Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1150)

Unified Diff: net/third_party/nss/patches/restartclientauth.patch

Issue 9558017: Update net/third_party/nss to NSS 3.13.3. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 8 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/peercertchain.patch ('k') | net/third_party/nss/patches/secret_exporter.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/restartclientauth.patch
===================================================================
--- net/third_party/nss/patches/restartclientauth.patch (revision 124804)
+++ net/third_party/nss/patches/restartclientauth.patch (working copy)
@@ -1,20 +1,7 @@
-From 3c9aa423a3e721fc2223dc5f64d21cc5b4898d4e Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 3 Oct 2011 12:27:03 -0400
-Subject: [PATCH] restartclientauth.patch
-
----
- mozilla/security/nss/lib/ssl/ssl.h | 5 ++
- mozilla/security/nss/lib/ssl/ssl3con.c | 70 +++++++++++++++++++++----------
- mozilla/security/nss/lib/ssl/sslimpl.h | 4 --
- mozilla/security/nss/lib/ssl/sslsecur.c | 35 ++++++++++++---
- 4 files changed, 80 insertions(+), 34 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 835d3cf..7e748bd 100644
---- a/mozilla/security/nss/lib/ssl/ssl.h
-+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -236,6 +236,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
+diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
+--- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:49:08.431530583 -0800
++++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 19:07:19.298439815 -0800
+@@ -306,6 +306,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
PRIntervalTime timeout);
@@ -26,50 +13,48 @@
/*
** Query security status of socket. *on is set to one if security is
** enabled. *keySize will contain the stream key size used. *issuer will
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index f8838d6..d372ee2 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -5667,9 +5667,10 @@ done:
- * reference count. The caller should drop its reference
- * without calling CERT_DestroyCert after calling this function.
- *
-- * key Private key associated with cert. This function makes a
-- * copy of the private key, so the caller remains responsible
-- * for destroying its copy after this function returns.
+diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
+--- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 17:49:08.431530583 -0800
++++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 18:55:27.038466043 -0800
+@@ -5769,6 +5769,84 @@ done:
+ return rv;
+ }
+
++/*
++ * attempt to restart the handshake after asynchronously handling
++ * a request for the client's certificate.
++ *
++ * inputs:
++ * cert Client cert chosen by application.
++ * Note: ssl takes this reference, and does not bump the
++ * reference count. The caller should drop its reference
++ * without calling CERT_DestroyCert after calling this function.
++ *
+ * key Private key associated with cert. This function takes
+ * ownership of the private key, so the caller should drop its
+ * reference without destroying the private key after this
+ * function returns.
- *
- * certChain DER-encoded certs, client cert and its signers.
- * Note: ssl takes this reference, and does not copy the chain.
-@@ -5689,27 +5690,50 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
- SECKEYPrivateKey * key,
- CERTCertificateList *certChain)
- {
-- SECStatus rv = SECSuccess;
-+ SECStatus rv = SECFailure;
-
-- if (MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0)) {
-- /* XXX This code only works on the initial handshake on a connection,
-- ** XXX It does not work on a subsequent handshake (redo).
-- */
-- if (ss->handshake != 0) {
-- ss->handshake = ssl_GatherRecord1stHandshake;
-- ss->ssl3.clientCertificate = cert;
-- ss->ssl3.clientCertChain = certChain;
-- if (key == NULL) {
-- (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
-- ss->ssl3.clientPrivateKey = NULL;
-- } else {
-- ss->ssl3.clientPrivateKey = SECKEY_CopyPrivateKey(key);
-- }
-- ssl_GetRecvBufLock(ss);
-- if (ss->ssl3.hs.msgState.buf != NULL) {
-- rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
-- }
-- ssl_ReleaseRecvBufLock(ss);
++ *
++ * certChain DER-encoded certs, client cert and its signers.
++ * Note: ssl takes this reference, and does not copy the chain.
++ * The caller should drop its reference without destroying the
++ * chain. SSL will free the chain when it is done with it.
++ *
++ * Return value: XXX
++ *
++ * XXX This code only works on the initial handshake on a connection, XXX
++ * It does not work on a subsequent handshake (redo).
++ *
++ * Caller holds 1stHandshakeLock.
++ */
++SECStatus
++ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
++ CERTCertificate * cert,
++ SECKEYPrivateKey * key,
++ CERTCertificateList *certChain)
++{
++ SECStatus rv = SECSuccess;
++
+ /* XXX This code only works on the initial handshake on a connection,
+ ** XXX It does not work on a subsequent handshake (redo).
+ */
@@ -98,11 +83,6 @@
+ (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
+ }
+ }
-+ ssl_GetRecvBufLock(ss);
-+ if (ss->ssl3.hs.msgState.buf != NULL) {
-+ rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
-+ }
-+ ssl_ReleaseRecvBufLock(ss);
+ } else {
+ if (cert) {
+ CERT_DestroyCertificate(cert);
@@ -112,17 +92,22 @@
+ }
+ if (certChain) {
+ CERT_DestroyCertificateList(certChain);
- }
- }
- return rv;
-diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index 906874a..70ff4c3 100644
---- a/mozilla/security/nss/lib/ssl/sslimpl.h
-+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -1356,10 +1356,6 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
++ }
++ rv = SECFailure;
++ }
++ return rv;
++}
++
+ PRBool
+ ssl3_CanFalseStart(sslSocket *ss) {
+ PRBool rv;
+diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
+--- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:49:08.431530583 -0800
++++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 19:05:27.766882356 -0800
+@@ -1392,15 +1392,16 @@ extern SECStatus ssl3_MasterKeyDeriveBy
+ /* These functions are called from secnav, even though they're "private". */
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
- extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
-extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
- CERTCertificate *cert,
- SECKEYPrivateKey *key,
@@ -130,31 +115,50 @@
extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
extern void ssl_FreeSocket(struct sslSocketStr *ssl);
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
-diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/ssl/sslsecur.c
-index dc374e0..bb5f0eb 100644
---- a/mozilla/security/nss/lib/ssl/sslsecur.c
-+++ b/mozilla/security/nss/lib/ssl/sslsecur.c
-@@ -1460,11 +1460,13 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
- * cert Client cert chosen by application.
- * Note: ssl takes this reference, and does not bump the
- * reference count. The caller should drop its reference
-- * without calling CERT_DestroyCert after calling this function.
+ SSL3AlertDescription desc);
+
++extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
++ CERTCertificate * cert,
++ SECKEYPrivateKey * key,
++ CERTCertificateList *certChain);
++
+ extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
+
+ /*
+diff -up a/src/net/third_party/nss/ssl/sslsecur.c b/src/net/third_party/nss/ssl/sslsecur.c
+--- a/src/net/third_party/nss/ssl/sslsecur.c 2012-02-28 16:15:34.790321976 -0800
++++ b/src/net/third_party/nss/ssl/sslsecur.c 2012-02-29 19:01:32.303586125 -0800
+@@ -1468,17 +1468,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
+ return SECSuccess;
+ }
+
+-/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
+- * this implementation exists to maintain link-time compatibility.
++/*
++ * attempt to restart the handshake after asynchronously handling
++ * a request for the client's certificate.
++ *
++ * inputs:
++ * cert Client cert chosen by application.
++ * Note: ssl takes this reference, and does not bump the
++ * reference count. The caller should drop its reference
+ * without calling CERT_DestroyCertificate after calling this
+ * function.
- *
-- * key Private key associated with cert. This function makes a
-- * copy of the private key, so the caller remains responsible
-- * for destroying its copy after this function returns.
++ *
+ * key Private key associated with cert. This function takes
+ * ownership of the private key, so the caller should drop its
+ * reference without destroying the private key after this
+ * function returns.
- *
- * certChain Chain of signers for cert.
- * Note: ssl takes this reference, and does not copy the chain.
-@@ -1476,19 +1478,38 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
- * XXX This code only works on the initial handshake on a connection, XXX
- * It does not work on a subsequent handshake (redo).
++ *
++ * certChain Chain of signers for cert.
++ * Note: ssl takes this reference, and does not copy the chain.
++ * The caller should drop its reference without destroying the
++ * chain. SSL will free the chain when it is done with it.
++ *
++ * Return value: XXX
++ *
++ * XXX This code only works on the initial handshake on a connection, XXX
++ * It does not work on a subsequent handshake (redo).
*/
-int
-SSL_RestartHandshakeAfterCertReq(sslSocket * ss,
@@ -164,7 +168,8 @@
SECKEYPrivateKey * key,
CERTCertificateList *certChain)
{
-- int ret;
+- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+- return -1;
+ sslSocket * ss = ssl_FindSocket(fd);
+ SECStatus ret;
+
@@ -182,15 +187,21 @@
+ }
+ return SECFailure;
+ }
-
- ssl_Get1stHandshakeLock(ss); /************************************/
-
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
- } else {
++
++ ssl_Get1stHandshakeLock(ss); /************************************/
++
++ if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
++ ret = ssl3_RestartHandshakeAfterCertReq(ss, cert, key, certChain);
++ } else {
+ if (certChain != NULL) {
+ CERT_DestroyCertificateList(certChain);
+ }
- ret = ssl2_RestartHandshakeAfterCertReq(ss, cert, key);
- }
++ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
++ ret = SECFailure;
++ }
++
++ ssl_Release1stHandshakeLock(ss); /************************************/
++ return ret;
+ }
+ /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
« no previous file with comments | « net/third_party/nss/patches/peercertchain.patch ('k') | net/third_party/nss/patches/secret_exporter.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698