diff options
author | wtc%google.com <devnull@localhost> | 2013-02-07 01:29:19 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2013-02-07 01:29:19 +0000 |
commit | 1661ba3db3d99461257a717a58e8168980cf5d24 (patch) | |
tree | ec1f1f52d03c888693d4fe6970f0d0075c724aef | |
parent | a4462d72f4ba54bbf588d2cade1a0b9d5ea13c1a (diff) | |
download | nss-hg-1661ba3db3d99461257a717a58e8168980cf5d24.tar.gz |
Bug 822365: Rename the hashAlg field of CK_NSS_MAC_CONSTANT_TIME_PARAMS to
macAlg because it is a PKCS #11 MAC mechanism. r=rrelyea.
Modified Files:
lib/softoken/sftkhmac.c lib/ssl/ssl3con.c lib/util/pkcs11n.h
-rw-r--r-- | security/nss/lib/softoken/sftkhmac.c | 25 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 2 | ||||
-rw-r--r-- | security/nss/lib/util/pkcs11n.h | 9 |
3 files changed, 23 insertions, 13 deletions
diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index 2946a9179..3b55a0572 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -9,27 +9,25 @@ #include "softoken.h" #include "hmacct.h" -/* mechanismToHash converts a PKCS#11 hash mechanism into a freebl hash +/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash * type. */ static HASH_HashType -mechanismToHash(CK_MECHANISM_TYPE mech) +MACMechanismToHash(CK_MECHANISM_TYPE mech) { switch (mech) { - case CKM_MD5: case CKM_MD5_HMAC: case CKM_SSL3_MD5_MAC: return HASH_AlgMD5; - case CKM_SHA_1: case CKM_SHA_1_HMAC: case CKM_SSL3_SHA1_MAC: return HASH_AlgSHA1; - case CKM_SHA224: + case CKM_SHA224_HMAC: return HASH_AlgSHA224; - case CKM_SHA256: + case CKM_SHA256_HMAC: return HASH_AlgSHA256; - case CKM_SHA384: + case CKM_SHA384_HMAC: return HASH_AlgSHA384; - case CKM_SHA512: + case CKM_SHA512_HMAC: return HASH_AlgSHA512; } return HASH_AlgNULL; @@ -50,7 +48,7 @@ SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key) return NULL; } - alg = mechanismToHash(params->hashAlg); + alg = MACMechanismToHash(params->macAlg); if (alg == HASH_AlgNULL) { return NULL; } @@ -106,13 +104,18 @@ sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key) CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; unsigned int padLength = 40, j; + sftk_MACConstantTimeCtx *ctx; - sftk_MACConstantTimeCtx *ctx = SetupMAC(mech, key); + if (params->macAlg != CKM_SSL3_MD5_MAC && + params->macAlg != CKM_SSL3_SHA1_MAC) { + return NULL; + } + ctx = SetupMAC(mech, key); if (!ctx) { return NULL; } - if (params->hashAlg == CKM_SSL3_MD5_MAC) { + if (params->macAlg == CKM_SSL3_MD5_MAC) { padLength = 48; } diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 1adeb4ec2..931b7e493 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -2100,7 +2100,7 @@ ssl3_ComputeRecordMACConstantTime( params.ulHeaderLen = 13; } - params.hashAlg = spec->mac_def->mmech; + params.macAlg = spec->mac_def->mmech; params.ulBodyTotalLen = originalLen; params.pHeader = header; diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 216159a8f..04ef48244 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -243,8 +243,15 @@ typedef struct CK_NSS_JPAKEFinalParams { CK_NSS_JPAKEPublicValue B; /* in */ } CK_NSS_JPAKEFinalParams; +/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and + * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen + * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an + * unsigned int variable to represent the length in bits. This should not + * be a problem because the SSL/TLS protocol limits the size of an SSL + * record to something considerably less than 2^32 bytes. + */ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { - CK_MECHANISM_TYPE hashAlg; /* in */ + CK_MECHANISM_TYPE macAlg; /* in */ CK_ULONG ulBodyTotalLen; /* in */ CK_BYTE * pHeader; /* in */ CK_ULONG ulHeaderLen; /* in */ |