Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(251)

Unified Diff: net/third_party/nss/patches/nextproto.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/third_party/nss/patches/nextproto.patch
===================================================================
--- net/third_party/nss/patches/nextproto.patch (revision 124804)
+++ net/third_party/nss/patches/nextproto.patch (working copy)
@@ -1,592 +0,0 @@
-From 0c2f72b38711abdd4ada08ae8d7e96dce79a672b Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:19:28 -0400
-Subject: [PATCH 01/15] nextproto.patch
-
----
- mozilla/security/nss/lib/ssl/ssl.def | 8 ++
- mozilla/security/nss/lib/ssl/ssl.h | 51 ++++++++++++
- mozilla/security/nss/lib/ssl/ssl3con.c | 58 +++++++++++++
- mozilla/security/nss/lib/ssl/ssl3ext.c | 104 ++++++++++++++++++++++++-
- mozilla/security/nss/lib/ssl/ssl3prot.h | 3 +-
- mozilla/security/nss/lib/ssl/sslerr.h | 2 +
- mozilla/security/nss/lib/ssl/sslimpl.h | 21 +++++
- mozilla/security/nss/lib/ssl/sslsock.c | 134 +++++++++++++++++++++++++++++++
- mozilla/security/nss/lib/ssl/sslt.h | 3 +-
- 9 files changed, 381 insertions(+), 3 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
-index d3f455c..6ea48c0 100644
---- a/mozilla/security/nss/lib/ssl/ssl.def
-+++ b/mozilla/security/nss/lib/ssl/ssl.def
-@@ -152,3 +152,11 @@ SSL_SNISocketConfigHook;
- ;+ local:
- ;+*;
- ;+};
-+;+NSS_CHROMIUM {
-+;+ global:
-+SSL_GetNextProto;
-+SSL_SetNextProtoCallback;
-+SSL_SetNextProtoNego;
-+;+ local:
-+;+*;
-+;+};
-diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 4a9e89d..f54eb09 100644
---- a/mozilla/security/nss/lib/ssl/ssl.h
-+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -153,6 +153,57 @@ SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
- SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
- SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
-
-+/* SSLNextProtoCallback is called, during the handshake, when the server has
-+ * sent a Next Protocol Negotiation extension. |protos| and |protosLen| define
-+ * a buffer which contains the server's advertisement. This data is guaranteed
-+ * to be well formed per the NPN spec. |protoOut| is a buffer provided by the
-+ * caller, of length 255 (the maximum allowed by the protocol).
-+ * On successful return, the protocol to be announced to the server will be in
-+ * |protoOut| and its length in |*protoOutLen|. */
-+typedef SECStatus (PR_CALLBACK *SSLNextProtoCallback)(
-+ void *arg,
-+ PRFileDesc *fd,
-+ const unsigned char* protos,
-+ unsigned int protosLen,
-+ unsigned char* protoOut,
-+ unsigned int* protoOutLen);
-+
-+/* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
-+ * Negotiation. It causes a client to advertise NPN. */
-+SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
-+ SSLNextProtoCallback callback,
-+ void *arg);
-+
-+/* SSL_SetNextProtoNego can be used as an alternative to
-+ * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
-+ * installs a default callback function which selects the first supported
-+ * protocol in server-preference order. If no matching protocol is found it
-+ * selects the first supported protocol.
-+ *
-+ * The supported protocols are specified in |data| in wire-format (8-bit
-+ * length-prefixed). For example: "\010http/1.1\006spdy/2". */
-+SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
-+ const unsigned char *data,
-+ unsigned int length);
-+/* SSL_GetNextProto can be used after a handshake on a socket where
-+ * SSL_SetNextProtoNego was called to retrieve the result of the Next Protocol
-+ * negotiation.
-+ *
-+ * state is set to one of the SSL_NEXT_PROTO_* constants. The negotiated
-+ * protocol, if any, is written into buf, which must be at least buf_len bytes
-+ * long. If the negotiated protocol is longer than this, it is truncated. The
-+ * number of bytes copied is written into *length. */
-+SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
-+ int *state,
-+ unsigned char *buf,
-+ unsigned int *length,
-+ unsigned int buf_len);
-+
-+/* TODO(wtc): it may be a good idea to define these as an enum type. */
-+#define SSL_NEXT_PROTO_NO_SUPPORT 0 /* No peer support */
-+#define SSL_NEXT_PROTO_NEGOTIATED 1 /* Mutual agreement */
-+#define SSL_NEXT_PROTO_NO_OVERLAP 2 /* No protocol overlap found */
-+
- /*
- ** Control ciphers that SSL uses. If on is non-zero then the named cipher
- ** is enabled, otherwise it is disabled.
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 8048913..d2d4f91 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -81,6 +81,7 @@ static SECStatus ssl3_InitState( sslSocket *ss);
- static SECStatus ssl3_SendCertificate( sslSocket *ss);
- static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
- static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
-+static SECStatus ssl3_SendNextProto( sslSocket *ss);
- static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
- static SECStatus ssl3_SendServerHello( sslSocket *ss);
- static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-@@ -5742,6 +5743,16 @@ ssl3_HandleServerHelloDone(sslSocket *ss)
- if (rv != SECSuccess) {
- goto loser; /* err code was set. */
- }
-+
-+ /* We don't send NPN in a renegotiation as it's explicitly disallowed by
-+ * the spec. */
-+ if (!ss->firstHsDone) {
-+ rv = ssl3_SendNextProto(ss);
-+ if (rv != SECSuccess) {
-+ goto loser; /* err code was set. */
-+ }
-+ }
-+
- rv = ssl3_SendFinished(ss, 0);
- if (rv != SECSuccess) {
- goto loser; /* err code was set. */
-@@ -8169,6 +8180,40 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
- }
-
- /* called from ssl3_HandleServerHelloDone
-+ */
-+static SECStatus
-+ssl3_SendNextProto(sslSocket *ss)
-+{
-+ SECStatus rv;
-+ int padding_len;
-+ static const unsigned char padding[32] = {0};
-+
-+ if (ss->ssl3.nextProto.len == 0)
-+ return SECSuccess;
-+
-+ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-+ PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
-+
-+ padding_len = 32 - ((ss->ssl3.nextProto.len + 2) % 32);
-+
-+ rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->ssl3.nextProto.len +
-+ 2 + padding_len);
-+ if (rv != SECSuccess) {
-+ return rv; /* error code set by AppendHandshakeHeader */
-+ }
-+ rv = ssl3_AppendHandshakeVariable(ss, ss->ssl3.nextProto.data,
-+ ss->ssl3.nextProto.len, 1);
-+ if (rv != SECSuccess) {
-+ return rv; /* error code set by AppendHandshake */
-+ }
-+ rv = ssl3_AppendHandshakeVariable(ss, padding, padding_len, 1);
-+ if (rv != SECSuccess) {
-+ return rv; /* error code set by AppendHandshake */
-+ }
-+ return rv;
-+}
-+
-+/* called from ssl3_HandleServerHelloDone
- * ssl3_HandleClientHello
- * ssl3_HandleFinished
- */
-@@ -8421,6 +8466,14 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
- if (doStepUp || ss->writerThread == PR_GetCurrentThread()) {
- flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
- }
-+
-+ if (!isServer && !ss->firstHsDone) {
-+ rv = ssl3_SendNextProto(ss);
-+ if (rv != SECSuccess) {
-+ goto xmit_loser; /* err code was set. */
-+ }
-+ }
-+
- rv = ssl3_SendFinished(ss, flags);
- if (rv != SECSuccess) {
- goto xmit_loser; /* err is set. */
-@@ -9488,6 +9541,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
- ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE/*freeSrvName*/);
-
- ss->ssl3.initialized = PR_FALSE;
-+
-+ if (ss->ssl3.nextProto.data) {
-+ PORT_Free(ss->ssl3.nextProto.data);
-+ ss->ssl3.nextProto.data = NULL;
-+ }
- }
-
- /* End of ssl3con.c */
-diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index becbfe9..711cad0 100644
---- a/mozilla/security/nss/lib/ssl/ssl3ext.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
-@@ -235,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
- #endif
- { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
- { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-+ { ssl_next_proto_neg_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
- { -1, NULL }
- };
-
-@@ -245,6 +246,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = {
- /* TODO: add a handler for ssl_ec_point_formats_xtn */
- { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
- { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-+ { ssl_next_proto_neg_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
- { -1, NULL }
- };
-
-@@ -267,7 +269,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = {
- { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn },
- { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
- #endif
-- { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }
-+ { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
-+ { ssl_next_proto_neg_xtn, &ssl3_ClientSendNextProtoNegoXtn }
- /* any extra entries will appear as { 0, NULL } */
- };
-
-@@ -534,6 +537,105 @@ ssl3_SendSessionTicketXtn(
- return -1;
- }
-
-+/* handle an incoming Next Protocol Negotiation extension. */
-+SECStatus
-+ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
-+{
-+ if (data->len != 0) {
-+ /* Clients MUST send an empty NPN extension, if any. */
-+ return SECFailure;
-+ }
-+
-+ return SECSuccess;
-+}
-+
-+/* ssl3_ValidateNextProtoNego checks that the given block of data is valid: none
-+ * of the lengths may be 0 and the sum of the lengths must equal the length of
-+ * the block. */
-+SECStatus
-+ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned short length)
-+{
-+ unsigned int offset = 0;
-+
-+ while (offset < length) {
-+ if (data[offset] == 0) {
-+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-+ return SECFailure;
-+ }
-+ offset += (unsigned int)data[offset] + 1;
-+ }
-+
-+ if (offset > length) {
-+ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-+ return SECFailure;
-+ }
-+
-+ return SECSuccess;
-+}
-+
-+SECStatus
-+ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
-+ SECItem *data)
-+{
-+ SECStatus rv;
-+ unsigned char result[255];
-+ unsigned int result_len;
-+
-+ rv = ssl3_ValidateNextProtoNego(data->data, data->len);
-+ if (rv != SECSuccess)
-+ return rv;
-+
-+ rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd,
-+ data->data, data->len,
-+ result, &result_len);
-+ if (rv != SECSuccess)
-+ return rv;
-+ /* If the callback wrote more than allowed to |result| it has corrupted our
-+ * stack. */
-+ PORT_Assert(result_len <= sizeof(result));
-+
-+ if (ss->ssl3.nextProto.data)
-+ PORT_Free(ss->ssl3.nextProto.data);
-+ ss->ssl3.nextProto.data = PORT_Alloc(result_len);
-+ PORT_Memcpy(ss->ssl3.nextProto.data, result, result_len);
-+ ss->ssl3.nextProto.len = result_len;
-+ return SECSuccess;
-+}
-+
-+PRInt32
-+ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss,
-+ PRBool append,
-+ PRUint32 maxBytes)
-+{
-+ PRInt32 extension_length;
-+
-+ /* Renegotiations do not send this extension. */
-+ if (!ss->nextProtoCallback || ss->firstHsDone) {
-+ return 0;
-+ }
-+
-+ extension_length = 4;
-+
-+ if (append && maxBytes >= extension_length) {
-+ SECStatus rv;
-+ rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_neg_xtn, 2);
-+ if (rv != SECSuccess)
-+ goto loser;
-+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+ if (rv != SECSuccess)
-+ goto loser;
-+ ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
-+ ssl_next_proto_neg_xtn;
-+ } else if (maxBytes < extension_length) {
-+ return 0;
-+ }
-+
-+ return extension_length;
-+
-+ loser:
-+ return -1;
-+}
-+
- /*
- * NewSessionTicket
- * Called from ssl3_HandleFinished
-diff --git a/mozilla/security/nss/lib/ssl/ssl3prot.h b/mozilla/security/nss/lib/ssl/ssl3prot.h
-index 4702fcc..f3c950e 100644
---- a/mozilla/security/nss/lib/ssl/ssl3prot.h
-+++ b/mozilla/security/nss/lib/ssl/ssl3prot.h
-@@ -157,7 +157,8 @@ typedef enum {
- server_hello_done = 14,
- certificate_verify = 15,
- client_key_exchange = 16,
-- finished = 20
-+ finished = 20,
-+ next_proto = 67
- } SSL3HandshakeType;
-
- typedef struct {
-diff --git a/mozilla/security/nss/lib/ssl/sslerr.h b/mozilla/security/nss/lib/ssl/sslerr.h
-index a2f6524..c76ffa9 100644
---- a/mozilla/security/nss/lib/ssl/sslerr.h
-+++ b/mozilla/security/nss/lib/ssl/sslerr.h
-@@ -203,6 +203,8 @@ SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
-
- SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115),
-
-+SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID = (SSL_ERROR_BASE + 117),
-+
- SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
- } SSLErrorCodes;
- #endif /* NO_SECURITY_ERROR_ENUM */
-diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index 9af471d..199c573 100644
---- a/mozilla/security/nss/lib/ssl/sslimpl.h
-+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -313,6 +313,10 @@ typedef struct {
- #endif /* NSS_ENABLE_ECC */
-
- typedef struct sslOptionsStr {
-+ /* If SSL_SetNextProtoNego has been called, then this contains the
-+ * list of supported protocols. */
-+ SECItem nextProtoNego;
-+
- unsigned int useSecurity : 1; /* 1 */
- unsigned int useSocks : 1; /* 2 */
- unsigned int requestCertificate : 1; /* 3 */
-@@ -827,6 +831,13 @@ struct ssl3StateStr {
- PRBool initialized;
- SSL3HandshakeState hs;
- ssl3CipherSpec specs[2]; /* one is current, one is pending. */
-+
-+ /* In a client: if the server supports Next Protocol Negotiation, then
-+ * this is the protocol that was negotiated.
-+ *
-+ * If the data pointer is non-NULL, then it is malloced data. */
-+ SECItem nextProto;
-+ int nextProtoState; /* See NEXT_PROTO_* defines */
- };
-
- typedef struct {
-@@ -1058,6 +1069,8 @@ const unsigned char * preferredCipher;
- SSLHandshakeCallback handshakeCallback;
- void *handshakeCallbackData;
- void *pkcs11PinArg;
-+ SSLNextProtoCallback nextProtoCallback;
-+ void *nextProtoArg;
-
- PRIntervalTime rTimeout; /* timeout for NSPR I/O */
- PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-@@ -1494,8 +1507,12 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
- PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
-+extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
-+ PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
- PRUint16 ex_type, SECItem *data);
-+extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
-+ PRUint16 ex_type, SECItem *data);
-
- /* ClientHello and ServerHello extension senders.
- * Note that not all extension senders are exposed here; only those that
-@@ -1526,6 +1543,10 @@ extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
- extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
- PRBool append, PRUint32 maxBytes);
- #endif
-+extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
-+ PRUint32 maxBytes);
-+extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
-+ unsigned short length);
-
- /* call the registered extension handlers. */
- extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss,
-diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index bc770a1..829103b 100644
---- a/mozilla/security/nss/lib/ssl/sslsock.c
-+++ b/mozilla/security/nss/lib/ssl/sslsock.c
-@@ -163,6 +163,7 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */
- ** default settings for socket enables
- */
- static sslOptions ssl_defaults = {
-+ { siBuffer, NULL, 0 }, /* nextProtoNego */
- PR_TRUE, /* useSecurity */
- PR_FALSE, /* useSocks */
- PR_FALSE, /* requestCertificate */
-@@ -438,6 +439,10 @@ ssl_DestroySocketContents(sslSocket *ss)
- ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
- ss->ephemeralECDHKeyPair = NULL;
- }
-+ if (ss->opt.nextProtoNego.data) {
-+ PORT_Free(ss->opt.nextProtoNego.data);
-+ ss->opt.nextProtoNego.data = NULL;
-+ }
- PORT_Assert(!ss->xtnData.sniNameArr);
- if (ss->xtnData.sniNameArr) {
- PORT_Free(ss->xtnData.sniNameArr);
-@@ -1266,6 +1271,135 @@ SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
- return fd;
- }
-
-+SECStatus
-+SSL_SetNextProtoCallback(PRFileDesc *fd,
-+ SSLNextProtoCallback callback,
-+ void *arg) {
-+ sslSocket *ss = ssl_FindSocket(fd);
-+
-+ if (!ss) {
-+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego", SSL_GETPID(),
-+ fd));
-+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
-+ return SECFailure;
-+ }
-+
-+ ssl_GetSSL3HandshakeLock(ss);
-+ ss->nextProtoCallback = callback;
-+ ss->nextProtoArg = arg;
-+ ssl_ReleaseSSL3HandshakeLock(ss);
-+ return SECSuccess;
-+}
-+
-+/* NextProtoStandardCallback is set as an NPN callback for the case when the
-+ * user of the sockets wants the standard selection algorithm. */
-+static SECStatus
-+NextProtoStandardCallback(void *arg,
-+ PRFileDesc *fd,
-+ const unsigned char *protos,
-+ unsigned int protos_len,
-+ unsigned char *protoOut,
-+ unsigned int *protoOutLen)
-+{
-+ unsigned int i, j;
-+ const unsigned char *result;
-+
-+ sslSocket *ss = ssl_FindSocket(fd);
-+ PORT_Assert(ss);
-+
-+ if (protos_len == 0) {
-+ /* The server supports the extension, but doesn't have any protocols
-+ * configured. In this case we request our favoured protocol. */
-+ goto pick_first;
-+ }
-+
-+ /* For each protocol in server preference, see if we support it. */
-+ for (i = 0; i < protos_len; ) {
-+ for (j = 0; j < ss->opt.nextProtoNego.len; ) {
-+ if (protos[i] == ss->opt.nextProtoNego.data[j] &&
-+ memcmp(&protos[i+1], &ss->opt.nextProtoNego.data[j+1],
-+ protos[i]) == 0) {
-+ /* We found a match. */
-+ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
-+ result = &protos[i];
-+ goto found;
-+ }
-+ j += (unsigned int)ss->opt.nextProtoNego.data[j] + 1;
-+ }
-+ i += (unsigned int)protos[i] + 1;
-+ }
-+
-+pick_first:
-+ ss->ssl3.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
-+ result = ss->opt.nextProtoNego.data;
-+
-+found:
-+ memcpy(protoOut, result + 1, result[0]);
-+ *protoOutLen = result[0];
-+ return SECSuccess;
-+}
-+
-+SECStatus
-+SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
-+ unsigned int length)
-+{
-+ SECStatus rv;
-+
-+ sslSocket *ss = ssl_FindSocket(fd);
-+
-+ if (!ss) {
-+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
-+ SSL_GETPID(), fd));
-+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
-+ return SECFailure;
-+ }
-+
-+ if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
-+ return SECFailure;
-+
-+ ssl_GetSSL3HandshakeLock(ss);
-+ if (ss->opt.nextProtoNego.data)
-+ PORT_Free(ss->opt.nextProtoNego.data);
-+ ss->opt.nextProtoNego.data = PORT_Alloc(length);
-+ if (!ss->opt.nextProtoNego.data) {
-+ ssl_ReleaseSSL3HandshakeLock(ss);
-+ return SECFailure;
-+ }
-+ memcpy(ss->opt.nextProtoNego.data, data, length);
-+ ss->opt.nextProtoNego.len = length;
-+ ss->opt.nextProtoNego.type = siBuffer;
-+ ssl_ReleaseSSL3HandshakeLock(ss);
-+
-+ return SSL_SetNextProtoCallback(fd, NextProtoStandardCallback, NULL);
-+}
-+
-+SECStatus
-+SSL_GetNextProto(PRFileDesc *fd, int *state, unsigned char *buf,
-+ unsigned int *length, unsigned int buf_len)
-+{
-+ sslSocket *ss = ssl_FindSocket(fd);
-+
-+ if (!ss) {
-+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
-+ fd));
-+ return SECFailure;
-+ }
-+
-+ *state = ss->ssl3.nextProtoState;
-+
-+ if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
-+ ss->ssl3.nextProto.data) {
-+ *length = ss->ssl3.nextProto.len;
-+ if (*length > buf_len)
-+ *length = buf_len;
-+ PORT_Memcpy(buf, ss->ssl3.nextProto.data, *length);
-+ } else {
-+ *length = 0;
-+ }
-+
-+ return SECSuccess;
-+}
-+
- PRFileDesc *
- SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
- {
-diff --git a/mozilla/security/nss/lib/ssl/sslt.h b/mozilla/security/nss/lib/ssl/sslt.h
-index c7d4553..f6e0b62 100644
---- a/mozilla/security/nss/lib/ssl/sslt.h
-+++ b/mozilla/security/nss/lib/ssl/sslt.h
-@@ -203,9 +203,10 @@ typedef enum {
- ssl_ec_point_formats_xtn = 11,
- #endif
- ssl_session_ticket_xtn = 35,
-+ ssl_next_proto_neg_xtn = 13172,
- ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
- } SSLExtensionType;
-
--#define SSL_MAX_EXTENSIONS 5
-+#define SSL_MAX_EXTENSIONS 6
-
- #endif /* __sslt_h_ */
« no previous file with comments | « net/third_party/nss/patches/handshakeshortwrite.patch ('k') | net/third_party/nss/patches/ocspstapling.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698