Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/paddingextension.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add CT TLS extension bug number Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/nullcipher_934016.patch ('k') | net/third_party/nss/patches/paddingextensionall.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 index 8b8b758..882e356 100644 2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-03 19:03:25.346656907 -0800
3 --- a/nss/lib/ssl/ssl3con.c 3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-03 19:03:36.916845935 -0800
4 +++ b/nss/lib/ssl/ssl3con.c 4 @@ -4987,6 +4987,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
5 @@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 5 int actual_count = 0;
6 PRBool isTLS = PR_FALSE; 6 PRBool isTLS = PR_FALSE;
7 PRBool requestingResume = PR_FALSE;
8 PRInt32 total_exten_len = 0; 7 PRInt32 total_exten_len = 0;
9 + unsigned paddingExtensionLen; 8 + unsigned paddingExtensionLen;
10 unsigned numCompressionMethods; 9 unsigned numCompressionMethods;
11 PRInt32 flags; 10 PRInt32 flags;
12 11
13 @@ -5241,6 +5242,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 12 @@ -5264,6 +5265,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
14 length += 1 + ss->ssl3.hs.cookieLen; 13 length += 1 + ss->ssl3.hs.cookieLen;
15 } 14 }
16 15
17 + /* A padding extension may be included to ensure that the record containing 16 + /* A padding extension may be included to ensure that the record containing
18 + * the ClientHello doesn't have a length between 256 and 511 bytes 17 + * the ClientHello doesn't have a length between 256 and 511 bytes
19 + * (inclusive). Initial, ClientHello records with such lengths trigger bugs 18 + * (inclusive). Initial, ClientHello records with such lengths trigger bugs
20 + * in F5 devices. 19 + * in F5 devices.
21 + * 20 + *
22 + * This is not done for DTLS nor for renegotiation. */ 21 + * This is not done for DTLS nor for renegotiation. */
23 + if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) { 22 + if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
24 + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length); 23 + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
25 + total_exten_len += paddingExtensionLen; 24 + total_exten_len += paddingExtensionLen;
26 + length += paddingExtensionLen; 25 + length += paddingExtensionLen;
27 + } else { 26 + } else {
28 + paddingExtensionLen = 0; 27 + paddingExtensionLen = 0;
29 + } 28 + }
30 + 29 +
31 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); 30 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
32 if (rv != SECSuccess) { 31 if (rv != SECSuccess) {
33 » return rv;» /* err set by ssl3_AppendHandshake* */ 32 » if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
34 @@ -5360,6 +5375,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) 33 @@ -5398,6 +5413,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
35 return SECFailure; 34 return SECFailure;
36 } 35 }
37 maxBytes -= extLen; 36 maxBytes -= extLen;
38 + 37 +
39 + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes); 38 + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
40 + if (extLen < 0) { 39 + if (extLen < 0) {
41 + return SECFailure; 40 + return SECFailure;
42 + } 41 + }
43 + maxBytes -= extLen; 42 + maxBytes -= extLen;
44 + 43 +
45 PORT_Assert(!maxBytes); 44 PORT_Assert(!maxBytes);
46 } 45 }
47 if (ss->ssl3.hs.sendingSCSV) { 46
48 diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c 47 diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
49 index 0415770..cdebcc9 100644 48 --- a/nss/lib/ssl/ssl3ext.c» 2014-01-03 18:58:03.661401846 -0800
50 --- a/nss/lib/ssl/ssl3ext.c 49 +++ b/nss/lib/ssl/ssl3ext.c» 2014-01-03 19:03:36.916845935 -0800
51 +++ b/nss/lib/ssl/ssl3ext.c 50 @@ -2315,3 +2315,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss
52 @@ -2297,3 +2297,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
53 loser: 51 loser:
54 return -1; 52 return -1;
55 } 53 }
56 + 54 +
57 +unsigned int 55 +unsigned int
58 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) 56 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
59 +{ 57 +{
60 + unsigned int recordLength = 1 /* handshake message type */ + 58 + unsigned int recordLength = 1 /* handshake message type */ +
61 + 3 /* handshake message length */ + 59 + 3 /* handshake message length */ +
62 + clientHelloLength; 60 + clientHelloLength;
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2)) 97 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
100 + return -1; 98 + return -1;
101 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2)) 99 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
102 + return -1; 100 + return -1;
103 + memset(padding, 0, paddingLen); 101 + memset(padding, 0, paddingLen);
104 + if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen)) 102 + if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
105 + return -1; 103 + return -1;
106 + 104 +
107 + return extensionLen; 105 + return extensionLen;
108 +} 106 +}
109 diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h 107 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
110 index 614eed1..9c789bf 100644 108 --- a/nss/lib/ssl/sslimpl.h» 2014-01-03 19:03:25.346656907 -0800
111 --- a/nss/lib/ssl/sslimpl.h 109 +++ b/nss/lib/ssl/sslimpl.h» 2014-01-03 19:03:36.916845935 -0800
112 +++ b/nss/lib/ssl/sslimpl.h
113 @@ -237,6 +237,13 @@ extern PRInt32 110 @@ -237,6 +237,13 @@ extern PRInt32
114 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes, 111 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
115 const ssl3HelloExtensionSender *sender); 112 const ssl3HelloExtensionSender *sender);
116 113
117 +extern unsigned int 114 +extern unsigned int
118 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength); 115 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
119 + 116 +
120 +extern PRInt32 117 +extern PRInt32
121 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen, 118 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
122 + PRUint32 maxBytes); 119 + PRUint32 maxBytes);
123 + 120 +
124 /* Socket ops */ 121 /* Socket ops */
125 struct sslSocketOpsStr { 122 struct sslSocketOpsStr {
126 int (*connect) (sslSocket *, const PRNetAddr *); 123 int (*connect) (sslSocket *, const PRNetAddr *);
127 diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h 124 diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
128 index a8007d8..e4d188f 100644 125 --- a/nss/lib/ssl/sslt.h» 2014-01-03 19:02:30.135754914 -0800
129 --- a/nss/lib/ssl/sslt.h 126 +++ b/nss/lib/ssl/sslt.h» 2014-01-03 19:03:36.916845935 -0800
130 +++ b/nss/lib/ssl/sslt.h
131 @@ -205,9 +205,10 @@ typedef enum { 127 @@ -205,9 +205,10 @@ typedef enum {
132 ssl_session_ticket_xtn = 35, 128 ssl_session_ticket_xtn = 35,
133 ssl_next_proto_nego_xtn = 13172, 129 ssl_next_proto_nego_xtn = 13172,
134 ssl_channel_id_xtn = 30031, 130 ssl_channel_id_xtn = 30032,
135 + ssl_padding_xtn = 35655, 131 + ssl_padding_xtn = 35655,
136 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ 132 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
137 } SSLExtensionType; 133 } SSLExtensionType;
138 134
139 -#define SSL_MAX_EXTENSIONS 11 135 -#define SSL_MAX_EXTENSIONS 11
140 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. * / 136 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. * /
141 137
142 #endif /* __sslt_h_ */ 138 #endif /* __sslt_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/nullcipher_934016.patch ('k') | net/third_party/nss/patches/paddingextensionall.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698