diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -3673,24 +3673,22 @@ ssl3_ComputeMasterSecretInt(sslSocket *s PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); CK_MECHANISM_TYPE master_derive; CK_MECHANISM_TYPE key_derive; SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; CK_VERSION *pms_version_ptr = NULL; - /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ - CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; - unsigned int master_params_len; + CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; if (isTLS12) { - if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; - else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; - key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; + key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; keyFlags = CKF_SIGN | CKF_VERIFY; } else if (isTLS) { if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; else master_derive = CKM_TLS_MASTER_KEY_DERIVE; key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; } else { if (isDH) master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH; @@ -3703,26 +3701,19 @@ ssl3_ComputeMasterSecretInt(sslSocket *s pms_version_ptr = &pms_version; } master_params.pVersion = pms_version_ptr; master_params.RandomInfo.pClientRandom = cr; master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; master_params.RandomInfo.pServerRandom = sr; master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; - if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; - master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - } else { - /* prfHashMechanism is not relevant with this PRF */ - master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); - } params.data = (unsigned char *) &master_params; - params.len = master_params_len; + params.len = sizeof master_params; return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, pms_version_ptr, ¶ms, keyFlags, pms, msp); } /* Compute the draft-ietf-tls-session-hash master ** secret and return it in |*msp|. @@ -3891,19 +3882,17 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke PRBool isTLS12= (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); /* following variables used in PKCS11 path */ const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def; PK11SlotInfo * slot = NULL; PK11SymKey * symKey = NULL; void * pwArg = ss->pkcs11PinArg; int keySize; - CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a - * CK_SSL3_KEY_MAT_PARAMS */ - unsigned int key_material_params_len; + CK_SSL3_KEY_MAT_PARAMS key_material_params; CK_SSL3_KEY_MAT_OUT returnedKeys; CK_MECHANISM_TYPE key_derive; CK_MECHANISM_TYPE bulk_mechanism; SSLCipherAlgorithm calg; SECItem params; PRBool skipKeysAndIVs = (PRBool)(cipher_def->calg == calg_null); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); @@ -3947,30 +3936,26 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocke returnedKeys.pIVClient = NULL; returnedKeys.pIVServer = NULL; } calg = cipher_def->calg; PORT_Assert( alg2Mech[calg].calg == calg); bulk_mechanism = alg2Mech[calg].cmech; + params.data = (unsigned char *)&key_material_params; + params.len = sizeof(key_material_params); + if (isTLS12) { - key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - key_material_params.prfHashMechanism = CKM_SHA256; - key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); + key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; - key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } else { key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; - key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); - } - - params.data = (unsigned char *)&key_material_params; - params.len = key_material_params_len; + } /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and * DERIVE by DEFAULT */ symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms, bulk_mechanism, CKA_ENCRYPT, keySize); if (!symKey) { ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); return SECFailure; @@ -10841,52 +10826,26 @@ done: } static SECStatus ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, PRBool isServer, const SSL3Hashes * hashes, TLSFinished * tlsFinished) { - SECStatus rv; - CK_TLS_MAC_PARAMS tls_mac_params; - SECItem param = {siBuffer, NULL, 0}; - PK11Context *prf_context; - unsigned int retLen; - - if (!spec->master_secret || spec->bypassCiphers) { - const char *label = isServer ? "server finished" : "client finished"; - unsigned int len = 15; - - return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, - hashes->len, tlsFinished->verify_data, - sizeof tlsFinished->verify_data); - } - - if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { - tls_mac_params.prfMechanism = CKM_TLS_PRF; - } else { - tls_mac_params.prfMechanism = CKM_SHA256; - } - tls_mac_params.ulMacLength = 12; - tls_mac_params.ulServerOrClient = isServer ? 1 : 2; - param.data = (unsigned char *)&tls_mac_params; - param.len = sizeof(tls_mac_params); - prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN, - spec->master_secret, ¶m); - if (!prf_context) - return SECFailure; - - rv = PK11_DigestBegin(prf_context); - rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len); - rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen, - sizeof tlsFinished->verify_data); - PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data); - - PK11_DestroyContext(prf_context, PR_TRUE); + const char * label; + unsigned int len; + SECStatus rv; + + label = isServer ? "server finished" : "client finished"; + len = 15; + + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, + hashes->len, tlsFinished->verify_data, + sizeof tlsFinished->verify_data); return rv; } /* The calling function must acquire and release the appropriate * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for * ss->ssl3.crSpec). */ diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c --- a/lib/ssl/ssl3ecc.c +++ b/lib/ssl/ssl3ecc.c @@ -292,17 +292,17 @@ ssl3_SendECDHClientKeyExchange(sslSocket rv = SECFailure; goto loser; } PRINT_BUF(50, (ss, "ECDH public value:", pubKey->u.ec.publicValue.data, pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_TLS12_MASTER_KEY_DERIVE_DH; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(privKey, svrPubKey, PR_FALSE, NULL, NULL, @@ -383,17 +383,17 @@ ssl3_HandleECDHClientKeyExchange(sslSock SEND_ALERT return SECFailure; /* XXX Who sets the error code?? */ } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_TLS12_MASTER_KEY_DERIVE_DH; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { target = CKM_SSL3_MASTER_KEY_DERIVE_DH; } /* Determine the PMS */ pms = PK11_PubDeriveWithKDF(srvrPrivKey, &clntPubKey, PR_FALSE, NULL, NULL,