Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(533)

Unified Diff: net/third_party/nss/patches/cbcrandomiv.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/cachedinfo.patch ('k') | net/third_party/nss/patches/clientauth.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/cbcrandomiv.patch
===================================================================
--- net/third_party/nss/patches/cbcrandomiv.patch (revision 124804)
+++ net/third_party/nss/patches/cbcrandomiv.patch (working copy)
@@ -1,181 +0,0 @@
-From fb2d182ed92f38bd9c1134bb929f095ea6d3e752 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:23:29 -0400
-Subject: [PATCH] cbcrandomiv.patch
-
----
- mozilla/security/nss/lib/ssl/ssl3con.c | 97 +++++++++++++++++++++++---------
- 1 files changed, 70 insertions(+), 27 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index dd99962..d561307 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
- return isPresent;
- }
-
-+/* Caller must hold the spec read lock. wrBuf is sometimes, but not always,
-+ * ss->sec.writeBuf.
-+ */
- static SECStatus
--ssl3_CompressMACEncryptRecord(sslSocket * ss,
-+ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
-+ PRBool isServer,
- SSL3ContentType type,
- const SSL3Opaque * pIn,
-- PRUint32 contentLen)
-+ PRUint32 contentLen,
-+ sslBuffer * wrBuf)
- {
-- ssl3CipherSpec * cwSpec;
- const ssl3BulkCipherDef * cipher_def;
-- sslBuffer * wrBuf = &ss->sec.writeBuf;
- SECStatus rv;
- PRUint32 macLen = 0;
- PRUint32 fragLen;
- PRUint32 p1Len, p2Len, oddLen = 0;
- PRInt32 cipherBytes = 0;
-
-- ssl_GetSpecReadLock(ss); /********************************/
--
-- cwSpec = ss->ssl3.cwSpec;
- cipher_def = cwSpec->cipher_def;
-
- if (cwSpec->compressor) {
-@@ -2073,12 +2073,12 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
- /*
- * Add the MAC
- */
-- rv = ssl3_ComputeRecordMAC( cwSpec, (PRBool)(ss->sec.isServer),
-+ rv = ssl3_ComputeRecordMAC( cwSpec, isServer,
- type, cwSpec->version, cwSpec->write_seq_num, pIn, contentLen,
- wrBuf->buf + contentLen + SSL3_RECORD_HEADER_LENGTH, &macLen);
- if (rv != SECSuccess) {
- ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-- goto spec_locked_loser;
-+ return SECFailure;
- }
- p1Len = contentLen;
- p2Len = macLen;
-@@ -2131,7 +2131,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
- PORT_Assert(rv == SECSuccess && cipherBytes == p1Len);
- if (rv != SECSuccess || cipherBytes != p1Len) {
- PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-- goto spec_locked_loser;
-+ return SECFailure;
- }
- }
- if (p2Len > 0) {
-@@ -2145,7 +2145,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
- PORT_Assert(rv == SECSuccess && cipherBytesPart2 == p2Len);
- if (rv != SECSuccess || cipherBytesPart2 != p2Len) {
- PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
-- goto spec_locked_loser;
-+ return SECFailure;
- }
- cipherBytes += cipherBytesPart2;
- }
-@@ -2160,13 +2160,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
- wrBuf->buf[3] = MSB(cipherBytes);
- wrBuf->buf[4] = LSB(cipherBytes);
-
-- ssl_ReleaseSpecReadLock(ss); /************************************/
--
- return SECSuccess;
--
--spec_locked_loser:
-- ssl_ReleaseSpecReadLock(ss);
-- return SECFailure;
- }
-
- /* Process the plain text before sending it.
-@@ -2227,20 +2221,71 @@ ssl3_SendRecord( sslSocket * ss,
-
- while (nIn > 0) {
- PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
-+ unsigned int spaceNeeded;
-+ unsigned int numRecords;
-+
-+ ssl_GetSpecReadLock(ss); /********************************/
-+
-+ if (nIn > 1 &&
-+ ss->opt.enableFalseStart &&
-+ ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS &&
-+ type == content_application_data &&
-+ ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
-+ /* We will split the first byte of the record into its own record,
-+ * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
-+ */
-+ numRecords = 2;
-+ } else {
-+ numRecords = 1;
-+ }
-
-- if (wrBuf->space < contentLen + SSL3_BUFFER_FUDGE) {
-- PRInt32 newSpace = PR_MAX(wrBuf->space * 2, contentLen);
-- newSpace = PR_MIN(newSpace, MAX_FRAGMENT_LENGTH);
-- newSpace += SSL3_BUFFER_FUDGE;
-- rv = sslBuffer_Grow(wrBuf, newSpace);
-+ spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
-+ if (spaceNeeded > wrBuf->space) {
-+ rv = sslBuffer_Grow(wrBuf, spaceNeeded);
- if (rv != SECSuccess) {
- SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
-- SSL_GETPID(), ss->fd, newSpace));
-- return SECFailure; /* sslBuffer_Grow set a memory error code. */
-+ SSL_GETPID(), ss->fd, spaceNeeded));
-+ goto spec_locked_loser; /* sslBuffer_Grow set a memory error code. */
-+ }
-+ }
-+
-+ if (numRecords == 2) {
-+ sslBuffer secondRecord;
-+
-+ rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-+ ss->sec.isServer, type, pIn, 1,
-+ wrBuf);
-+ if (rv != SECSuccess)
-+ goto spec_locked_loser;
-+
-+ PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:",
-+ wrBuf->buf, wrBuf->len));
-+
-+ secondRecord.buf = wrBuf->buf + wrBuf->len;
-+ secondRecord.len = 0;
-+ secondRecord.space = wrBuf->space - wrBuf->len;
-+
-+ rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-+ ss->sec.isServer, type, pIn + 1,
-+ contentLen - 1, &secondRecord);
-+ if (rv == SECSuccess) {
-+ PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:",
-+ secondRecord.buf, secondRecord.len));
-+ wrBuf->len += secondRecord.len;
-+ }
-+ } else {
-+ rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
-+ ss->sec.isServer, type, pIn,
-+ contentLen, wrBuf);
-+ if (rv == SECSuccess) {
-+ PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:",
-+ wrBuf->buf, wrBuf->len));
- }
- }
-
-- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
-+spec_locked_loser:
-+ ssl_ReleaseSpecReadLock(ss); /************************************/
-+
- if (rv != SECSuccess)
- return SECFailure;
-
-@@ -2248,8 +2293,6 @@ ssl3_SendRecord( sslSocket * ss,
- nIn -= contentLen;
- PORT_Assert( nIn >= 0 );
-
-- PRINT_BUF(50, (ss, "send (encrypted) record data:", wrBuf->buf, wrBuf->len));
--
- /* If there's still some previously saved ciphertext,
- * or the caller doesn't want us to send the data yet,
- * then add all our new ciphertext to the amount previously saved.
« no previous file with comments | « net/third_party/nss/patches/cachedinfo.patch ('k') | net/third_party/nss/patches/clientauth.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698