diff options
| author | wtchang%redhat.com <devnull@localhost> | 2006-09-23 19:34:07 +0000 |
|---|---|---|
| committer | wtchang%redhat.com <devnull@localhost> | 2006-09-23 19:34:07 +0000 |
| commit | 83e71942a779c69718efe25da88f99bc1e7146f8 (patch) | |
| tree | 3c77d02fb2ae44320cf23e4c21863f34da472b11 | |
| parent | c61652d4e0ea763322f5090096f5f8e2b95761eb (diff) | |
| download | nss-hg-83e71942a779c69718efe25da88f99bc1e7146f8.tar.gz | |
Bug 352754: Backported the fix for bug 349966 to the MOZILLA_1_8_BRANCH.
a=mtschrep for Mozilla 1.8 RC2.
| -rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 043e08886..6c63c927d 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -74,7 +74,7 @@ static void ssl3_CleanupPeerCerts(sslSocket *ss); static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, PK11SlotInfo * serverKeySlot); -static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, const PK11SymKey *pms); +static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss); static SECStatus ssl3_HandshakeFailure( sslSocket *ss); static SECStatus ssl3_InitState( sslSocket *ss); @@ -2534,7 +2534,7 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) ** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. */ static SECStatus -ssl3_DeriveMasterSecret(sslSocket *ss, const PK11SymKey *pms) +ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) { ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def; @@ -2584,9 +2584,20 @@ ssl3_DeriveMasterSecret(sslSocket *ss, const PK11SymKey *pms) } if (pms != NULL) { - pwSpec->master_secret = PK11_DeriveWithFlags((PK11SymKey *)pms, - master_derive, ¶ms, key_derive, - CKA_DERIVE, 0, keyFlags); +#if defined(TRACE) + if (ssl_trace >= 100) { + SECStatus extractRV = PK11_ExtractKeyValue(pms); + if (extractRV == SECSuccess) { + SECItem * keyData = PK11_GetKeyData(pms); + if (keyData && keyData->data && keyData->len) { + ssl_PrintBuf(ss, "Pre-Master Secret", + keyData->data, keyData->len); + } + } + } +#endif + pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, + ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { SSL3ProtocolVersion client_version; client_version = pms_version.major << 8 | pms_version.minor; |