HandleRecord()
	* Caller must already hold the SpecReadLock. (wish we could assert that!)
	*
	@@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
	{
	CK_MECHANISM_TYPE macType;
	CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
	- SECItem param, inputItem, outputItem;
	+ PK11Context * mac_context;
	+ SECItem param;
	SECStatus rv;
	unsigned char header[13];
	PK11SymKey * key;
	@@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
	param.len = sizeof(params);
	param.type = 0;

	- inputItem.data = (unsigned char *) input;
	- inputItem.len = inputLen;
	- inputItem.type = 0;
	-
	- outputItem.data = outbuf;
	- outputItem.len = *outLen;
	- outputItem.type = 0;
	-
	key = spec->server.write_mac_key;
	if (!useServerMacKey) {
	key = spec->client.write_mac_key;
	}
	+ mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
	+ if (mac_context == NULL) {
	+ /* Older versions of NSS may not support constant-time MAC. */
	+ goto fallback;
	+ }

	- rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
	- if (rv != SECSuccess) {
	- if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
	- goto fallback;
	- }
	+ rv = PK11_DigestBegin(mac_context);
	+ rv \|= PK11_DigestOp(mac_context, input, inputLen);
	+ rv \|= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
	+ PK11_DestroyContext(mac_context, PR_TRUE);

	- *outLen = 0;
	+ PORT_Assert(rv != SECSuccess \|\| *outLen == (unsigned)spec->mac_size);
	+
	+ if (rv != SECSuccess) {
	rv = SECFailure;
	ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
	- return rv;
	}
	-
	- PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
	- *outLen = outputItem.len;
	-
	return rv;

	fallback: