diff options
author | wtc%google.com <devnull@localhost> | 2013-02-06 02:02:38 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2013-02-06 02:02:38 +0000 |
commit | 756fab31eae9ac0e52479c04c886322221726dee (patch) | |
tree | 2b2fa5e91921182f8415f4e7ef046768917b1b5b /security/nss/lib | |
parent | e9fc7f949f1745b76940a379b3b8ed7b2e6f93f5 (diff) | |
download | nss-hg-756fab31eae9ac0e52479c04c886322221726dee.tar.gz |
Bug 822365: Fix the constant-time versions of HMAC-MD5 and SSLv3 MD5 MAC.
Remove the workaround from ssl3_ComputeRecordMACConstantTime. The patch is
contributed by Adam Langley <agl@chromium.org>. r=rrelyea,wtc.
Modified Files:
lib/freebl/hmacct.c lib/softoken/sftkhmac.c lib/ssl/ssl3con.c
Diffstat (limited to 'security/nss/lib')
-rw-r--r-- | security/nss/lib/freebl/hmacct.c | 12 | ||||
-rw-r--r-- | security/nss/lib/softoken/sftkhmac.c | 2 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 6 |
3 files changed, 11 insertions, 9 deletions
diff --git a/security/nss/lib/freebl/hmacct.c b/security/nss/lib/freebl/hmacct.c index cdb7300a5..9cf04f88e 100644 --- a/security/nss/lib/freebl/hmacct.c +++ b/security/nss/lib/freebl/hmacct.c @@ -172,8 +172,16 @@ static SECStatus mac( if (mdLengthSize == 16) { j = 8; } - for (i = 0; i < 4; i++) { - lengthBytes[4+i+j] = bits >> (8*(7-i)); + if (hashObj->type == HASH_AlgMD5) { + /* MD5 appends a little-endian length. */ + for (i = 0; i < 4; i++) { + lengthBytes[i+j] = bits >> (8*i); + } + } else { + /* All other TLS hash functions use a big-endian length. */ + for (i = 0; i < 4; i++) { + lengthBytes[4+i+j] = bits >> (8*(7-i)); + } } if (k > 0) { diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index 412ee4dc4..04b325b4b 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -106,7 +106,7 @@ sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, return NULL; } - if (params->hashAlg == CKM_MD5) { + if (params->hashAlg == CKM_SSL3_MD5_MAC) { padLength = 48; } diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index d5d6ef0f9..1388a454a 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -2063,12 +2063,6 @@ ssl3_ComputeRecordMACConstantTime( goto fallback; } - if (spec->cipher_def->cipher == cipher_rc2_40) { - /* This function doesn't work for SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5. - * We fallback on the non-constant time version. */ - goto fallback; - } - if (spec->mac_def->mac == mac_null) { *outLen = 0; return SECSuccess; |