Hi,
I'm hacking around NSS code and i'm encountering a roadblock which i
cannot pass.
here's the gist of my code:
ssl_GetSpecReadLock(ss);
/* M2: send the key_block from the pending cipher spec */
sent = ssl3_SendRecord(ss, content_key_share, ss->ssl3.pwSpec-
>client.write_key_item.data, ss->ssl3.pwSpec-
>client.write_key_item.len,
ssl_SEND_FLAG_FORCE_INTO_BUFFER);
if (sent < 0) {
return (SECStatus)sent; /* error code set by ssl3_SendRecord */
}
ssl_ReleaseSpecReadLock(ss); // M2: release spec read lock
/* M2: this used to be before dealing with pwSpec/cwSpec */
sent = ssl3_SendRecord(ss, content_change_cipher_spec, &change, 1,
ssl_SEND_FLAG_FORCE_INTO_BUFFER);
if (sent < 0) {
return (SECStatus)sent; /* error code set by ssl3_SendRecord */
}
/* M2: warning - once this is set, encryption starts... */
/* swap the pending and current write specs. */
ssl_GetSpecWriteLock(ss); /**************************************/
pwSpec = ss->ssl3.pwSpec;
pwSpec->write_seq_num.high = 0;
pwSpec->write_seq_num.low = 0;
ss->ssl3.pwSpec = ss->ssl3.cwSpec;
ss->ssl3.cwSpec = pwSpec;
(...)
which goes into SendChangeCipherSpecs.
at this stage of the SSL state machine, pwSpec has been populated long
ago as ssl3_DeriveConnectionKeysPKCS11 has already been called from
SendClientKeyExchange. it's also evident from the following lines that
pwSpec is already 'primed' and ready to be exchanged with cwSpec. in
particular if i dare place my code after the exchange, sendRecord will
send an encrypted record.
and yet... when accessing pwSpec contents - I get nothing. even with
the speclock. What am i missing?
Any help would be appreciated.
Sincerely,
Gil Bahat
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
