| OLD | NEW |
|---|
| 1 From 68d651bb679cd9da8f162774c5dcf40aad5ae3f1 Mon Sep 17 00:00:00 2001 | 1 diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h |
| 2 From: Adam Langley <agl@chromium.org> | 2 --- a/src/net/third_party/nss/ssl/ssl.h»2012-02-29 14:41:25.755295547 -0800 |
| 3 Date: Mon, 3 Oct 2011 12:25:10 -0400 | 3 +++ b/src/net/third_party/nss/ssl/ssl.h»2012-02-29 16:45:47.368569394 -0800 |
| 4 Subject: [PATCH] origin_bound_certs.patch | 4 @@ -168,6 +168,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi |
| 5 | 5 */ |
| 6 --- | 6 #define SSL_CBC_RANDOM_IV 23 |
| 7 mozilla/security/nss/lib/ssl/ssl.h | 1 + | 7 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ |
| 8 mozilla/security/nss/lib/ssl/ssl3ext.c | 82 +++++++++++++++++++++++++++++++- | |
| 9 mozilla/security/nss/lib/ssl/sslimpl.h | 7 +++ | |
| 10 mozilla/security/nss/lib/ssl/sslsock.c | 13 +++++- | |
| 11 mozilla/security/nss/lib/ssl/sslt.h | 5 +- | |
| 12 5 files changed, 104 insertions(+), 4 deletions(-) | |
| 13 | |
| 14 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s
sl.h | |
| 15 index c32438d..1115fa9 100644 | |
| 16 --- a/mozilla/security/nss/lib/ssl/ssl.h | |
| 17 +++ b/mozilla/security/nss/lib/ssl/ssl.h | |
| 18 @@ -142,6 +142,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFil
eDesc *fd); | |
| 19 #define SSL_ENABLE_OCSP_STAPLING 23 /* Request OCSP stapling (client) */ | |
| 20 #define SSL_ENABLE_CACHED_INFO 24 /* Enable TLS cached information */ | |
| 21 /* extension, off by default. */ | |
| 22 +#define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */ | 8 +#define SSL_ENABLE_OB_CERTS 25 /* Enable origin bound certs. */ |
| 23 | 9 |
| 24 #ifdef SSL_DEPRECATED_FUNCTION | 10 #ifdef SSL_DEPRECATED_FUNCTION |
| 25 /* Old deprecated function names */ | 11 /* Old deprecated function names */ |
| 26 diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/s
sl/ssl3ext.c | 12 diff -up a/src/net/third_party/nss/ssl/ssl3ext.c b/src/net/third_party/nss/ssl/s
sl3ext.c |
| 27 index 17898fb..887344b 100644 | 13 --- a/src/net/third_party/nss/ssl/ssl3ext.c» 2012-02-28 20:34:50.114663722 -0
800 |
| 28 --- a/mozilla/security/nss/lib/ssl/ssl3ext.c | 14 +++ b/src/net/third_party/nss/ssl/ssl3ext.c» 2012-02-29 17:05:21.684414824 -0
800 |
| 29 +++ b/mozilla/security/nss/lib/ssl/ssl3ext.c | 15 @@ -242,6 +242,7 @@ static const ssl3HelloExtensionHandler c |
| 30 @@ -237,6 +237,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[]
= { | 16 { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn }, |
| 31 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, | 17 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 32 { ssl_next_proto_neg_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, | 18 { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, |
| 33 { ssl_cached_info_xtn, &ssl3_ServerHandleCachedInfoXtn }, | |
| 34 + { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn }, | 19 + { ssl_ob_cert_xtn, &ssl3_ServerHandleOBCertXtn }, |
| 35 { -1, NULL } | 20 { -1, NULL } |
| 36 }; | 21 }; |
| 37 | 22 |
| 38 @@ -250,6 +251,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTL
S[] = { | 23 @@ -254,6 +255,7 @@ static const ssl3HelloExtensionHandler s |
| 39 { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, | 24 { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 40 { ssl_cached_info_xtn, &ssl3_ClientHandleCachedInfoXtn }, | 25 { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 41 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, | 26 { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 42 + { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, | 27 + { ssl_ob_cert_xtn, &ssl3_ClientHandleOBCertXtn }, |
| 43 { -1, NULL } | 28 { -1, NULL } |
| 44 }; | 29 }; |
| 45 | 30 |
| 46 @@ -275,7 +277,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTEN
SIONS] = { | 31 @@ -278,7 +280,8 @@ ssl3HelloExtensionSender clientHelloSend |
| 32 #endif |
| 47 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, | 33 { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 48 { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }, | 34 { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 49 { ssl_cached_info_xtn, &ssl3_ClientSendCachedInfoXtn }, | |
| 50 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } | 35 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn } |
| 51 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, | 36 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 52 + { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } | 37 + { ssl_ob_cert_xtn, &ssl3_SendOBCertXtn } |
| 53 /* any extra entries will appear as { 0, NULL } */ | 38 /* any extra entries will appear as { 0, NULL } */ |
| 54 }; | 39 }; |
| 55 | 40 |
| 56 @@ -1973,3 +1976,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 e
x_type, SECItem *data) | 41 @@ -1723,3 +1726,80 @@ ssl3_HandleRenegotiationInfoXtn(sslSocke |
| 57 return rv; | 42 return rv; |
| 58 } | 43 } |
| 59 | 44 |
| 60 +/* This sender is used by both the client and server. */ | 45 +/* This sender is used by both the client and server. */ |
| 61 +PRInt32 | 46 +PRInt32 |
| 62 +ssl3_SendOBCertXtn(sslSocket * ss, PRBool append, | 47 +ssl3_SendOBCertXtn(sslSocket * ss, PRBool append, |
| 63 + PRUint32 maxBytes) | 48 + PRUint32 maxBytes) |
| 64 +{ | 49 +{ |
| 65 + SECStatus rv; | 50 + SECStatus rv; |
| 66 + PRUint32 extension_length; | 51 + PRUint32 extension_length; |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 + | 112 + |
| 128 + /* The echoed extension must be empty. */ | 113 + /* The echoed extension must be empty. */ |
| 129 + if (data->len != 0) | 114 + if (data->len != 0) |
| 130 + return SECFailure; | 115 + return SECFailure; |
| 131 + | 116 + |
| 132 + /* Keep track of negotiated extensions. */ | 117 + /* Keep track of negotiated extensions. */ |
| 133 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; | 118 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 134 + | 119 + |
| 135 + return SECSuccess; | 120 + return SECSuccess; |
| 136 +} | 121 +} |
| 137 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/s
sl/sslimpl.h | 122 diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/s
slimpl.h |
| 138 index f1e9a3e..973a3c9 100644 | 123 --- a/src/net/third_party/nss/ssl/sslimpl.h» 2012-02-28 20:34:50.114663722 -0
800 |
| 139 --- a/mozilla/security/nss/lib/ssl/sslimpl.h | 124 +++ b/src/net/third_party/nss/ssl/sslimpl.h» 2012-02-29 16:57:21.097919853 -0
800 |
| 140 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h | 125 @@ -349,6 +349,7 @@ typedef struct sslOptionsStr { |
| 141 @@ -341,6 +341,7 @@ typedef struct sslOptionsStr { | |
| 142 unsigned int enableFalseStart : 1; /* 23 */ | 126 unsigned int enableFalseStart : 1; /* 23 */ |
| 143 unsigned int enableOCSPStapling : 1; /* 24 */ | 127 unsigned int cbcRandomIV : 1; /* 24 */ |
| 144 unsigned int enableCachedInfo : 1; /* 25 */ | 128 unsigned int enableOCSPStapling : 1; /* 25 */ |
| 145 + unsigned int enableOBCerts : 1; /* 26 */ | 129 + unsigned int enableOBCerts : 1; /* 26 */ |
| 146 } sslOptions; | 130 } sslOptions; |
| 147 | 131 |
| 148 typedef enum { sslHandshakingUndetermined = 0, | 132 typedef enum { sslHandshakingUndetermined = 0, |
| 149 @@ -1547,10 +1548,14 @@ extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocke
t *ss, | 133 @@ -1563,8 +1564,12 @@ extern SECStatus ssl3_ClientHandleSessio |
| 150 PRUint16 ex_type, SECItem *data); | 134 PRUint16 ex_type, SECItem *data); |
| 151 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, | 135 extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, |
| 152 PRUint16 ex_type, SECItem *data); | 136 PRUint16 ex_type, SECItem *data); |
| 153 +extern SECStatus ssl3_ClientHandleOBCertXtn(sslSocket *ss, | 137 +extern SECStatus ssl3_ClientHandleOBCertXtn(sslSocket *ss, |
| 154 + PRUint16 ex_type, SECItem *data); | 138 + PRUint16 ex_type, SECItem *data); |
| 155 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, | 139 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, |
| 156 PRUint16 ex_type, SECItem *data); | 140 PRUint16 ex_type, SECItem *data); |
| 157 extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, | |
| 158 PRUint16 ex_type, SECItem *data); | |
| 159 +extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss, | 141 +extern SECStatus ssl3_ServerHandleOBCertXtn(sslSocket *ss, |
| 160 + PRUint16 ex_type, SECItem *data); | 142 + PRUint16 ex_type, SECItem *data); |
| 161 | 143 |
| 162 /* ClientHello and ServerHello extension senders. | 144 /* ClientHello and ServerHello extension senders. |
| 163 * Note that not all extension senders are exposed here; only those that | 145 * Note that not all extension senders are exposed here; only those that |
| 164 @@ -1570,6 +1575,8 @@ extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss,
PRBool append, | 146 @@ -1580,6 +1585,8 @@ extern PRInt32 ssl3_ClientSendStatusRequ |
| 147 */ |
| 148 extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append, |
| 165 PRUint32 maxBytes); | 149 PRUint32 maxBytes); |
| 166 extern PRInt32 ssl3_ServerSendCachedInfoXtn(sslSocket *ss, PRBool append, | |
| 167 PRUint32 maxBytes); | |
| 168 +extern PRInt32 ssl3_SendOBCertXtn(sslSocket *ss, PRBool append, | 150 +extern PRInt32 ssl3_SendOBCertXtn(sslSocket *ss, PRBool append, |
| 169 + PRUint32 maxBytes); | 151 + PRUint32 maxBytes); |
| 170 | 152 |
| 171 /* Assigns new cert, cert chain and keys to ss->serverCerts | 153 /* Assigns new cert, cert chain and keys to ss->serverCerts |
| 172 * struct. If certChain is NULL, tries to find one. Aborts if | 154 * struct. If certChain is NULL, tries to find one. Aborts if |
| 173 diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/s
sl/sslsock.c | 155 diff -up a/src/net/third_party/nss/ssl/sslsock.c b/src/net/third_party/nss/ssl/s
slsock.c |
| 174 index 11b53da..7d12bfe 100644 | 156 --- a/src/net/third_party/nss/ssl/sslsock.c» 2012-02-29 14:41:25.755295547 -0
800 |
| 175 --- a/mozilla/security/nss/lib/ssl/sslsock.c | 157 +++ b/src/net/third_party/nss/ssl/sslsock.c» 2012-02-29 17:03:16.272715683 -0
800 |
| 176 +++ b/mozilla/security/nss/lib/ssl/sslsock.c | |
| 177 @@ -187,6 +187,7 @@ static sslOptions ssl_defaults = { | 158 @@ -187,6 +187,7 @@ static sslOptions ssl_defaults = { |
| 178 PR_FALSE, /* enableFalseStart */ | 159 PR_FALSE, /* enableFalseStart */ |
| 160 PR_TRUE, /* cbcRandomIV */ |
| 179 PR_FALSE, /* enableOCSPStapling */ | 161 PR_FALSE, /* enableOCSPStapling */ |
| 180 PR_FALSE, /* enableCachedInfo */ | |
| 181 + PR_FALSE, /* enableOBCerts */ | 162 + PR_FALSE, /* enableOBCerts */ |
| 182 }; | 163 }; |
| 183 | 164 |
| 184 sslSessionIDLookupFunc ssl_sid_lookup; | 165 sslSessionIDLookupFunc ssl_sid_lookup; |
| 185 @@ -748,6 +749,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) | 166 @@ -750,6 +751,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh |
| 186 » ss->opt.enableCachedInfo = on; | 167 » ss->opt.enableOCSPStapling = on; |
| 187 break; | 168 break; |
| 188 | 169 |
| 189 + case SSL_ENABLE_OB_CERTS: | 170 + case SSL_ENABLE_OB_CERTS: |
| 190 + ss->opt.enableOBCerts = on; | 171 + ss->opt.enableOBCerts = on; |
| 191 + break; | 172 + break; |
| 192 + | 173 + |
| 193 default: | 174 default: |
| 194 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 175 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 195 rv = SECFailure; | 176 rv = SECFailure; |
| 196 @@ -813,7 +818,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) | 177 @@ -816,6 +821,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh |
| 197 on = ss->opt.requireSafeNegotiation; break; | |
| 198 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 178 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
| 179 case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break; |
| 199 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; | 180 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; |
| 200 - case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break; | |
| 201 + case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break; | |
| 202 + case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break; | 181 + case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break; |
| 203 | 182 |
| 204 default: | 183 default: |
| 205 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 184 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 206 @@ -869,6 +875,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) | 185 @@ -873,6 +879,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo |
| 186 case SSL_ENABLE_OCSP_STAPLING: |
| 207 on = ssl_defaults.enableOCSPStapling; | 187 on = ssl_defaults.enableOCSPStapling; |
| 208 break; | 188 break; |
| 209 case SSL_ENABLE_CACHED_INFO: on = ssl_defaults.enableCachedInfo; break; | |
| 210 + case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break; | 189 + case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break; |
| 211 | 190 |
| 212 default: | 191 default: |
| 213 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 192 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 214 @@ -1024,6 +1031,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) | 193 @@ -1036,6 +1043,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo |
| 215 » ssl_defaults.enableCachedInfo = on; | 194 » ssl_defaults.enableOCSPStapling = on; |
| 216 break; | 195 break; |
| 217 | 196 |
| 218 + case SSL_ENABLE_OB_CERTS: | 197 + case SSL_ENABLE_OB_CERTS: |
| 219 + ssl_defaults.enableOBCerts = on; | 198 + ssl_defaults.enableOBCerts = on; |
| 220 + break; | 199 + break; |
| 221 + | 200 + |
| 222 default: | 201 default: |
| 223 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 202 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 224 return SECFailure; | 203 return SECFailure; |
| 225 diff --git a/mozilla/security/nss/lib/ssl/sslt.h b/mozilla/security/nss/lib/ssl/
sslt.h | 204 diff -up a/src/net/third_party/nss/ssl/sslt.h b/src/net/third_party/nss/ssl/sslt
.h |
| 226 index bca7496..5f852fe 100644 | 205 --- a/src/net/third_party/nss/ssl/sslt.h» 2012-02-28 19:26:04.057351342 -0
800 |
| 227 --- a/mozilla/security/nss/lib/ssl/sslt.h | 206 +++ b/src/net/third_party/nss/ssl/sslt.h» 2012-02-29 17:05:03.744171015 -0
800 |
| 228 +++ b/mozilla/security/nss/lib/ssl/sslt.h | 207 @@ -205,9 +205,10 @@ typedef enum { |
| 229 @@ -206,9 +206,10 @@ typedef enum { | 208 #endif |
| 230 ssl_session_ticket_xtn = 35, | 209 ssl_session_ticket_xtn = 35, |
| 231 ssl_next_proto_neg_xtn = 13172, | 210 ssl_next_proto_nego_xtn = 13172, |
| 232 ssl_cached_info_xtn = 13173, | |
| 233 - ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ | 211 - ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 234 + ssl_renegotiation_info_xtn = 0xff01, /* experimental number */ | 212 + ssl_renegotiation_info_xtn = 0xff01, /* experimental number */ |
| 235 + ssl_ob_cert_xtn = 13175 /* experimental number */ | 213 + ssl_ob_cert_xtn = 13175 /* experimental number */ |
| 236 } SSLExtensionType; | 214 } SSLExtensionType; |
| 237 | 215 |
| 238 -#define SSL_MAX_EXTENSIONS 8 | 216 -#define SSL_MAX_EXTENSIONS 7 |
| 239 +#define SSL_MAX_EXTENSIONS 9 | 217 +#define SSL_MAX_EXTENSIONS 8 |
| 240 | 218 |
| 241 #endif /* __sslt_h_ */ | 219 #endif /* __sslt_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9558017:
Update net/third_party/nss to NSS 3.13.3. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/