Commit 4171be63 authored by Martin Thomson's avatar Martin Thomson

Bug 1398647 - Remove the SECItem used for "storing" the master secret, r=ttaubert

--HG--
branch : NSS_TLS13_DRAFT19_BRANCH
extra : rebase_source : 7b6b118d9a116e1803db64ad29f4e0c1e4ebfe1b
extra : amend_source : 6285cc56284e96566fdf653475fb04526fd11ddb
extra : source : 1430f8033e9f639ec6912b78b52652948ba5d57a
parent 2af2477a
This diff is collapsed.
......@@ -232,7 +232,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
goto loser; /* err set by ssl3_AppendHandshake* */
}
rv = ssl3_InitPendingCipherSpec(ss, pms);
rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
if (rv != SECSuccess) {
ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
goto loser;
......@@ -313,7 +313,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, PRUint8 *b,
return SECFailure;
}
rv = ssl3_InitPendingCipherSpec(ss, pms);
rv = ssl3_InitPendingCipherSpecs(ss, pms, PR_TRUE);
PK11_FreeSymKey(pms);
if (rv != SECSuccess) {
/* error code set by ssl3_InitPendingCipherSpec */
......
......@@ -654,7 +654,7 @@ ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData
}
PRUint32 ssl_ticket_lifetime = 2 * 24 * 60 * 60; /* 2 days in seconds */
#define TLS_EX_SESS_TICKET_VERSION (0x0106)
#define TLS_EX_SESS_TICKET_VERSION (0x0107)
/*
* Called from ssl3_SendNewSessionTicket, tls13_SendNewSessionTicket
......@@ -667,13 +667,12 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
SECStatus rv;
sslBuffer plaintext = { NULL, 0, 0 };
SECItem ticket_buf = { 0, NULL, 0 };
PRBool ms_is_wrapped;
sslSessionID sid;
unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
SECItem ms_item = { 0, NULL, 0 };
PRTime now;
SECItem *srvName = NULL;
CK_MECHANISM_TYPE msWrapMech = 0; /* dummy default value,
* must be >= 0 */
CK_MECHANISM_TYPE msWrapMech;
SECItem *alpnSelection = NULL;
PRUint32 ticketAgeBaseline;
......@@ -683,33 +682,23 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
if (ss->ssl3.pwSpec->msItem.len && ss->ssl3.pwSpec->msItem.data) {
PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
/* The master secret is available unwrapped. */
ms_item.data = ss->ssl3.pwSpec->msItem.data;
ms_item.len = ss->ssl3.pwSpec->msItem.len;
ms_is_wrapped = PR_FALSE;
} else {
/* Extract the master secret wrapped. */
sslSessionID sid;
/* Extract the master secret wrapped. */
PORT_Memset(&sid, 0, sizeof(sslSessionID));
PORT_Memset(&sid, 0, sizeof(sslSessionID));
PORT_Assert(secret);
rv = ssl3_CacheWrappedSecret(ss, &sid, secret);
if (rv == SECSuccess) {
if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
goto loser;
memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
sid.u.ssl3.keys.wrapped_master_secret_len);
ms_item.data = wrapped_ms;
ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
msWrapMech = sid.u.ssl3.masterWrapMech;
} else {
/* TODO: else send an empty ticket. */
PORT_Assert(secret);
rv = ssl3_CacheWrappedSecret(ss, &sid, secret);
if (rv == SECSuccess) {
if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
goto loser;
}
ms_is_wrapped = PR_TRUE;
memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
sid.u.ssl3.keys.wrapped_master_secret_len);
ms_item.data = wrapped_ms;
ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
msWrapMech = sid.u.ssl3.masterWrapMech;
} else {
/* TODO: else send an empty ticket. */
goto loser;
}
/* Prep to send negotiated name */
srvName = &ss->sec.ci.sid->u.ssl3.srvName;
......@@ -779,9 +768,6 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
goto loser;
/* master_secret */
rv = sslBuffer_AppendNumber(&plaintext, ms_is_wrapped, 1);
if (rv != SECSuccess)
goto loser;
rv = sslBuffer_AppendNumber(&plaintext, msWrapMech, 4);
if (rv != SECSuccess)
goto loser;
......@@ -1052,14 +1038,6 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
}
/* Read the master secret (and how it is wrapped). */
rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &len);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
parsedTicket->ms_is_wrapped = (PRBool)temp;
rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
......@@ -1230,7 +1208,6 @@ ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
parsedTicket->master_secret, parsedTicket->ms_length);
sid->u.ssl3.keys.wrapped_master_secret_len = parsedTicket->ms_length;
sid->u.ssl3.masterWrapMech = parsedTicket->msWrapMech;
sid->u.ssl3.keys.msIsWrapped = parsedTicket->ms_is_wrapped;
sid->u.ssl3.masterValid = PR_TRUE;
sid->u.ssl3.keys.resumable = PR_TRUE;
sid->u.ssl3.keys.extendedMasterSecretUsed = parsedTicket->extendedMasterSecretUsed;
......
......@@ -411,7 +411,6 @@ typedef PRUint16 DTLSEpoch;
typedef struct {
PRUint8 wrapped_master_secret[48];
PRUint16 wrapped_master_secret_len;
PRUint8 msIsWrapped;
PRUint8 resumable;
PRUint8 extendedMasterSecretUsed;
} ssl3SidKeys; /* 53 bytes */
......@@ -420,9 +419,6 @@ typedef struct {
PK11SymKey *write_key;
PK11SymKey *write_mac_key;
PK11Context *write_mac_context;
SECItem write_key_item;
SECItem write_iv_item;
SECItem write_mac_key_item;
PRUint8 write_iv[MAX_IV_LENGTH];
} ssl3KeyMaterial;
......@@ -499,7 +495,6 @@ struct ssl3CipherSpecStr {
SSL3ProtocolVersion version;
ssl3KeyMaterial client;
ssl3KeyMaterial server;
SECItem msItem;
DTLSEpoch epoch;
DTLSRecvdRecords recvdRecords;
/* The number of 0-RTT bytes that can be sent or received in TLS 1.3. This
......@@ -1358,7 +1353,8 @@ extern int ssl_Do1stHandshake(sslSocket *ss);
extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
extern void ssl3_InitCipherSpec(ssl3CipherSpec *spec);
extern SECStatus ssl3_InitPendingCipherSpecs(sslSocket *ss, PK11SymKey *secret,
PRBool derive);
extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
const char *peerID, const char *urlSvrName);
......
......@@ -510,7 +510,7 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
* secret is available and we have sent ChangeCipherSpec.
*/
ssl_GetSpecReadLock(ss);
if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
if (!ss->ssl3.cwSpec->master_secret) {
PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
rv = SECFailure;
} else {
......
......@@ -640,10 +640,6 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
SSL_TRC(3, ("%d: TLS13[%d]: recovering static secret (%s)",
SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
if (!sid->u.ssl3.keys.msIsWrapped) {
PORT_Assert(0); /* I think this can't happen. */
return SECFailure;
}
/* Now find the hash used as the PRF for the previous handshake. */
hashType = tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment