| Index: nss/lib/softoken/pkcs11c.c
|
| ===================================================================
|
| --- nss/lib/softoken/pkcs11c.c (revision 195639)
|
| +++ nss/lib/softoken/pkcs11c.c (working copy)
|
| @@ -2247,8 +2247,11 @@
|
| *(CK_ULONG *)pMechanism->pParameter);
|
| break;
|
| case CKM_TLS_PRF_GENERAL:
|
| - crv = sftk_TLSPRFInit(context, key, key_type);
|
| + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL);
|
| break;
|
| + case CKM_NSS_TLS_PRF_GENERAL_SHA256:
|
| + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256);
|
| + break;
|
|
|
| case CKM_NSS_HMAC_CONSTANT_TIME: {
|
| sftk_MACConstantTimeCtx *ctx =
|
| @@ -2803,8 +2806,11 @@
|
| *(CK_ULONG *)pMechanism->pParameter);
|
| break;
|
| case CKM_TLS_PRF_GENERAL:
|
| - crv = sftk_TLSPRFInit(context, key, key_type);
|
| + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL);
|
| break;
|
| + case CKM_NSS_TLS_PRF_GENERAL_SHA256:
|
| + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256);
|
| + break;
|
|
|
| default:
|
| crv = CKR_MECHANISM_INVALID;
|
| @@ -5471,6 +5477,7 @@
|
| CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
|
| CK_KEY_DERIVATION_STRING_DATA *stringPtr;
|
| PRBool isTLS = PR_FALSE;
|
| + PRBool isSHA256 = PR_FALSE;
|
| PRBool isDH = PR_FALSE;
|
| SECStatus rv;
|
| int i;
|
| @@ -5570,6 +5577,10 @@
|
| /*
|
| * generate the master secret
|
| */
|
| + case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
|
| + case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
|
| + isSHA256 = PR_TRUE;
|
| + /* fall thru */
|
| case CKM_TLS_MASTER_KEY_DERIVE:
|
| case CKM_TLS_MASTER_KEY_DERIVE_DH:
|
| isTLS = PR_TRUE;
|
| @@ -5582,7 +5593,8 @@
|
| unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
|
|
|
| if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) ||
|
| - (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH))
|
| + (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) ||
|
| + (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256))
|
| isDH = PR_TRUE;
|
|
|
| /* first do the consistancy checks */
|
| @@ -5650,7 +5662,12 @@
|
| pms.data = (unsigned char*)att->attrib.pValue;
|
| pms.len = att->attrib.ulValueLen;
|
|
|
| - status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS);
|
| + if (isSHA256) {
|
| + status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret",
|
| + &crsr, &master, isFIPS);
|
| + } else {
|
| + status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS);
|
| + }
|
| if (status != SECSuccess) {
|
| crv = CKR_FUNCTION_FAILED;
|
| break;
|
| @@ -5709,6 +5726,9 @@
|
| break;
|
| }
|
|
|
| + case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
|
| + isSHA256 = PR_TRUE;
|
| + /* fall thru */
|
| case CKM_TLS_KEY_AND_MAC_DERIVE:
|
| isTLS = PR_TRUE;
|
| /* fall thru */
|
| @@ -5800,8 +5820,13 @@
|
| master.data = (unsigned char*)att->attrib.pValue;
|
| master.len = att->attrib.ulValueLen;
|
|
|
| - status = TLS_PRF(&master, "key expansion", &srcr, &keyblk,
|
| - isFIPS);
|
| + if (isSHA256) {
|
| + status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion",
|
| + &srcr, &keyblk, isFIPS);
|
| + } else {
|
| + status = TLS_PRF(&master, "key expansion", &srcr, &keyblk,
|
| + isFIPS);
|
| + }
|
| if (status != SECSuccess) {
|
| goto key_and_mac_derive_fail;
|
| }
|
| @@ -5958,7 +5983,7 @@
|
| } else {
|
|
|
| /*
|
| - ** Generate TLS Export write keys and IVs.
|
| + ** Generate TLS 1.0 Export write keys and IVs.
|
| */
|
| SECStatus status;
|
| SECItem secret = { siBuffer, NULL, 0 };
|
|
|
Chromium Code Reviews
Issue 13898013:
Update NSS to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/