diff options
author | wtc%google.com <devnull@localhost> | 2013-02-06 22:20:23 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2013-02-06 22:20:23 +0000 |
commit | 7e59c6b59d75417c09122283348675eb57240266 (patch) | |
tree | 03d47db46b4e7ade4874e7f6a8937b4eca2c873c | |
parent | fe4302ce9c8e29cf7eb618804c0267e99ce2017b (diff) | |
download | nss-hg-7e59c6b59d75417c09122283348675eb57240266.tar.gz |
Bug 822365: PKCS #11 naming convention and NSS coding style fixes for the
constant-time CBC decoding code. r=rrelyea.
Modified Files:
lib/freebl/hmacct.c lib/freebl/loader.c lib/freebl/md5.c
lib/softoken/pkcs11.c lib/softoken/pkcs11c.c
lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h
-rw-r--r-- | security/nss/lib/freebl/hmacct.c | 43 | ||||
-rw-r--r-- | security/nss/lib/freebl/loader.c | 12 | ||||
-rw-r--r-- | security/nss/lib/freebl/md5.c | 2 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 2 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11c.c | 14 | ||||
-rw-r--r-- | security/nss/lib/softoken/sftkhmac.c | 78 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 64 | ||||
-rw-r--r-- | security/nss/lib/util/pkcs11n.h | 12 |
8 files changed, 134 insertions, 93 deletions
diff --git a/security/nss/lib/freebl/hmacct.c b/security/nss/lib/freebl/hmacct.c index 3dcd5f2f3..52457dcda 100644 --- a/security/nss/lib/freebl/hmacct.c +++ b/security/nss/lib/freebl/hmacct.c @@ -30,19 +30,23 @@ /* constantTimeGE returns 0xff if a>=b and 0x00 otherwise, where a, b < * MAX_UINT/2. */ -static unsigned char constantTimeGE(unsigned int a, unsigned int b) { +static unsigned char +constantTimeGE(unsigned int a, unsigned int b) +{ a -= b; return DUPLICATE_MSB_TO_ALL(~a); } /* constantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) { +static unsigned char +constantTimeEQ8(unsigned char a, unsigned char b) +{ unsigned int c = a ^ b; c--; return DUPLICATE_MSB_TO_ALL_8(c); } -/* mac performs a constant time SSLv3/TLS MAC of |dataLen| bytes of |data|, +/* MAC performs a constant time SSLv3/TLS MAC of |dataLen| bytes of |data|, * where |dataLen| includes both the authenticated bytes and the MAC tag from * the sender. |dataLen| must be >= the length of the MAC tag. * @@ -57,8 +61,8 @@ static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) { * |header| contains either the 13-byte TLS header (containing the sequence * number, record type etc), or it contains the SSLv3 header with the SSLv3 * padding bytes etc. */ -static SECStatus mac( - unsigned char *mdOut, +static SECStatus +MAC(unsigned char *mdOut, unsigned int *mdOutLen, unsigned int mdOutMax, const SECHashObject *hashObj, @@ -69,8 +73,8 @@ static SECStatus mac( const unsigned char *data, unsigned int dataLen, unsigned int dataTotalLen, - unsigned char isSSLv3) { - + unsigned char isSSLv3) +{ void *mdState = hashObj->create(); const unsigned int mdSize = hashObj->length; const unsigned int mdBlockSize = hashObj->blocklength; @@ -196,7 +200,8 @@ static SECStatus mac( memcpy(firstBlock + overhang, data, mdBlockSize-overhang); hashObj->update(mdState, firstBlock, mdBlockSize); for (i = 1; i < k/mdBlockSize - 1; i++) { - hashObj->update(mdState, data + mdBlockSize*i - overhang, mdBlockSize); + hashObj->update(mdState, data + mdBlockSize*i - overhang, + mdBlockSize); } } else { /* k is a multiple of mdBlockSize. */ @@ -204,7 +209,8 @@ static SECStatus mac( memcpy(firstBlock+13, data, mdBlockSize-13); hashObj->update(mdState, firstBlock, mdBlockSize); for (i = 1; i < k/mdBlockSize; i++) { - hashObj->update(mdState, data + mdBlockSize*i - 13, mdBlockSize); + hashObj->update(mdState, data + mdBlockSize*i - 13, + mdBlockSize); } } } @@ -247,7 +253,8 @@ static SECStatus mac( /* The final bytes of one of the blocks contains the length. */ if (j >= mdBlockSize - mdLengthSize) { /* If this is indexB, write a length byte. */ - b = (b&~isBlockB) | (isBlockB&lengthBytes[j-(mdBlockSize-mdLengthSize)]); + b = (b&~isBlockB) | + (isBlockB&lengthBytes[j-(mdBlockSize-mdLengthSize)]); } block[j] = b; } @@ -285,7 +292,8 @@ static SECStatus mac( return SECSuccess; } -SECStatus HMAC_ConstantTime( +SECStatus +HMAC_ConstantTime( unsigned char *result, unsigned int *resultLen, unsigned int maxResultLen, @@ -296,15 +304,17 @@ SECStatus HMAC_ConstantTime( unsigned int headerLen, const unsigned char *body, unsigned int bodyLen, - unsigned int bodyTotalLen) { + unsigned int bodyTotalLen) +{ if (hashObj->end_raw == NULL) return SECFailure; - return mac(result, resultLen, maxResultLen, hashObj, secret, secretLen, + return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen, header, headerLen, body, bodyLen, bodyTotalLen, 0 /* not SSLv3 */); } -SECStatus SSLv3_MAC_ConstantTime( +SECStatus +SSLv3_MAC_ConstantTime( unsigned char *result, unsigned int *resultLen, unsigned int maxResultLen, @@ -315,10 +325,11 @@ SECStatus SSLv3_MAC_ConstantTime( unsigned int headerLen, const unsigned char *body, unsigned int bodyLen, - unsigned int bodyTotalLen) { + unsigned int bodyTotalLen) +{ if (hashObj->end_raw == NULL) return SECFailure; - return mac(result, resultLen, maxResultLen, hashObj, secret, secretLen, + return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen, header, headerLen, body, bodyLen, bodyTotalLen, 1 /* SSLv3 */); } diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index ae3025199..8180f7447 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -1859,7 +1859,8 @@ PRNGTEST_RunHealthTests(void) return vector->p_PRNGTEST_RunHealthTests(); } -SECStatus SSLv3_MAC_ConstantTime( +SECStatus +SSLv3_MAC_ConstantTime( unsigned char *result, unsigned int *resultLen, unsigned int maxResultLen, @@ -1870,7 +1871,8 @@ SECStatus SSLv3_MAC_ConstantTime( unsigned int headerLen, const unsigned char *body, unsigned int bodyLen, - unsigned int bodyTotalLen) { + unsigned int bodyTotalLen) +{ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) return SECFailure; return (vector->p_SSLv3_MAC_ConstantTime)( @@ -1881,7 +1883,8 @@ SECStatus SSLv3_MAC_ConstantTime( body, bodyLen, bodyTotalLen); } -SECStatus HMAC_ConstantTime( +SECStatus +HMAC_ConstantTime( unsigned char *result, unsigned int *resultLen, unsigned int maxResultLen, @@ -1892,7 +1895,8 @@ SECStatus HMAC_ConstantTime( unsigned int headerLen, const unsigned char *body, unsigned int bodyLen, - unsigned int bodyTotalLen) { + unsigned int bodyTotalLen) +{ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) return SECFailure; return (vector->p_HMAC_ConstantTime)( diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c index 1bffbbecc..2929a633d 100644 --- a/security/nss/lib/freebl/md5.c +++ b/security/nss/lib/freebl/md5.c @@ -538,10 +538,10 @@ void MD5_EndRaw(MD5Context *cx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen) { - PRUint32 cv[4]; #ifndef IS_LITTLE_ENDIAN PRUint32 tmp; #endif + PRUint32 cv[4]; if (maxDigestLen < MD5_HASH_LEN) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index d526b453c..f91d15a3d 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -491,7 +491,7 @@ static const struct mechanismList mechanisms[] = { {CKM_NSS_JPAKE_FINAL_SHA512, {0, 0, CKF_DERIVE}, PR_TRUE}, /* -------------------- Constant Time TLS MACs ----------------------- */ {CKM_NSS_HMAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE}, - {CKM_NSS_SSLV3_MAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE} + {CKM_NSS_SSL3_MAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE} }; static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]); diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 7ea6b0e5b..95ceb1f85 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -1529,12 +1529,14 @@ DOSUB(SHA256) DOSUB(SHA384) DOSUB(SHA512) -SECStatus sftk_SignCopy( +static SECStatus +sftk_SignCopy( CK_ULONG *copyLen, void *out, unsigned int *outLength, unsigned int maxLength, const unsigned char *hashResult, - unsigned int hashResultLength) { + unsigned int hashResultLength) +{ unsigned int toCopy = *copyLen; if (toCopy > maxLength) { toCopy = maxLength; @@ -2249,7 +2251,8 @@ finish_rsa: break; case CKM_NSS_HMAC_CONSTANT_TIME: { - sftk_MACConstantTimeCtx *ctx = sftk_HMACConstantTime_New(pMechanism,key); + sftk_MACConstantTimeCtx *ctx = + sftk_HMACConstantTime_New(pMechanism,key); CK_ULONG *intpointer; if (ctx == NULL) { @@ -2278,8 +2281,9 @@ finish_rsa: break; } - case CKM_NSS_SSLV3_MAC_CONSTANT_TIME: { - sftk_MACConstantTimeCtx *ctx = sftk_SSLv3MACConstantTime_New(pMechanism,key); + case CKM_NSS_SSL3_MAC_CONSTANT_TIME: { + sftk_MACConstantTimeCtx *ctx = + sftk_SSLv3MACConstantTime_New(pMechanism,key); CK_ULONG *intpointer; if (ctx == NULL) { diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index 04b325b4b..2946a9179 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -9,8 +9,11 @@ #include "softoken.h" #include "hmacct.h" -/* mechanismToHash converts a PKCS#11 hash mechanism into a freebl hash type. */ -static HASH_HashType mechanismToHash(CK_MECHANISM_TYPE mech) { +/* mechanismToHash converts a PKCS#11 hash mechanism into a freebl hash + * type. */ +static HASH_HashType +mechanismToHash(CK_MECHANISM_TYPE mech) +{ switch (mech) { case CKM_MD5: case CKM_MD5_HMAC: @@ -32,17 +35,18 @@ static HASH_HashType mechanismToHash(CK_MECHANISM_TYPE mech) { return HASH_AlgNULL; } -static sftk_MACConstantTimeCtx* SetupMAC(CK_MECHANISM_PTR mech, - SFTKObject *key) { - CK_NSS_MACConstantTimeParams* params = - (CK_NSS_MACConstantTimeParams*) mech->pParameter; - sftk_MACConstantTimeCtx* ctx; +static sftk_MACConstantTimeCtx * +SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key) +{ + CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = + (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; + sftk_MACConstantTimeCtx *ctx; HASH_HashType alg; SFTKAttribute *keyval; unsigned char secret[sizeof(ctx->secret)]; unsigned int secretLength; - if (mech->ulParameterLen != sizeof(CK_NSS_MACConstantTimeParams)) { + if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) { return NULL; } @@ -71,18 +75,19 @@ static sftk_MACConstantTimeCtx* SetupMAC(CK_MECHANISM_PTR mech, memcpy(ctx->secret, secret, secretLength); ctx->secretLength = secretLength; ctx->hash = HASH_GetRawHashObject(alg); - ctx->totalLength = params->ulBodyTotalLength; + ctx->totalLength = params->ulBodyTotalLen; return ctx; } -sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, - SFTKObject *key) { - CK_NSS_MACConstantTimeParams* params = - (CK_NSS_MACConstantTimeParams*) mech->pParameter; - sftk_MACConstantTimeCtx* ctx; +sftk_MACConstantTimeCtx * +sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key) +{ + CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = + (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; + sftk_MACConstantTimeCtx *ctx; - if (params->ulHeaderLength > sizeof(ctx->header)) { + if (params->ulHeaderLen > sizeof(ctx->header)) { return NULL; } ctx = SetupMAC(mech, key); @@ -90,18 +95,19 @@ sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, return NULL; } - ctx->headerLength = params->ulHeaderLength; - memcpy(ctx->header, params->pHeader, params->ulHeaderLength); + ctx->headerLength = params->ulHeaderLen; + memcpy(ctx->header, params->pHeader, params->ulHeaderLen); return ctx; } -sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, - SFTKObject *key) { - CK_NSS_MACConstantTimeParams* params = - (CK_NSS_MACConstantTimeParams*) mech->pParameter; +sftk_MACConstantTimeCtx * +sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key) +{ + CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = + (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; unsigned int padLength = 40, j; - sftk_MACConstantTimeCtx* ctx = SetupMAC(mech, key); + sftk_MACConstantTimeCtx *ctx = SetupMAC(mech, key); if (!ctx) { return NULL; } @@ -113,7 +119,7 @@ sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, ctx->headerLength = ctx->secretLength + padLength + - params->ulHeaderLength; + params->ulHeaderLen; if (ctx->headerLength > sizeof(ctx->header)) { goto loser; @@ -124,7 +130,7 @@ sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, j += ctx->secretLength; memset(&ctx->header[j], 0x36, padLength); j += padLength; - memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLength); + memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen); return ctx; @@ -133,8 +139,10 @@ loser: return NULL; } -void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) { - sftk_MACConstantTimeCtx* ctx = (sftk_MACConstantTimeCtx*) pctx; +void +sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) +{ + sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; SECStatus rv = HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, @@ -145,8 +153,10 @@ void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) { PORT_Assert(rv == SECSuccess); } -void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) { - sftk_MACConstantTimeCtx* ctx = (sftk_MACConstantTimeCtx*) pctx; +void +sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) +{ + sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; SECStatus rv = SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, @@ -157,9 +167,11 @@ void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) PORT_Assert(rv == SECSuccess); } -void sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength, - unsigned int maxLength) { - const sftk_MACConstantTimeCtx* ctx = (sftk_MACConstantTimeCtx*) pctx; +void +sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength, + unsigned int maxLength) +{ + const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; unsigned int toCopy = ctx->hash->length; if (toCopy > maxLength) { toCopy = maxLength; @@ -170,6 +182,8 @@ void sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength } } -void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free) { +void +sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free) +{ PORT_Free(pctx); } diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 1388a454a..1adeb4ec2 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -2046,8 +2046,7 @@ ssl3_ComputeRecordMACConstantTime( unsigned int * outLen) { CK_MECHANISM_TYPE macType; - CK_NSS_MACConstantTimeParams params; - PK11Context * mac_context; + CK_NSS_MAC_CONSTANT_TIME_PARAMS params; SECItem param, inputItem, outputItem; SECStatus rv; unsigned char header[13]; @@ -2081,10 +2080,10 @@ ssl3_ComputeRecordMACConstantTime( macType = CKM_NSS_HMAC_CONSTANT_TIME; recordLength = inputLen - spec->mac_size; if (spec->version <= SSL_LIBRARY_VERSION_3_0) { - macType = CKM_NSS_SSLV3_MAC_CONSTANT_TIME; + macType = CKM_NSS_SSL3_MAC_CONSTANT_TIME; header[9] = recordLength >> 8; header[10] = recordLength; - params.ulHeaderLength = 11; + params.ulHeaderLen = 11; } else { if (isDTLS) { SSL3ProtocolVersion dtls_version; @@ -2098,11 +2097,11 @@ ssl3_ComputeRecordMACConstantTime( } header[11] = recordLength >> 8; header[12] = recordLength; - params.ulHeaderLength = 13; + params.ulHeaderLen = 13; } params.hashAlg = spec->mac_def->mmech; - params.ulBodyTotalLength = originalLen; + params.ulBodyTotalLen = originalLen; params.pHeader = header; param.data = (unsigned char*) ¶ms; @@ -9663,36 +9662,41 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) #define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) -/* SECStatusToMask returns, in constant time, a mask value of all ones if rv == - * SECSuccess. Otherwise it returns zero. */ -static unsigned SECStatusToMask(SECStatus rv) +/* SECStatusToMask returns, in constant time, a mask value of all ones if + * rv == SECSuccess. Otherwise it returns zero. */ +static unsigned int +SECStatusToMask(SECStatus rv) { unsigned int good; - /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results in - * the MSB being set to one iff it was zero before. */ + /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results + * in the MSB being set to one iff it was zero before. */ good = rv ^ SECSuccess; good--; return DUPLICATE_MSB_TO_ALL(good); } /* ssl_ConstantTimeGE returns 0xff if a>=b and 0x00 otherwise. */ -static unsigned char ssl_ConstantTimeGE(unsigned a, unsigned b) +static unsigned char +ssl_ConstantTimeGE(unsigned int a, unsigned int b) { a -= b; return DUPLICATE_MSB_TO_ALL(~a); } /* ssl_ConstantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char ssl_ConstantTimeEQ8(unsigned char a, unsigned char b) +static unsigned char +ssl_ConstantTimeEQ8(unsigned char a, unsigned char b) { - unsigned c = a ^ b; + unsigned int c = a ^ b; c--; return DUPLICATE_MSB_TO_ALL_8(c); } -static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, - unsigned blockSize, - unsigned macSize) { +static SECStatus +ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, + unsigned int blockSize, + unsigned int macSize) +{ unsigned int paddingLength, good, t; const unsigned int overhead = 1 /* padding length byte */ + macSize; @@ -9715,9 +9719,9 @@ static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext, return (good & SECSuccess) | (~good & SECFailure); } - -static SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, - unsigned macSize) { +static SECStatus +ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize) +{ unsigned int paddingLength, good, t, toCheck, i; const unsigned int overhead = 1 /* padding length byte */ + macSize; @@ -9777,12 +9781,15 @@ static SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, * macSize <= MAX_MAC_LENGTH * plaintext->len >= macSize */ -static void ssl_CBCExtractMAC(sslBuffer *plaintext, - unsigned int originalLength, - SSL3Opaque* out, - unsigned int macSize) { +static void +ssl_CBCExtractMAC(sslBuffer *plaintext, + unsigned int originalLength, + SSL3Opaque* out, + unsigned int macSize) +{ unsigned char rotatedMac[MAX_MAC_LENGTH]; - /* macEnd is the index of |plaintext->buf| just after the end of the MAC. */ + /* macEnd is the index of |plaintext->buf| just after the end of the + * MAC. */ unsigned macEnd = plaintext->len; unsigned macStart = macEnd - macSize; /* scanStart contains the number of bytes that we can ignore because @@ -9816,11 +9823,12 @@ static void ssl_CBCExtractMAC(sslBuffer *plaintext, } } - /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line we - * could line-align |rotatedMac| and rotate in place. */ + /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line + * we could line-align |rotatedMac| and rotate in place. */ memset(out, 0, macSize); for (i = 0; i < macSize; i++) { - unsigned char offset = (divSpoiler + macSize - rotateOffset + i) % macSize; + unsigned char offset = + (divSpoiler + macSize - rotateOffset + i) % macSize; for (j = 0; j < macSize; j++) { out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset); } diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index a6fceec1e..216159a8f 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -195,8 +195,8 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) -#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) -#define CKM_NSS_SSLV3_MAC_CONSTANT_TIME (CKM_NSS + 20) +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) /* * HISTORICAL: @@ -243,12 +243,12 @@ typedef struct CK_NSS_JPAKEFinalParams { CK_NSS_JPAKEPublicValue B; /* in */ } CK_NSS_JPAKEFinalParams; -typedef struct CK_NSS_MACConstantTimeParams { +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { CK_MECHANISM_TYPE hashAlg; /* in */ - CK_ULONG ulBodyTotalLength; /* in */ + CK_ULONG ulBodyTotalLen; /* in */ CK_BYTE * pHeader; /* in */ - CK_ULONG ulHeaderLength; /* in */ -} CK_NSS_MACConstantTimeParams; + CK_ULONG ulHeaderLen; /* in */ +} CK_NSS_MAC_CONSTANT_TIME_PARAMS; /* * NSS-defined return values |