Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(663)

Unified Diff: net/third_party/nss/patches/secret_exporter.patch

Issue 9733012: Update NSS to NSS 3.13.4 pre-release snapshot 20120319. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Forgot to update the sslerr.h and SSLerrs.h files Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/third_party/nss/patches/secret_exporter.patch
===================================================================
--- net/third_party/nss/patches/secret_exporter.patch (revision 127513)
+++ net/third_party/nss/patches/secret_exporter.patch (working copy)
@@ -1,215 +0,0 @@
-diff -up a/src/net/third_party/nss/ssl/ssl.h b/src/net/third_party/nss/ssl/ssl.h
---- a/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/ssl.h 2012-02-29 17:18:04.824794558 -0800
-@@ -774,6 +774,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteI
- /* Returnes negotiated through SNI host info. */
- SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
-
-+/* Export keying material according to RFC 5705.
-+** fd must correspond to a TLS 1.0 or higher socket and out must
-+** already be allocated. If contextLen is zero it uses the no-context
-+** construction from the RFC.
-+*/
-+SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
-+ const char *label,
-+ unsigned int labelLen,
-+ const unsigned char *context,
-+ unsigned int contextLen,
-+ unsigned char *out,
-+ unsigned int outLen);
-+
- /*
- ** Return a new reference to the certificate that was most recently sent
- ** to the peer on this SSL/TLS connection, or NULL if none has been sent.
-diff -up a/src/net/third_party/nss/ssl/ssl3con.c b/src/net/third_party/nss/ssl/ssl3con.c
---- a/src/net/third_party/nss/ssl/ssl3con.c 2012-02-28 20:34:50.114663722 -0800
-+++ b/src/net/third_party/nss/ssl/ssl3con.c 2012-02-29 17:18:04.824794558 -0800
-@@ -8368,33 +8368,33 @@ done:
- return rv;
- }
-
--static SECStatus
--ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-- PRBool isServer,
-- const SSL3Finished * hashes,
-- TLSFinished * tlsFinished)
-+/* The calling function must acquire and release the appropriate lock (i.e.,
-+ * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any
-+ * label must already be concatenated onto the beginning of val.
-+ */
-+SECStatus
-+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
-+ unsigned int labelLen, const unsigned char *val, unsigned int valLen,
-+ unsigned char *out, unsigned int outLen)
- {
-- const char * label;
-- unsigned int len;
-- SECStatus rv;
--
-- label = isServer ? "server finished" : "client finished";
-- len = 15;
-+ SECStatus rv = SECSuccess;
-
- if (spec->master_secret && !spec->bypassCiphers) {
- SECItem param = {siBuffer, NULL, 0};
- PK11Context *prf_context =
- PK11_CreateContextBySymKey(CKM_TLS_PRF_GENERAL, CKA_SIGN,
- spec->master_secret, &param);
-+ unsigned int retLen;
-+
- if (!prf_context)
- return SECFailure;
-
- rv = PK11_DigestBegin(prf_context);
-- rv |= PK11_DigestOp(prf_context, (const unsigned char *) label, len);
-- rv |= PK11_DigestOp(prf_context, hashes->md5, sizeof *hashes);
-- rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data,
-- &len, sizeof tlsFinished->verify_data);
-- PORT_Assert(rv != SECSuccess || len == sizeof *tlsFinished);
-+ rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
-+ rv |= PK11_DigestOp(prf_context, val, valLen);
-+ rv |= PK11_DigestFinal(prf_context, out,
-+ &retLen, outLen);
-+ PORT_Assert(rv != SECSuccess || retLen == outLen);
-
- PK11_DestroyContext(prf_context, PR_TRUE);
- } else {
-@@ -8403,17 +8403,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *
- SECItem outData = { siBuffer, };
- PRBool isFIPS = PR_FALSE;
-
-- inData.data = (unsigned char *)hashes->md5;
-- inData.len = sizeof hashes[0];
-- outData.data = tlsFinished->verify_data;
-- outData.len = sizeof tlsFinished->verify_data;
-+ inData.data = (unsigned char *) val;
-+ inData.len = valLen;
-+ outData.data = out;
-+ outData.len = outLen;
- rv = TLS_PRF(&spec->msItem, label, &inData, &outData, isFIPS);
-- PORT_Assert(rv != SECSuccess || \
-- outData.len == sizeof tlsFinished->verify_data);
-+ PORT_Assert(rv != SECSuccess || outData.len == outLen);
- }
- return rv;
- }
-
-+static SECStatus
-+ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
-+ PRBool isServer,
-+ const SSL3Finished * hashes,
-+ TLSFinished * tlsFinished)
-+{
-+ const char * label;
-+ SECStatus rv;
-+ unsigned int len;
-+
-+ label = isServer ? "server finished" : "client finished";
-+ len = 15;
-+
-+ rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
-+ sizeof *hashes, tlsFinished->verify_data,
-+ sizeof tlsFinished->verify_data);
-+
-+ return rv;
-+}
-+
- /* called from ssl3_HandleServerHelloDone
- */
- static SECStatus
-diff -up a/src/net/third_party/nss/ssl/sslimpl.h b/src/net/third_party/nss/ssl/sslimpl.h
---- a/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:12:15.720044263 -0800
-+++ b/src/net/third_party/nss/ssl/sslimpl.h 2012-02-29 17:16:59.143900589 -0800
-@@ -1709,6 +1709,11 @@ SECStatus SSL_DisableDefaultExportCipher
- SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
- PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-
-+SECStatus ssl3_TLSPRFWithMasterSecret(
-+ ssl3CipherSpec *spec, const char *label,
-+ unsigned int labelLen, const unsigned char *val,
-+ unsigned int valLen, unsigned char *out,
-+ unsigned int outLen);
-
- #ifdef TRACE
- #define SSL_TRACE(msg) ssl_Trace msg
-diff -up a/src/net/third_party/nss/ssl/sslinfo.c b/src/net/third_party/nss/ssl/sslinfo.c
---- a/src/net/third_party/nss/ssl/sslinfo.c 2010-09-01 18:12:57.000000000 -0700
-+++ b/src/net/third_party/nss/ssl/sslinfo.c 2012-02-29 17:18:04.824794558 -0800
-@@ -20,6 +20,7 @@
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
-+ * Douglas Stebila <douglas@stebila.ca>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
-@@ -316,6 +317,69 @@ SSL_IsExportCipherSuite(PRUint16 cipherS
- return PR_FALSE;
- }
-
-+/* Export keying material according to RFC 5705.
-+** fd must correspond to a TLS 1.0 or higher socket, out must
-+** be already allocated.
-+*/
-+SECStatus
-+SSL_ExportKeyingMaterial(PRFileDesc *fd,
-+ const char *label,
-+ unsigned int labelLen,
-+ const unsigned char *context,
-+ unsigned int contextLen,
-+ unsigned char *out,
-+ unsigned int outLen)
-+{
-+ sslSocket *ss;
-+ unsigned char *val = NULL;
-+ unsigned int valLen, i;
-+ SECStatus rv = SECFailure;
-+
-+ ss = ssl_FindSocket(fd);
-+ if (!ss) {
-+ SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
-+ SSL_GETPID(), fd));
-+ return SECFailure;
-+ }
-+
-+ if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
-+ PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
-+ return SECFailure;
-+ }
-+
-+ valLen = SSL3_RANDOM_LENGTH * 2;
-+ if (contextLen > 0)
-+ valLen += 2 /* uint16 length */ + contextLen;
-+ val = PORT_Alloc(valLen);
-+ if (val == NULL)
-+ return SECFailure;
-+ i = 0;
-+ PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
-+ i += SSL3_RANDOM_LENGTH;
-+ PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
-+ i += SSL3_RANDOM_LENGTH;
-+ if (contextLen > 0) {
-+ val[i++] = contextLen >> 8;
-+ val[i++] = contextLen;
-+ PORT_Memcpy(val + i, context, contextLen);
-+ i += contextLen;
-+ }
-+ PORT_Assert(i == valLen);
-+
-+ ssl_GetSpecReadLock(ss);
-+ if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
-+ PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-+ rv = SECFailure;
-+ } else {
-+ rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
-+ valLen, out, outLen);
-+ }
-+ ssl_ReleaseSpecReadLock(ss);
-+
-+ PORT_ZFree(val, valLen);
-+ return rv;
-+}
-+
- SECItem*
- SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
- {

Powered by Google App Engine
This is Rietveld 408576698