Miscellaneous cleanup of TLS 1.2 code.

net/third_party/nss/ssl/sslimpl.h

Index: net/third_party/nss/ssl/sslimpl.h
===================================================================
--- net/third_party/nss/ssl/sslimpl.h	(revision 206496)
+++ net/third_party/nss/ssl/sslimpl.h	(working copy)
@@ -506,7 +506,9 @@
 
 typedef void (*DTLSTimerCb)(sslSocket *);
 
-#define MAX_MAC_CONTEXT_BYTES 400
+#define MAX_MAC_CONTEXT_BYTES 400  /* 400 is large enough for MD5, SHA-1, and
+                                    * SHA-256. For SHA-384 support, increase
+                                    * it to 712. */
 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8)
 
 #define MAX_CIPHER_CONTEXT_BYTES 2080
@@ -788,6 +790,12 @@
     PRUint16 len;         /* The data length */
 } DTLSQueuedMessage;
 
+typedef enum {
+    HANDSHAKE_HASH_UNKNOWN = 0,
+    HANDSHAKE_HASH_COMBO = 1,  /* The MD5/SHA-1 combination */

[wtc, 2013/06/15 19:40:55]

Do you think this should be named HANDSHAKE_HASH_MD5SHA instead?

[agl, 2013/06/17 14:01:14]

I think this name is fine if you like it.

+    HANDSHAKE_HASH_SINGLE = 2  /* A single hash */
+} SSL3HandshakeHashType;
+
 /*
 ** This is the "hs" member of the "ssl3" struct.
 ** This entire struct is protected by ssl3HandshakeLock
@@ -796,11 +804,31 @@
     SSL3Random            server_random;
     SSL3Random            client_random;
     SSL3WaitState         ws;
+
+    /* This group of members is used for handshake running hashes. */
+    SSL3HandshakeHashType hashType;
+    sslBuffer             messages;    /* Accumulated handshake messages */
+#ifndef NO_PKCS11_BYPASS
+    /* Bypass mode:
+     * SSL 3.0 - TLS 1.1 use both |md5_cx| and |sha_cx|. |md5_cx| is used for
+     * MD5 and |sha_cx| for SHA-1.
+     * TLS 1.2 and later use only |sha_cx|, for SHA-256. NOTE: When we support
+     * SHA-384, increase MAX_MAC_CONTEXT_BYTES to 712. */
     PRUint64              md5_cx[MAX_MAC_CONTEXT_LLONGS];
     PRUint64              sha_cx[MAX_MAC_CONTEXT_LLONGS];
-    PK11Context *         md5;            /* handshake running hashes */
+    const SECHashObject * sha_obj;
+    /* The function prototype of sha_obj->clone() does not match the prototype
+     * of the freebl <HASH>_Clone functions, so we need a dedicated function
+     * pointer for the <HASH>_Clone function. */
+    void (*sha_clone)(void *dest, void *src);

[wtc, 2013/06/15 19:40:55]

The sha_obj and sha_clone members are not necessary now, but they will be
necessary when we support using SHA-384 in the TLS 1.2 PRF.

The function prototype of sha_obj->clone() matches the prototype of
PK11_CloneContext, but not those of freebl's SHA256_Clone, SHA384_Clone, etc.
So we need a dedicated function pointer for cloning freebl hash contexts.

+#endif
+    /* PKCS #11 mode:
+     * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
+     * |sha| for SHA-1.
+     * TLS 1.2 and later use only |sha|, for SHA-256. */
+    PK11Context *         md5;
     PK11Context *         sha;
-    PK11Context *         tls12_handshake_hash;
+
 const ssl3KEADef *        kea_def;
     ssl3CipherSuite       cipher_suite;
 const ssl3CipherSuiteDef *suite_def;
@@ -818,7 +846,6 @@
     PRBool                sendingSCSV; /* instead of empty RI */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
-    sslBuffer             messages;    /* Accumulated handshake messages */
     PRUint16              finishedBytes; /* size of single finished below */
     union {
 	TLSFinished       tFinished[2]; /* client, then server */