diff options
author | Moonchild <moonchild@palemoon.org> | 2020-12-23 19:02:52 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-12-23 19:02:52 +0000 |
commit | 029bcfe189eae5eebbaf58ccff4e1200dd78b228 (patch) | |
tree | 1c226a334ea1a88e2d1c6f949c9320eb0c3bff59 /security/nss/lib/ssl/tls13replay.c | |
parent | 149d2ffa779826cb48a381099858e76e4624d471 (diff) | |
download | UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.gz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.lz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.xz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.zip |
Issue #1693 - Update NSS to 3.59.1.1
This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our
consumption of the library.
Diffstat (limited to 'security/nss/lib/ssl/tls13replay.c')
-rw-r--r-- | security/nss/lib/ssl/tls13replay.c | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/security/nss/lib/ssl/tls13replay.c b/security/nss/lib/ssl/tls13replay.c index 628011144..7e00785e0 100644 --- a/security/nss/lib/ssl/tls13replay.c +++ b/security/nss/lib/ssl/tls13replay.c @@ -16,6 +16,7 @@ #include "sslbloom.h" #include "sslimpl.h" #include "tls13hkdf.h" +#include "tls13psk.h" struct SSLAntiReplayContextStr { /* The number of outstanding references to this context. */ @@ -55,8 +56,7 @@ tls13_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx) PORT_Free(ctx); } -/* Clear the current state and free any resources we allocated. The signature - * here is odd to allow this to be called during shutdown. */ +/* Clear the current state and free any resources we allocated. */ SECStatus SSLExp_ReleaseAntiReplayContext(SSLAntiReplayContext *ctx) { @@ -75,26 +75,17 @@ tls13_RefAntiReplayContext(SSLAntiReplayContext *ctx) static SECStatus tls13_AntiReplayKeyGen(SSLAntiReplayContext *ctx) { - PRUint8 buf[32]; - SECItem keyItem = { siBuffer, buf, sizeof(buf) }; PK11SlotInfo *slot; - SECStatus rv; PORT_Assert(ctx); - slot = PK11_GetInternalSlot(); + slot = PK11_GetBestSlot(CKM_HKDF_DERIVE, NULL); if (!slot) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } - rv = PK11_GenerateRandomOnSlot(slot, buf, sizeof(buf)); - if (rv != SECSuccess) { - goto loser; - } - ctx->key = PK11_ImportSymKey(slot, CKM_NSS_HKDF_SHA256, - PK11_OriginUnwrap, CKA_DERIVE, - &keyItem, NULL); + ctx->key = PK11_KeyGen(slot, CKM_HKDF_KEY_GEN, NULL, 32, NULL); if (!ctx->key) { goto loser; } @@ -259,7 +250,9 @@ tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid) return PR_TRUE; } - if (!tls13_InWindow(ss, sid)) { + if (!sid) { + PORT_Assert(ss->xtnData.selectedPsk->type == ssl_psk_external); + } else if (!tls13_InWindow(ss, sid)) { return PR_TRUE; } @@ -269,7 +262,7 @@ tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid) ss->xtnData.pskBinder.data, ss->xtnData.pskBinder.len, label, strlen(label), - buf, size); + ss->protocolVariant, buf, size); if (rv != SECSuccess) { return PR_TRUE; } |