Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1444)

Unified Diff: net/third_party/nss/patches/secret_exporter2.patch

Issue 9733012: Update NSS to NSS 3.13.4 pre-release snapshot 20120319. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Forgot to update the sslerr.h and SSLerrs.h files Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/third_party/nss/patches/secret_exporter2.patch
===================================================================
--- net/third_party/nss/patches/secret_exporter2.patch (revision 127513)
+++ net/third_party/nss/patches/secret_exporter2.patch (working copy)
@@ -1,228 +0,0 @@
-Index: net/third_party/nss/ssl/ssl.h
-===================================================================
---- net/third_party/nss/ssl/ssl.h (revision 125777)
-+++ net/third_party/nss/ssl/ssl.h (working copy)
-@@ -792,12 +792,14 @@
-
- /* Export keying material according to RFC 5705.
- ** fd must correspond to a TLS 1.0 or higher socket and out must
--** already be allocated. If contextLen is zero it uses the no-context
--** construction from the RFC.
-+** already be allocated. If hasContext is false, it uses the no-context
-+** construction from the RFC and ignores the context and contextLen
-+** arguments.
- */
- SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
- const char *label,
- unsigned int labelLen,
-+ PRBool hasContext,
- const unsigned char *context,
- unsigned int contextLen,
- unsigned char *out,
-Index: net/third_party/nss/ssl/sslinfo.c
-===================================================================
---- net/third_party/nss/ssl/sslinfo.c (revision 125777)
-+++ net/third_party/nss/ssl/sslinfo.c (working copy)
-@@ -317,18 +317,12 @@
- return PR_FALSE;
- }
-
--/* Export keying material according to RFC 5705.
--** fd must correspond to a TLS 1.0 or higher socket, out must
--** be already allocated.
--*/
- SECStatus
- SSL_ExportKeyingMaterial(PRFileDesc *fd,
-- const char *label,
-- unsigned int labelLen,
-- const unsigned char *context,
-- unsigned int contextLen,
-- unsigned char *out,
-- unsigned int outLen)
-+ const char *label, unsigned int labelLen,
-+ PRBool hasContext,
-+ const unsigned char *context, unsigned int contextLen,
-+ unsigned char *out, unsigned int outLen)
- {
- sslSocket *ss;
- unsigned char *val = NULL;
-@@ -347,18 +341,21 @@
- return SECFailure;
- }
-
-+ /* construct PRF arguments */
- valLen = SSL3_RANDOM_LENGTH * 2;
-- if (contextLen > 0)
-+ if (hasContext) {
- valLen += 2 /* uint16 length */ + contextLen;
-+ }
- val = PORT_Alloc(valLen);
-- if (val == NULL)
-+ if (!val) {
- return SECFailure;
-+ }
- i = 0;
- PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
- i += SSL3_RANDOM_LENGTH;
- PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
- i += SSL3_RANDOM_LENGTH;
-- if (contextLen > 0) {
-+ if (hasContext) {
- val[i++] = contextLen >> 8;
- val[i++] = contextLen;
- PORT_Memcpy(val + i, context, contextLen);
-@@ -366,6 +363,9 @@
- }
- PORT_Assert(i == valLen);
-
-+ /* Allow TLS keying material to be exported sooner, when the master
-+ * secret is available and we have sent ChangeCipherSpec.
-+ */
- ssl_GetSpecReadLock(ss);
- if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
- PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-Index: net/third_party/nss/ssl/sslimpl.h
-===================================================================
---- net/third_party/nss/ssl/sslimpl.h (revision 125777)
-+++ net/third_party/nss/ssl/sslimpl.h (working copy)
-@@ -1715,11 +1715,11 @@
- SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
- PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
-
--SECStatus ssl3_TLSPRFWithMasterSecret(
-- ssl3CipherSpec *spec, const char *label,
-- unsigned int labelLen, const unsigned char *val,
-- unsigned int valLen, unsigned char *out,
-- unsigned int outLen);
-+extern SECStatus
-+ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec,
-+ const char *label, unsigned int labelLen,
-+ const unsigned char *val, unsigned int valLen,
-+ unsigned char *out, unsigned int outLen);
-
- #ifdef TRACE
- #define SSL_TRACE(msg) ssl_Trace msg
-Index: net/third_party/nss/ssl/ssl3ext.c
-===================================================================
---- net/third_party/nss/ssl/ssl3ext.c (revision 125777)
-+++ net/third_party/nss/ssl/ssl3ext.c (working copy)
-@@ -606,10 +606,7 @@
- unsigned char resultBuffer[255];
- SECItem result = { siBuffer, resultBuffer, 0 };
-
-- if (ss->firstHsDone) {
-- PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
-- return SECFailure;
-- }
-+ PORT_Assert(!ss->firstHsDone);
-
- rv = ssl3_ValidateNextProtoNego(data->data, data->len);
- if (rv != SECSuccess)
-@@ -621,6 +618,8 @@
- */
- PORT_Assert(ss->nextProtoCallback != NULL);
- if (!ss->nextProtoCallback) {
-+ /* XXX Use a better error code. This is an application error, not an
-+ * NSS bug. */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
-@@ -631,7 +630,7 @@
- return rv;
- /* If the callback wrote more than allowed to |result| it has corrupted our
- * stack. */
-- if (result.len > sizeof result) {
-+ if (result.len > sizeof resultBuffer) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
-Index: net/third_party/nss/ssl/sslsock.c
-===================================================================
---- net/third_party/nss/ssl/sslsock.c (revision 125777)
-+++ net/third_party/nss/ssl/sslsock.c (working copy)
-@@ -1344,7 +1344,7 @@
- return SECSuccess;
- }
-
--/* NextProtoStandardCallback is set as an NPN callback for the case when
-+/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
- * SSL_SetNextProtoNego is used.
- */
- static SECStatus
-@@ -1390,12 +1390,12 @@
- result = ss->opt.nextProtoNego.data;
-
- found:
-- *protoOutLen = result[0];
- if (protoMaxLen < result[0]) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- memcpy(protoOut, result + 1, result[0]);
-+ *protoOutLen = result[0];
- return SECSuccess;
- }
-
-@@ -1449,13 +1449,12 @@
-
- if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
- ss->ssl3.nextProto.data) {
-- *bufLen = ss->ssl3.nextProto.len;
-- if (*bufLen > bufLenMax) {
-+ if (ss->ssl3.nextProto.len > bufLenMax) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-- *bufLen = 0;
- return SECFailure;
- }
- PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
-+ *bufLen = ss->ssl3.nextProto.len;
- } else {
- *bufLen = 0;
- }
-Index: net/third_party/nss/ssl/ssl3con.c
-===================================================================
---- net/third_party/nss/ssl/ssl3con.c (revision 125777)
-+++ net/third_party/nss/ssl/ssl3con.c (working copy)
-@@ -8484,9 +8484,9 @@
- return rv;
- }
-
--/* The calling function must acquire and release the appropriate lock (i.e.,
-- * ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for ss->ssl3.crSpec). Any
-- * label must already be concatenated onto the beginning of val.
-+/* The calling function must acquire and release the appropriate
-+ * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
-+ * ss->ssl3.crSpec).
- */
- SECStatus
- ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, const char *label,
-@@ -8508,8 +8508,7 @@
- rv = PK11_DigestBegin(prf_context);
- rv |= PK11_DigestOp(prf_context, (unsigned char *) label, labelLen);
- rv |= PK11_DigestOp(prf_context, val, valLen);
-- rv |= PK11_DigestFinal(prf_context, out,
-- &retLen, outLen);
-+ rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
- PORT_Assert(rv != SECSuccess || retLen == outLen);
-
- PK11_DestroyContext(prf_context, PR_TRUE);
-@@ -8532,15 +8531,15 @@
- static SECStatus
- ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
- PRBool isServer,
-- const SSL3Finished * hashes,
-- TLSFinished * tlsFinished)
-+ const SSL3Finished * hashes,
-+ TLSFinished * tlsFinished)
- {
- const char * label;
-- SECStatus rv;
- unsigned int len;
-+ SECStatus rv;
-
- label = isServer ? "server finished" : "client finished";
-- len = 15;
-+ len = 15;
-
- rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->md5,
- sizeof *hashes, tlsFinished->verify_data,

Powered by Google App Engine
This is Rietveld 408576698