Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(129)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/patches/cbc.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add CT TLS extension bug number Created 6 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/canfalsestart.patch ('k') | net/third_party/nss/patches/chacha20poly1305.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/cbc.patch
===================================================================
--- net/third_party/nss/patches/cbc.patch (revision 242942)
+++ net/third_party/nss/patches/cbc.patch (working copy)
@@ -1,81 +0,0 @@
-diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2013-07-31 14:10:35.113325316 -0700
-+++ b/nss/lib/ssl/ssl3con.c 2013-07-31 14:12:00.254575103 -0700
-@@ -2157,6 +2157,20 @@ ssl3_ComputeRecordMAC(
- return rv;
- }
-
-+/* This is a bodge to allow this code to be compiled against older NSS headers
-+ * that don't contain the CBC constant-time changes. */
-+#ifndef CKM_NSS_HMAC_CONSTANT_TIME
-+#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
-+#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
-+
-+typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
-+ CK_MECHANISM_TYPE macAlg; /* in */
-+ CK_ULONG ulBodyTotalLen; /* in */
-+ CK_BYTE * pHeader; /* in */
-+ CK_ULONG ulHeaderLen; /* in */
-+} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
-+#endif
-+
- /* Called from: ssl3_HandleRecord()
- * Caller must already hold the SpecReadLock. (wish we could assert that!)
- *
-@@ -2179,7 +2193,8 @@ ssl3_ComputeRecordMACConstantTime(
- {
- CK_MECHANISM_TYPE macType;
- CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
-- SECItem param, inputItem, outputItem;
-+ PK11Context * mac_context;
-+ SECItem param;
- SECStatus rv;
- unsigned char header[13];
- PK11SymKey * key;
-@@ -2240,34 +2255,27 @@ ssl3_ComputeRecordMACConstantTime(
- param.len = sizeof(params);
- param.type = 0;
-
-- inputItem.data = (unsigned char *) input;
-- inputItem.len = inputLen;
-- inputItem.type = 0;
--
-- outputItem.data = outbuf;
-- outputItem.len = *outLen;
-- outputItem.type = 0;
--
- key = spec->server.write_mac_key;
- if (!useServerMacKey) {
- key = spec->client.write_mac_key;
- }
-+ mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
-+ if (mac_context == NULL) {
-+ /* Older versions of NSS may not support constant-time MAC. */
-+ goto fallback;
-+ }
-
-- rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
-- if (rv != SECSuccess) {
-- if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
-- goto fallback;
-- }
-+ rv = PK11_DigestBegin(mac_context);
-+ rv |= PK11_DigestOp(mac_context, input, inputLen);
-+ rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
-+ PK11_DestroyContext(mac_context, PR_TRUE);
-
-- *outLen = 0;
-+ PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
-+
-+ if (rv != SECSuccess) {
- rv = SECFailure;
- ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-- return rv;
- }
--
-- PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
-- *outLen = outputItem.len;
--
- return rv;
-
- fallback:
« no previous file with comments | « net/third_party/nss/patches/canfalsestart.patch ('k') | net/third_party/nss/patches/chacha20poly1305.patch » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698