Update NSS to NSS_3_15_BETA2.

nss/lib/softoken/pkcs11c.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements PKCS 11 on top of our existing security modules
  *
  * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
  *   This implementation has two slots:
  *      slot 1 is our generic crypto support. It does not require login.
  *   It supports Public Key ops, and all they bulk ciphers and hashes. 
@@ skipping 2229 matching lines @@
 
     case CKM_SSL3_MD5_MAC:
         crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key,
                                         *(CK_ULONG *)pMechanism->pParameter);
         break;
     case CKM_SSL3_SHA1_MAC:
         crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key,
                                         *(CK_ULONG *)pMechanism->pParameter);
         break;
     case CKM_TLS_PRF_GENERAL:
-        crv = sftk_TLSPRFInit(context, key, key_type);
+        crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL);
+        break;
+    case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+        crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256);
         break;
 
     case CKM_NSS_HMAC_CONSTANT_TIME: {
         sftk_MACConstantTimeCtx *ctx =
             sftk_HMACConstantTime_New(pMechanism,key);
         CK_ULONG *intpointer;
 
         if (ctx == NULL) {
             crv = CKR_ARGUMENTS_BAD;
             break;
@@ skipping 535 matching lines @@
 
     case CKM_SSL3_MD5_MAC:
         crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key,
                                         *(CK_ULONG *)pMechanism->pParameter);
         break;
     case CKM_SSL3_SHA1_MAC:
         crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key,
                                         *(CK_ULONG *)pMechanism->pParameter);
         break;
     case CKM_TLS_PRF_GENERAL:
-        crv = sftk_TLSPRFInit(context, key, key_type);
+        crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL);
+        break;
+    case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+        crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256);
         break;
 
     default:
         crv = CKR_MECHANISM_INVALID;
         break;
     }
 
     if (crv != CKR_OK) {
         if (info) PORT_Free(info);
         sftk_FreeContext(context);
@@ skipping 2647 matching lines @@
     CK_ULONG        macSize;
     CK_ULONG        tmpKeySize;
     CK_ULONG        IVSize;
     CK_ULONG        keySize     = 0;
     CK_RV           crv         = CKR_OK;
     CK_BBOOL        cktrue      = CK_TRUE;
     CK_KEY_TYPE     keyType     = CKK_GENERIC_SECRET;
     CK_OBJECT_CLASS classType   = CKO_SECRET_KEY;
     CK_KEY_DERIVATION_STRING_DATA *stringPtr;
     PRBool          isTLS = PR_FALSE;
+    PRBool          isSHA256 = PR_FALSE;
     PRBool          isDH = PR_FALSE;
     SECStatus       rv;
     int             i;
     unsigned int    outLen;
     unsigned char   sha_out[SHA1_LENGTH];
     unsigned char   key_block[NUM_MIXERS * MD5_LENGTH];
     unsigned char   key_block2[MD5_LENGTH];
     PRBool          isFIPS;             
     HASH_HashType   hashType;
     PRBool          extractValue = PR_TRUE;
@@ skipping 79 matching lines @@
             sftk_FreeObject(key);
             sftk_FreeObject(sourceKey);
             return CKR_KEY_HANDLE_INVALID;
         }
     }
 
     switch (pMechanism->mechanism) {
     /*
      * generate the master secret 
      */
+    case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
+    case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
+        isSHA256 = PR_TRUE;
+        /* fall thru */
     case CKM_TLS_MASTER_KEY_DERIVE:
     case CKM_TLS_MASTER_KEY_DERIVE_DH:
         isTLS = PR_TRUE;
         /* fall thru */
     case CKM_SSL3_MASTER_KEY_DERIVE:
     case CKM_SSL3_MASTER_KEY_DERIVE_DH:
       {
         CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master;
         SSL3RSAPreMasterSecret *          rsa_pms;
         unsigned char                     crsrdata[SSL3_RANDOM_LENGTH * 2];
 
         if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) ||
-            (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH))
+            (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) ||
+            (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256))
                 isDH = PR_TRUE;
 
         /* first do the consistancy checks */
         if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) {
             crv = CKR_KEY_TYPE_INCONSISTENT;
             break;
         }
         att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE);
         if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue !=
                                         CKK_GENERIC_SECRET)) {
@@ skipping 47 matching lines @@
             SECItem master = { siBuffer, NULL, 0 };
             SECItem pms    = { siBuffer, NULL, 0 };
 
             crsr.data   = crsrdata;
             crsr.len    = sizeof crsrdata;
             master.data = key_block;
             master.len  = SSL3_MASTER_SECRET_LENGTH;
             pms.data    = (unsigned char*)att->attrib.pValue;
             pms.len     =                 att->attrib.ulValueLen;
 
-            status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS);
+            if (isSHA256) {
+                status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret",
+                                    &crsr, &master, isFIPS);
+            } else {
+                status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS);
+            }
             if (status != SECSuccess) {
                 crv = CKR_FUNCTION_FAILED;
                 break;
             }
         } else {
             /* now allocate the hash contexts */
             md5 = MD5_NewContext();
             if (md5 == NULL) { 
                 crv = CKR_HOST_MEMORY;
                 break;
@@ skipping 38 matching lines @@
             if (crv != CKR_OK) break;
             crv = sftk_forceAttribute(key,CKA_VERIFY,&cktrue,sizeof(CK_BBOOL));
             if (crv != CKR_OK) break;
             /* While we're here, we might as well force this, too. */
             crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL));
             if (crv != CKR_OK) break;
         }
         break;
       }
 
+    case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
+        isSHA256 = PR_TRUE;
+        /* fall thru */
     case CKM_TLS_KEY_AND_MAC_DERIVE:
         isTLS = PR_TRUE;
         /* fall thru */
     case CKM_SSL3_KEY_AND_MAC_DERIVE:
       {
         CK_SSL3_KEY_MAT_PARAMS *ssl3_keys;
         CK_SSL3_KEY_MAT_OUT *   ssl3_keys_out;
         CK_ULONG                effKeySize;
         unsigned int            block_needed;
         unsigned char           srcrdata[SSL3_RANDOM_LENGTH * 2];
@@ skipping 71 matching lines @@
             SECItem       keyblk = { siBuffer, NULL, 0 };
             SECItem       master = { siBuffer, NULL, 0 }; 
 
             srcr.data   = srcrdata;
             srcr.len    = sizeof srcrdata;
             keyblk.data = key_block;
             keyblk.len  = block_needed;
             master.data = (unsigned char*)att->attrib.pValue;
             master.len  =                 att->attrib.ulValueLen;
 
-            status = TLS_PRF(&master, "key expansion", &srcr, &keyblk,
-                              isFIPS);
+            if (isSHA256) {
+                status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion",
+                                    &srcr, &keyblk, isFIPS);
+            } else {
+                status = TLS_PRF(&master, "key expansion", &srcr, &keyblk,
+                                 isFIPS);
+            }
             if (status != SECSuccess) {
                 goto key_and_mac_derive_fail;
             }
         } else {
             unsigned int block_bytes = 0;
             /* key_block = 
              *     MD5(master_secret + SHA('A' + master_secret + 
              *                      ServerHello.random + ClientHello.random)) +
              *     MD5(master_secret + SHA('BB' + master_secret + 
              *                      ServerHello.random + ClientHello.random)) +
@@ skipping 136 matching lines @@
                 **      MD5(ServerHello.random + ClientHello.random);
                 */
                 MD5_Begin(md5);
                 MD5_Update(md5, srcrdata, sizeof srcrdata);
                 MD5_End(md5, key_block2, &outLen, MD5_LENGTH);
                 PORT_Memcpy(ssl3_keys_out->pIVServer, key_block2, IVSize);
 
             } else {
 
                 /*
-                ** Generate TLS Export write keys and IVs.
+                ** Generate TLS 1.0 Export write keys and IVs.
                 */
                 SECStatus     status;
                 SECItem       secret = { siBuffer, NULL, 0 };
                 SECItem       crsr   = { siBuffer, NULL, 0 };
                 SECItem       keyblk = { siBuffer, NULL, 0 };
 
                 /*
                 ** client_write_key[CipherSpec.key_material]
                 ** final_client_write_key = PRF(client_write_key, 
                 **                              "client write key",
@@ skipping 950 matching lines @@
     att = sftk_FindAttribute(key,CKA_VALUE);
     sftk_FreeObject(key);
     if (!att) {
         return CKR_KEY_HANDLE_INVALID;        
     }
     crv = NSC_DigestUpdate(hSession,(CK_BYTE_PTR)att->attrib.pValue,
                            att->attrib.ulValueLen);
     sftk_FreeAttribute(att);
     return crv;
 }