net/third_party/nss/patches/cachecerts.patch - Issue 1053903002: Update libssl to NSS 3.18 RTM

Side by Side Diff: net/third_party/nss/patches/cachecerts.patch

Issue 1053903002: Update libssl to NSS 3.18 RTM (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c	1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c

2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 17:49:26.062517203 -0800	2 index 529eb42..ebaee61 100644

3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 17:51:23.974478249 -0800	3 --- a/ssl/ssl3con.c

	4 +++ b/ssl/ssl3con.c

4 @@ -43,6 +43,7 @@	5 @@ -43,6 +43,7 @@

5	6

6 static SECStatus ssl3_AuthCertificate(sslSocket *ss);	7 static SECStatus ssl3_AuthCertificate(sslSocket *ss);

7 static void ssl3_CleanupPeerCerts(sslSocket *ss);	8 static void ssl3_CleanupPeerCerts(sslSocket *ss);

8 +static void ssl3_CopyPeerCertsFromSID(sslSocket ss, sslSessionID sid);	9 +static void ssl3_CopyPeerCertsFromSID(sslSocket ss, sslSessionID sid);

9 static PK11SymKey ssl3_GenerateRSAPMS(sslSocket ss, ssl3CipherSpec *spec,	10 static PK11SymKey ssl3_GenerateRSAPMS(sslSocket ss, ssl3CipherSpec *spec,

10 PK11SlotInfo * serverKeySlot);	11 PK11SlotInfo * serverKeySlot);

11 static SECStatus ssl3_DeriveMasterSecret(sslSocket ss, PK11SymKey pms);	12 static SECStatus ssl3_DeriveMasterSecret(sslSocket ss, PK11SymKey pms);

12 @@ -6474,6 +6475,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS	13 @@ -6534,6 +6535,7 @@ ssl3_HandleServerHello(sslSocket ss, SSL3Opaque b, PRUin t32 length)

13 /* copy the peer cert from the SID */	14 /* copy the peer cert from the SID */

14 if (sid->peerCert != NULL) {	15 if (sid->peerCert != NULL) {

15 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);	16 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);

16 + ssl3_CopyPeerCertsFromSID(ss, sid);	17 + ssl3_CopyPeerCertsFromSID(ss, sid);

17 }	18 }

18	19

19 /* NULL value for PMS signifies re-use of the old MS */	20 /* NULL value for PMS signifies re-use of the old MS */

20 @@ -8048,6 +8050,7 @@ compression_found:	21 @@ -8127,6 +8129,7 @@ compression_found:

21 ss->sec.ci.sid = sid;	22 ss->sec.ci.sid = sid;

22 if (sid->peerCert != NULL) {	23 if (sid->peerCert != NULL) {

23 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);	24 ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);

24 + ssl3_CopyPeerCertsFromSID(ss, sid);	25 + ssl3_CopyPeerCertsFromSID(ss, sid);

25 }	26 }

26	27

27 /*	28 /*

28 @@ -9662,6 +9665,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)	29 @@ -9750,6 +9753,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)

29 ss->ssl3.peerCertChain = NULL;	30 ss->ssl3.peerCertChain = NULL;

30 }	31 }

31	32

32 +static void	33 +static void

33 +ssl3_CopyPeerCertsFromSID(sslSocket ss, sslSessionID sid)	34 +ssl3_CopyPeerCertsFromSID(sslSocket ss, sslSessionID sid)

34 +{	35 +{

35 + PLArenaPool *arena;	36 + PLArenaPool *arena;

36 + ssl3CertNode *lastCert = NULL;	37 + ssl3CertNode *lastCert = NULL;

37 + ssl3CertNode *certs = NULL;	38 + ssl3CertNode *certs = NULL;

38 + int i;	39 + int i;

(...skipping 24 matching lines...) Expand all Loading...
63 + ssl3CertNode *c = certs;	64 + ssl3CertNode *c = certs;

64 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) {	65 + for (; i < MAX_PEER_CERT_CHAIN_SIZE && c; i++, c = c->next) {

65 + PORT_Assert(!sid->peerCertChain[i]);	66 + PORT_Assert(!sid->peerCertChain[i]);

66 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert);	67 + sid->peerCertChain[i] = CERT_DupCertificate(c->cert);

67 + }	68 + }

68 +}	69 +}

69 +	70 +

70 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete	71 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete

71 * ssl3 CertificateStatus message.	72 * ssl3 CertificateStatus message.

72 * Caller must hold Handshake and RecvBuf locks.	73 * Caller must hold Handshake and RecvBuf locks.

73 @@ -9940,6 +9981,7 @@ ssl3_AuthCertificate(sslSocket *ss)	74 @@ -10028,6 +10069,7 @@ ssl3_AuthCertificate(sslSocket *ss)

74 }	75 }

75	76

76 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);	77 ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);

77 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);	78 + ssl3_CopyPeerCertsToSID(ss->ssl3.peerCertChain, ss->sec.ci.sid);

78	79

79 if (!ss->sec.isServer) {	80 if (!ss->sec.isServer) {

80 CERTCertificate *cert = ss->sec.peerCert;	81 CERTCertificate *cert = ss->sec.peerCert;

81 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h	82 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h

82 --- a/nss/lib/ssl/sslimpl.h» 2014-01-17 17:49:26.072517368 -0800	83 index 858ae0c..88a7039 100644

83 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-17 17:51:23.984478418 -0800	84 --- a/ssl/sslimpl.h

84 @@ -595,6 +595,8 @@ typedef enum {» never_cached,	85 +++ b/ssl/sslimpl.h

	86 @@ -597,6 +597,8 @@ typedef enum {» never_cached,

85 invalid_cache /* no longer in any cache. */	87 invalid_cache /* no longer in any cache. */

86 } Cached;	88 } Cached;

87	89

88 +#define MAX_PEER_CERT_CHAIN_SIZE 8	90 +#define MAX_PEER_CERT_CHAIN_SIZE 8

89 +	91 +

90 struct sslSessionIDStr {	92 struct sslSessionIDStr {

91 /* The global cache lock must be held when accessing these members when the	93 /* The global cache lock must be held when accessing these members when the

92 * sid is in any cache.	94 * sid is in any cache.

93 @@ -609,6 +611,7 @@ struct sslSessionIDStr {	95 @@ -611,6 +613,7 @@ struct sslSessionIDStr {

94 */	96 */

95	97

96 CERTCertificate * peerCert;	98 CERTCertificate * peerCert;

97 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];	99 + CERTCertificate * peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];

98 SECItemArray peerCertStatus; /* client only */	100 SECItemArray peerCertStatus; /* client only */

99 const char * peerID; /* client only */	101 const char * peerID; /* client only */

100 const char * urlSvrName; /* client only */	102 const char * urlSvrName; /* client only */

101 diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c	103 diff --git a/ssl/sslnonce.c b/ssl/sslnonce.c

102 --- a/nss/lib/ssl/sslnonce.c» 2014-01-17 17:49:26.072517368 -0800	104 index 2e861f1..be11008 100644

103 +++ b/nss/lib/ssl/sslnonce.c» 2014-01-17 17:51:23.984478418 -0800	105 --- a/ssl/sslnonce.c

	106 +++ b/ssl/sslnonce.c

104 @@ -164,6 +164,7 @@ lock_cache(void)	107 @@ -164,6 +164,7 @@ lock_cache(void)

105 static void	108 static void

106 ssl_DestroySID(sslSessionID *sid)	109 ssl_DestroySID(sslSessionID *sid)

107 {	110 {

108 + int i;	111 + int i;

109 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));	112 SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));

110 PORT_Assert(sid->references == 0);	113 PORT_Assert(sid->references == 0);

111 PORT_Assert(sid->cached != in_client_cache);	114 PORT_Assert(sid->cached != in_client_cache);

112 @@ -194,6 +195,9 @@ ssl_DestroySID(sslSessionID *sid)	115 @@ -194,6 +195,9 @@ ssl_DestroySID(sslSessionID *sid)

113 if ( sid->peerCert ) {	116 if ( sid->peerCert ) {

114 CERT_DestroyCertificate(sid->peerCert);	117 CERT_DestroyCertificate(sid->peerCert);

115 }	118 }

116 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {	119 + for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {

117 + CERT_DestroyCertificate(sid->peerCertChain[i]);	120 + CERT_DestroyCertificate(sid->peerCertChain[i]);

118 + }	121 + }

119 if (sid->peerCertStatus.items) {	122 if (sid->peerCertStatus.items) {

120 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);	123 SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);

121 }	124 }

OLD	NEW

« no previous file with comments | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/patches/cachelocks.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')