← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/nss/jaunty-proposed

« back to all changes in this revision

Viewing changes to mozilla/security/nss/lib/ssl/derive.c

  • Committer: Bazaar Package Importer
  • Author(s): Alexander Sack, Fabien Tassin, Alexander Sack
  • Date: 2009-01-11 15:06:17 UTC
  • mfrom: (1.1.8 upstream)
  • Revision ID: james.westby@ubuntu.com-20090111150617-iz4lw05qgy2odorl
Tags: 3.12.2~rc1-0ubuntu1
* New upstream snapshot: 3.12.2 RC1

[ Fabien Tassin <fta@ubuntu.com> ]
* Remove patch applied upstream:
  - drop debian/patches/80_security_tools.patch
  - update debian/patches/series
* Update diverged patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/38_mips64_build.patch
* Add new symbols to symbols file
  - update debian/libnss3-1d.symbols

[ Alexander Sack <asac@ubuntu.com> ]
* disable soname patch to become binary compatible with upstream
  - update debian/patches/series
* flip links: libnss3.so <- libnss3.so.1d (before: libnss3.so ->
  libnss3.so.1d); same link flipping was done for all other previously
  soname patched libs: libnssutil3.so, libsmime3.so.1d, libssl3.so.1d
  - update debian/libnss3-1d.links
  - update debian/libnss3-1d.symbols
* properly transition links in preinst and postrm; also cover abort-
  cases in the other maintainer scripts
  - add debian/libnss3-1d.postinst
  - add debian/libnss3-1d.postrm
  - add debian/libnss3-1d.preinst
  - add debian/libnss3-1d.prerm
* remove hack from debian/rules that debian uses to recreate
  libsoftokn3.so with a versioned SONAME
  - update debian/rules
* install the unversioned .so binaries
  - update debian/rules
* only install the 4 main libraries into /usr/lib; all the others
  go to pkglibdir
  - update debian/rules
* higher bar for libnspr4 Build-Depend to >= 4.7.3~, which is
  the version where the soname droppage is going to happen
  - update debian/control
* explitily pass libraries to be used for dpkg-gensymbols run of
  dh_makeshlibs
  - update debian/rules
* fix lintian complain about no-shlibs-control-file
  - update debian/rules

Show diffs side-by-side

added added

removed removed

Lines of Context:
mozilla/security/nss/lib/ssl/derive.c
36
36
 * the terms of any one of the MPL, the GPL or the LGPL.
37
37
 *
38
38
 * ***** END LICENSE BLOCK ***** */
39
 
/* $Id: derive.c,v 1.9 2008/03/09 23:43:26 wtc%google.com Exp $ */
 
39
/* $Id: derive.c,v 1.12 2008/06/06 01:16:31 wtc%google.com Exp $ */
40
40
 
41
41
#include "ssl.h"        /* prereq to sslimpl.h */
42
42
#include "certt.h"      /* prereq to sslimpl.h */
56
56
/* make this a macro! */
57
57
#ifdef NOT_A_MACRO
58
58
static void
59
 
buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result)
 
59
buildSSLKey(unsigned char * keyBlock, unsigned int keyLen, SECItem * result,
 
60
            const char * label)
60
61
{
61
62
    result->type = siBuffer;
62
63
    result->data = keyBlock;
63
64
    result->len  = keyLen;
64
 
    PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen));
 
65
    PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
65
66
}
66
67
#else
67
 
#define buildSSLKey(keyBlock, keyLen, result) \
 
68
#define buildSSLKey(keyBlock, keyLen, result, label) \
68
69
{ \
69
70
    (result)->type = siBuffer; \
70
71
    (result)->data = keyBlock; \
71
72
    (result)->len  = keyLen; \
72
 
    PRINT_BUF(100, (NULL, "key value", keyBlock, keyLen)); \
 
73
    PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
73
74
}
74
75
#endif
75
76
 
195
196
         *                      ServerHello.random + ClientHello.random)) +
196
197
         *     [...];
197
198
         */
198
 
        int made = 0;
 
199
        unsigned int made = 0;
199
200
        for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
200
201
            unsigned int    outLen;
201
202
            unsigned char   sha_out[SHA1_LENGTH];
230
231
     * The key_block is partitioned as follows:
231
232
     * client_write_MAC_secret[CipherSpec.hash_size]
232
233
     */
233
 
    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item);
 
234
    buildSSLKey(&key_block[i],macSize, &pwSpec->client.write_mac_key_item, \
 
235
                "Client Write MAC Secret");
234
236
    i += macSize;
235
237
 
236
238
    /* 
237
239
     * server_write_MAC_secret[CipherSpec.hash_size]
238
240
     */
239
 
    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item);
 
241
    buildSSLKey(&key_block[i],macSize, &pwSpec->server.write_mac_key_item, \
 
242
                "Server Write MAC Secret");
240
243
    i += macSize;
241
244
 
242
245
    if (!keySize) {
243
246
        /* only MACing */
244
 
        buildSSLKey(NULL, 0, &pwSpec->client.write_key_item);
245
 
        buildSSLKey(NULL, 0, &pwSpec->server.write_key_item);
246
 
        buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item);
247
 
        buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item);
 
247
        buildSSLKey(NULL, 0, &pwSpec->client.write_key_item, \
 
248
                    "Client Write Key (MAC only)");
 
249
        buildSSLKey(NULL, 0, &pwSpec->server.write_key_item, \
 
250
                    "Server Write Key (MAC only)");
 
251
        buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item, \
 
252
                    "Client Write IV (MAC only)");
 
253
        buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item, \
 
254
                    "Server Write IV (MAC only)");
248
255
    } else if (!isExport) {
249
256
        /* 
250
257
        ** Generate Domestic write keys and IVs.
251
258
        ** client_write_key[CipherSpec.key_material]
252
259
        */
253
 
        buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item);
 
260
        buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item, \
 
261
                    "Domestic Client Write Key");
254
262
        i += keySize;
255
263
 
256
264
        /* 
257
265
        ** server_write_key[CipherSpec.key_material]
258
266
        */
259
 
        buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item);
 
267
        buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item, \
 
268
                    "Domestic Server Write Key");
260
269
        i += keySize;
261
270
 
262
271
        if (IVSize > 0) {
263
272
            /* 
264
273
            ** client_write_IV[CipherSpec.IV_size]
265
274
            */
266
 
            buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item);
 
275
            buildSSLKey(&key_block[i], IVSize, &pwSpec->client.write_iv_item, \
 
276
                        "Domestic Client Write IV");
267
277
            i += IVSize;
268
278
 
269
279
            /* 
270
280
            ** server_write_IV[CipherSpec.IV_size]
271
281
            */
272
 
            buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item);
 
282
            buildSSLKey(&key_block[i], IVSize, &pwSpec->server.write_iv_item, \
 
283
                        "Domestic Server Write IV");
273
284
            i += IVSize;
274
285
        }
275
286
        PORT_Assert(i <= block_bytes);
290
301
        MD5_Update(md5Ctx, crsr.data, crsr.len);
291
302
        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
292
303
        i += effKeySize;
293
 
        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
 
304
        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
 
305
                    "SSL3 Export Client Write Key");
294
306
        key_block2 += keySize;
295
307
 
296
308
        /*
303
315
        MD5_Update(md5Ctx, srcr.data, srcr.len);
304
316
        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
305
317
        i += effKeySize;
306
 
        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
 
318
        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
 
319
                    "SSL3 Export Server Write Key");
307
320
        key_block2 += keySize;
308
321
        PORT_Assert(i <= block_bytes);
309
322
 
315
328
            MD5_Begin(md5Ctx);
316
329
            MD5_Update(md5Ctx, crsr.data, crsr.len);
317
330
            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
318
 
            buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item);
 
331
            buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item, \
 
332
                        "SSL3 Export Client Write IV");
319
333
            key_block2 += IVSize;
320
334
 
321
335
            /*
325
339
            MD5_Begin(md5Ctx);
326
340
            MD5_Update(md5Ctx, srcr.data, srcr.len);
327
341
            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
328
 
            buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item);
 
342
            buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item, \
 
343
                        "SSL3 Export Server Write IV");
329
344
            key_block2 += IVSize;
330
345
        }
331
346
 
354
369
        if (status != SECSuccess) {
355
370
            goto key_and_mac_derive_fail;
356
371
        }
357
 
        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item);
 
372
        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item, \
 
373
                    "TLS Export Client Write Key");
358
374
        key_block2 += keySize;
359
375
 
360
376
        /*
372
388
        if (status != SECSuccess) {
373
389
            goto key_and_mac_derive_fail;
374
390
        }
375
 
        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item);
 
391
        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item, \
 
392
                    "TLS Export Server Write Key");
376
393
        key_block2 += keySize;
377
394
 
378
395
        /*
389
406
            if (status != SECSuccess) {
390
407
                goto key_and_mac_derive_fail;
391
408
            }
392
 
            buildSSLKey(key_block2,          IVSize, &pwSpec->client.write_iv_item);
393
 
            buildSSLKey(key_block2 + IVSize, IVSize, &pwSpec->server.write_iv_item);
 
409
            buildSSLKey(key_block2,          IVSize, \
 
410
                        &pwSpec->client.write_iv_item, \
 
411
                        "TLS Export Client Write IV");
 
412
            buildSSLKey(key_block2 + IVSize, IVSize, \
 
413
                        &pwSpec->server.write_iv_item, \
 
414
                        "TLS Export Server Write IV");
394
415
            key_block2 += 2 * IVSize;
395
416
        }
396
417
        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
467
488
        }
468
489
    } else {
469
490
        int i;
470
 
        int made = 0;
 
491
        unsigned int made = 0;
471
492
        for (i = 0; i < 3; i++) {
472
493
            unsigned int    outLen;
473
494
            unsigned char   sha_out[SHA1_LENGTH];
578
599
    CK_MECHANISM_TYPE mechanism_array[2];
579
600
    SECItem           enc_pms = {siBuffer, NULL, 0};
580
601
    PRBool            isTLS = PR_FALSE;
581
 
    PRBool            isDH = PR_FALSE;
582
602
    SSLCipherSuiteInfo csdef;
583
603
    PRBool            testrsa = PR_FALSE;
584
604
    PRBool            testrsa_export = PR_FALSE;