net/third_party/nss/patches/cbcrandomiv.patch - Issue 7239002: net: Precede each CBC encrypted application data record with an empty one.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/third_party/nss/patches/cbcrandomiv.patch

Issue 7239002: net: Precede each CBC encrypted application data record with an empty one. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 9 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 commit 4fac6faf6aec9b6d836ff86e859ee90a57932ddc

	2 Author: Adam Langley <agl@chromium.org>

	3 Date: Wed Jun 22 13:36:50 2011 -0400

	4

	5 cbcrandomiv.patch

	6

	7 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s sl/ssl3con.c

	8 index 0997e18..8086c5a 100644

	9 --- a/mozilla/security/nss/lib/ssl/ssl3con.c

	10 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c

	11 @@ -1914,7 +1914,9 @@ ssl3_ComputeRecordMAC(

	12 : spec->client.write_mac_context);

	13 rv = PK11_DigestBegin(mac_context);

	14 rv \|= PK11_DigestOp(mac_context, temp, tempLen);

	15 - rv \|= PK11_DigestOp(mac_context, input, inputLength);

	16 + if (inputLength > 0) {

	17 + rv \|= PK11_DigestOp(mac_context, input, inputLength);

	18 + }

	19 rv \|= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);

	20 } else {

	21 /* bypass version */

	22 @@ -2229,7 +2231,7 @@ ssl3_SendRecord( sslSocket * ss,

	23 return SECFailure;

	24 }

	25

	26 - while (nIn > 0) {

	27 + do {

	28 PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);

	29

	30 if (wrBuf->space < contentLen + SSL3_BUFFER_FUDGE) {

	31 @@ -2306,7 +2308,7 @@ ssl3_SendRecord( sslSocket * ss,

	32 }

	33 }

	34 totalSent += contentLen;

	35 - }

	36 + } while (nIn > 0);

	37 return totalSent;

	38 }

	39

	40 @@ -2321,6 +2323,7 @@ ssl3_SendApplicationData(sslSocket ss, const unsigned cha r in,

	41 {

	42 PRInt32 totalSent = 0;

	43 PRInt32 discarded = 0;

	44 + PRBool is_block_cipher;

	45

	46 PORT_Assert( ss->opt.noLocks \|\| ssl_HaveXmitBufLock(ss) );

	47 if (len < 0 \|\| !in) {

	48 @@ -2345,6 +2348,22 @@ ssl3_SendApplicationData(sslSocket ss, const unsigned ch ar in,

	49 len--;

	50 discarded = 1;

	51 }

	52 +

	53 + ssl_GetSpecReadLock(ss);

	54 + is_block_cipher = ss->ssl3.cwSpec->cipher_def->type == type_block;

	55 + ssl_ReleaseSpecReadLock(ss);

	56 +

	57 + if (is_block_cipher) {

	58 + // We assume that block ciphers are used in CBC mode and prepend an

	59 + // empty record. This effectively randomizes the IV in a backwards

	60 + // compatible way.

	61 + PRInt32 sent = ssl3_SendRecord(ss, content_application_data,

	62 + NULL, 0 /* no payload */, flags);

	63 + if (sent < 0) {

	64 + return SECFailure; /* error code set by ssl3_SendRecord */

	65 + }

	66 + }

	67 +

	68 while (len > totalSent) {

	69 PRInt32 sent, toSend;

	70

OLD	NEW

« net/third_party/nss/README.chromium ('K') | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')