diff options
| author | wtc%google.com <devnull@localhost> | 2008-01-10 17:55:25 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2008-01-10 17:55:25 +0000 |
| commit | 92be3762286d04ecaf83b4c1e38f3651e323e975 (patch) | |
| tree | d7f80b5ffdd4b859ddc32edc09ede3a95f507387 | |
| parent | f81a06c46537fc504d6c75ae1977745f57234020 (diff) | |
| download | nss-hg-92be3762286d04ecaf83b4c1e38f3651e323e975.tar.gz | |
Bug 403563: checked in patch v4 from Nagendra Modadugu -- fixed ssl3ecc.c,
use typecast to truncate to uint8, and use PK11_GetBestSlotMultiple
instead of PK11_GetBestSlot.
Modified Files:
Tag: NSS_RFC4507BIS_BRANCH
ssl3ecc.c ssl3ext.c
| -rw-r--r-- | security/nss/lib/ssl/ssl3ecc.c | 12 | ||||
| -rw-r--r-- | security/nss/lib/ssl/ssl3ext.c | 14 |
2 files changed, 13 insertions, 13 deletions
diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 970112503..327730b58 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -463,7 +463,6 @@ ssl3_GetCurveNameForServerSocket(sslSocket *ss) ECName ec_curve = ec_noName; int signatureKeyStrength = 521; int requiredECCbits = ss->sec.secretKeyBits * 2; - int i; if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa) { svrPublicKey = SSL_GET_SERVER_PUBLIC_KEY(ss, kt_ecdh); @@ -1060,10 +1059,8 @@ ssl3_SendSupportedCurvesExt( if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { - TLS1ExtensionData *ex_data = &ss->ssl3.extension_data; - ex_data->advertisedClientExtensions[ - ex_data->numAdvertisedClientExtensions++] = - elliptic_curves_xtn; + TLS1ExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = elliptic_curves_xtn; } } return (sizeof EClist); @@ -1085,9 +1082,8 @@ ssl3_SendSupportedPointExt( if (rv != SECSuccess) return -1; if (!ss->sec.isServer) { - TLS1ExtensionData *ex_data = &ss->ssl3.extension_data; - ex_data->advertisedClientExtensions[ - ex_data->numAdvertisedClientExtensions++] = + TLS1ExtensionData *xtnData = &ss->xtnData; + xtnData->advertised[xtnData->numAdvertised++] = elliptic_point_formats_xtn; } } diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index bf50383e1..06c29acff 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -99,13 +99,13 @@ ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize) switch (lenSize) { case 4: - *p++ = (num >> 24) & 0xff; + *p++ = (uint8) (num >> 24); case 3: - *p++ = (num >> 16) & 0xff; + *p++ = (uint8) (num >> 16); case 2: - *p++ = (num >> 8) & 0xff; + *p++ = (uint8) (num >> 8); case 1: - *p = num & 0xff; + *p = (uint8) num; } rv = ssl3_AppendToItem(item, &b[0], lenSize); return rv; @@ -130,6 +130,7 @@ ssl3_GenerateSessionTicketKeysPKCS11(void) { PK11SlotInfo *slot; SECStatus rv; + CK_MECHANISM_TYPE mechanism_array[2]; slot = PK11_GetBestSlot(CKM_AES_CBC, NULL); /* no parameter, 128-bit key size */ @@ -138,7 +139,10 @@ ssl3_GenerateSessionTicketKeysPKCS11(void) PK11_FreeSlot(slot); if (!session_ticket_enc_key_pkcs11) return PR_FAILURE; - slot = PK11_GetBestSlot(CKM_SHA256_HMAC, NULL); + + mechanism_array[0] = CKM_SHA256_HMAC; + mechanism_array[1] = CKM_GENERIC_SECRET_KEY_GEN; + slot = PK11_GetBestSlotMultiple(mechanism_array, 2, NULL); /* no parameter, 256-bit key size */ session_ticket_mac_key_pkcs11 = PK11_KeyGen(slot, CKM_GENERIC_SECRET_KEY_GEN, NULL, 32, NULL); |