Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1641)

Unified Diff: net/third_party/nss/patches/channelid.patch

Issue 111853013: Update net/third_party/nss to NSS 3.15.4. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Update the comment in sslenum.c for the two CHACHA20 cipher suites Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/patches/chacha20poly1305.patch ('k') | net/third_party/nss/patches/channelid2.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/channelid.patch
===================================================================
--- net/third_party/nss/patches/channelid.patch (revision 242942)
+++ net/third_party/nss/patches/channelid.patch (working copy)
@@ -1,6 +1,6 @@
diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
---- a/nss/lib/ssl/ssl3con.c 2013-07-31 12:45:11.497944276 -0700
-+++ b/nss/lib/ssl/ssl3con.c 2013-07-31 12:51:32.663550380 -0700
+--- a/nss/lib/ssl/ssl3con.c 2014-01-03 19:36:09.938766379 -0800
++++ b/nss/lib/ssl/ssl3con.c 2014-01-03 19:37:50.360408300 -0800
@@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateSta
static SECStatus ssl3_SendEmptyCertificate( sslSocket *ss);
static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
@@ -9,7 +9,7 @@
static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
static SECStatus ssl3_SendServerHello( sslSocket *ss);
static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-@@ -5891,6 +5892,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6198,6 +6199,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
}
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -25,7 +25,7 @@
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
goto loser; /* alert has been sent */
-@@ -6170,7 +6180,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6480,7 +6490,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
if (rv != SECSuccess) {
goto alert_loser; /* err code was set */
}
@@ -34,7 +34,7 @@
} while (0);
if (sid_match)
-@@ -6196,6 +6206,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -6506,6 +6516,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
ss->ssl3.hs.isResuming = PR_FALSE;
ss->ssl3.hs.ws = wait_server_cert;
@@ -62,28 +62,66 @@
return SECSuccess;
alert_loser:
-@@ -6993,6 +7024,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -7467,7 +7498,14 @@ ssl3_SendClientSecondRound(sslSocket *ss
+ if (rv != SECSuccess) {
goto loser; /* err code was set. */
}
- }
++ }
+
+ rv = ssl3_SendEncryptedExtensions(ss);
+ if (rv != SECSuccess) {
+ goto loser; /* err code was set. */
+ }
++
++ if (!ss->firstHsDone) {
+ if (ss->opt.enableFalseStart) {
+ if (!ss->ssl3.hs.authCertificatePending) {
+ /* When we fix bug 589047, we will need to know whether we are
+@@ -7504,6 +7542,33 @@ ssl3_SendClientSecondRound(sslSocket *ss
- rv = ssl3_SendFinished(ss, 0);
- if (rv != SECSuccess) {
-@@ -9947,6 +9982,165 @@ ssl3_RecordKeyLog(sslSocket *ss)
- return;
+ ssl_ReleaseXmitBufLock(ss); /*******************************/
+
++ if (!ss->ssl3.hs.isResuming &&
++ ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
++ /* If we are negotiating ChannelID on a full handshake then we record
++ * the handshake hashes in |sid| at this point. They will be needed in
++ * the event that we resume this session and use ChannelID on the
++ * resumption handshake. */
++ SSL3Hashes hashes;
++ SECItem *originalHandshakeHash =
++ &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
++ PORT_Assert(ss->sec.ci.sid->cached == never_cached);
++
++ ssl_GetSpecReadLock(ss);
++ PORT_Assert(ss->version > SSL_LIBRARY_VERSION_3_0);
++ rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.cwSpec, &hashes, 0);
++ ssl_ReleaseSpecReadLock(ss);
++ if (rv != SECSuccess) {
++ return rv;
++ }
++
++ PORT_Assert(originalHandshakeHash->len == 0);
++ originalHandshakeHash->data = PORT_Alloc(hashes.len);
++ if (!originalHandshakeHash->data)
++ return SECFailure;
++ originalHandshakeHash->len = hashes.len;
++ memcpy(originalHandshakeHash->data, hashes.u.raw, hashes.len);
++ }
++
+ if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
+ ss->ssl3.hs.ws = wait_new_session_ticket;
+ else
+@@ -10469,6 +10534,184 @@ ssl3_RecordKeyLog(sslSocket *ss)
}
-+/* called from ssl3_SendClientSecondRound
+ /* called from ssl3_SendClientSecondRound
+ * ssl3_HandleFinished
+ */
+static SECStatus
+ssl3_SendEncryptedExtensions(sslSocket *ss)
+{
+ static const char CHANNEL_ID_MAGIC[] = "TLS Channel ID signature";
++ static const char CHANNEL_ID_RESUMPTION_MAGIC[] = "Resumption";
+ /* This is the ASN.1 prefix for a P-256 public key. Specifically it's:
+ * SEQUENCE
+ * SEQUENCE
@@ -109,7 +147,10 @@
+ SECItem *spki = NULL;
+ SSL3Hashes hashes;
+ const unsigned char *pub_bytes;
-+ unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) + sizeof(SSL3Hashes)];
++ unsigned char signed_data[sizeof(CHANNEL_ID_MAGIC) +
++ sizeof(CHANNEL_ID_RESUMPTION_MAGIC) +
++ sizeof(SSL3Hashes)*2];
++ size_t signed_data_len;
+ unsigned char digest[SHA256_LENGTH];
+ SECItem digest_item;
+ unsigned char signature[64];
@@ -159,11 +200,26 @@
+
+ pub_bytes = spki->data + sizeof(P256_SPKI_PREFIX);
+
-+ memcpy(signed_data, CHANNEL_ID_MAGIC, sizeof(CHANNEL_ID_MAGIC));
-+ memcpy(signed_data + sizeof(CHANNEL_ID_MAGIC), hashes.u.raw, hashes.len);
++ signed_data_len = 0;
++ memcpy(signed_data + signed_data_len, CHANNEL_ID_MAGIC,
++ sizeof(CHANNEL_ID_MAGIC));
++ signed_data_len += sizeof(CHANNEL_ID_MAGIC);
++ if (ss->ssl3.hs.isResuming) {
++ SECItem *originalHandshakeHash =
++ &ss->sec.ci.sid->u.ssl3.originalHandshakeHash;
++ PORT_Assert(originalHandshakeHash->len > 0);
+
-+ rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data,
-+ sizeof(CHANNEL_ID_MAGIC) + hashes.len);
++ memcpy(signed_data + signed_data_len, CHANNEL_ID_RESUMPTION_MAGIC,
++ sizeof(CHANNEL_ID_RESUMPTION_MAGIC));
++ signed_data_len += sizeof(CHANNEL_ID_RESUMPTION_MAGIC);
++ memcpy(signed_data + signed_data_len, originalHandshakeHash->data,
++ originalHandshakeHash->len);
++ signed_data_len += originalHandshakeHash->len;
++ }
++ memcpy(signed_data + signed_data_len, hashes.u.raw, hashes.len);
++ signed_data_len += hashes.len;
++
++ rv = PK11_HashBuf(SEC_OID_SHA256, digest, signed_data, signed_data_len);
+ if (rv != SECSuccess)
+ goto loser;
+
@@ -236,10 +292,11 @@
+ return SECSuccess;
+}
+
- /* called from ssl3_HandleServerHelloDone
++/* called from ssl3_SendClientSecondRound
* ssl3_HandleClientHello
* ssl3_HandleFinished
-@@ -10202,11 +10396,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
+ */
+@@ -10728,11 +10971,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
@@ -260,7 +317,7 @@
}
if (IS_DTLS(ss)) {
-@@ -11635,6 +11834,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -12212,6 +12460,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ssl_FreePlatformKey(ss->ssl3.platformClientKey);
#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -273,8 +330,8 @@
ssl3_CleanupPeerCerts(ss);
diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
---- a/nss/lib/ssl/ssl3ext.c 2013-07-31 12:40:14.493586151 -0700
-+++ b/nss/lib/ssl/ssl3ext.c 2013-07-31 12:45:50.338515793 -0700
+--- a/nss/lib/ssl/ssl3ext.c 2014-01-03 19:31:09.783859095 -0800
++++ b/nss/lib/ssl/ssl3ext.c 2014-01-03 19:36:25.379018825 -0800
@@ -60,6 +60,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo
PRUint32 maxBytes);
static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
@@ -302,7 +359,7 @@
{ ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
{ ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }
/* any extra entries will appear as { 0, NULL } */
-@@ -660,6 +666,52 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
+@@ -669,6 +675,61 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
}
return extension_length;
@@ -339,6 +396,15 @@
+ return 0;
+ }
+
++ if (ss->sec.ci.sid->cached != never_cached &&
++ ss->sec.ci.sid->u.ssl3.originalHandshakeHash.len == 0) {
++ /* We can't do ChannelID on a connection if we're resuming and didn't
++ * do ChannelID on the original connection: without ChannelID on the
++ * original connection we didn't record the handshake hashes needed for
++ * the signature. */
++ return 0;
++ }
++
+ if (append) {
+ SECStatus rv;
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_channel_id_xtn, 2);
@@ -356,8 +422,8 @@
loser:
return -1;
diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
---- a/nss/lib/ssl/ssl3prot.h 2013-07-31 12:07:10.974699609 -0700
-+++ b/nss/lib/ssl/ssl3prot.h 2013-07-31 12:45:50.338515793 -0700
+--- a/nss/lib/ssl/ssl3prot.h 2014-01-03 19:28:03.550814608 -0800
++++ b/nss/lib/ssl/ssl3prot.h 2014-01-03 19:36:25.379018825 -0800
@@ -129,7 +129,8 @@ typedef enum {
client_key_exchange = 16,
finished = 20,
@@ -369,9 +435,9 @@
typedef struct {
diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
---- a/nss/lib/ssl/sslauth.c 2013-07-31 12:40:14.503586299 -0700
-+++ b/nss/lib/ssl/sslauth.c 2013-07-31 12:45:50.338515793 -0700
-@@ -219,6 +219,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+--- a/nss/lib/ssl/sslauth.c 2014-01-03 19:31:09.783859095 -0800
++++ b/nss/lib/ssl/sslauth.c 2014-01-03 19:36:25.379018825 -0800
+@@ -216,6 +216,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
return SECSuccess;
}
@@ -397,8 +463,8 @@
/* NEED LOCKS IN HERE. */
SECStatus
diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
---- a/nss/lib/ssl/sslerr.h 2013-07-31 12:07:10.974699609 -0700
-+++ b/nss/lib/ssl/sslerr.h 2013-07-31 12:45:50.338515793 -0700
+--- a/nss/lib/ssl/sslerr.h 2014-01-03 19:28:03.550814608 -0800
++++ b/nss/lib/ssl/sslerr.h 2014-01-03 19:36:25.379018825 -0800
@@ -193,6 +193,10 @@ SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM = (
SSL_ERROR_DIGEST_FAILURE = (SSL_ERROR_BASE + 127),
SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
@@ -411,8 +477,8 @@
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
---- a/nss/lib/ssl/SSLerrs.h 2013-07-31 12:07:10.964699464 -0700
-+++ b/nss/lib/ssl/SSLerrs.h 2013-07-31 12:45:50.338515793 -0700
+--- a/nss/lib/ssl/SSLerrs.h 2014-01-03 19:28:03.540814444 -0800
++++ b/nss/lib/ssl/SSLerrs.h 2014-01-03 19:36:25.379018825 -0800
@@ -412,3 +412,12 @@ ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR
ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
@@ -427,9 +493,9 @@
+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 131),
+"The application could not get a TLS Channel ID.")
diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
---- a/nss/lib/ssl/ssl.h 2013-07-31 12:45:11.497944276 -0700
-+++ b/nss/lib/ssl/ssl.h 2013-07-31 12:45:50.338515793 -0700
-@@ -958,6 +958,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
+--- a/nss/lib/ssl/ssl.h 2014-01-03 19:36:09.938766379 -0800
++++ b/nss/lib/ssl/ssl.h 2014-01-03 19:36:25.379018825 -0800
+@@ -985,6 +985,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
PRBool *last_handshake_resumed);
@@ -465,9 +531,24 @@
** How long should we wait before retransmitting the next flight of
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
---- a/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:11.497944276 -0700
-+++ b/nss/lib/ssl/sslimpl.h 2013-07-31 12:45:50.338515793 -0700
-@@ -921,6 +921,9 @@ struct ssl3StateStr {
+--- a/nss/lib/ssl/sslimpl.h 2014-01-03 19:36:09.938766379 -0800
++++ b/nss/lib/ssl/sslimpl.h 2014-01-03 19:36:25.379018825 -0800
+@@ -700,6 +700,14 @@ struct sslSessionIDStr {
+
+ SECItem srvName;
+
++ /* originalHandshakeHash contains the hash of the original, full
++ * handshake prior to the server's final flow. This is either a
++ * SHA-1/MD5 combination (for TLS < 1.2) or the TLS PRF hash (for
++ * TLS 1.2). This is recorded and used only when ChannelID is
++ * negotiated as it's used to bind the ChannelID signature on the
++ * resumption handshake to the original handshake. */
++ SECItem originalHandshakeHash;
++
+ /* This lock is lazily initialized by CacheSID when a sid is first
+ * cached. Before then, there is no need to lock anything because
+ * the sid isn't being shared by anything.
+@@ -969,6 +977,9 @@ struct ssl3StateStr {
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
@@ -477,7 +558,7 @@
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
-@@ -1192,6 +1195,8 @@ const unsigned char * preferredCipher;
+@@ -1246,6 +1257,8 @@ const unsigned char * preferredCipher;
void *pkcs11PinArg;
SSLNextProtoCallback nextProtoCallback;
void *nextProtoArg;
@@ -486,7 +567,7 @@
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
-@@ -1524,6 +1529,11 @@ extern SECStatus ssl3_RestartHandshakeAf
+@@ -1590,6 +1603,11 @@ extern SECStatus ssl3_RestartHandshakeAf
SECKEYPrivateKey * key,
CERTCertificateList *certChain);
@@ -498,10 +579,23 @@
extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
/*
+diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
+--- a/nss/lib/ssl/sslnonce.c 2014-01-03 19:30:40.073373382 -0800
++++ b/nss/lib/ssl/sslnonce.c 2014-01-03 19:36:25.379018825 -0800
+@@ -182,6 +182,9 @@ ssl_DestroySID(sslSessionID *sid)
+ if (sid->u.ssl3.srvName.data) {
+ SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
+ }
++ if (sid->u.ssl3.originalHandshakeHash.data) {
++ SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
++ }
+
+ if (sid->u.ssl3.lock) {
+ PR_DestroyRWLock(sid->u.ssl3.lock);
diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
---- a/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:11.497944276 -0700
-+++ b/nss/lib/ssl/sslsecur.c 2013-07-31 12:45:50.338515793 -0700
-@@ -1502,6 +1502,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
+--- a/nss/lib/ssl/sslsecur.c 2014-01-03 19:36:09.938766379 -0800
++++ b/nss/lib/ssl/sslsecur.c 2014-01-03 19:36:25.379018825 -0800
+@@ -1584,6 +1584,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
return ret;
}
@@ -545,18 +639,18 @@
* this implementation exists to maintain link-time compatibility.
*/
diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
---- a/nss/lib/ssl/sslsock.c 2013-07-31 12:44:32.017363288 -0700
-+++ b/nss/lib/ssl/sslsock.c 2013-07-31 12:45:50.348515937 -0700
-@@ -354,6 +354,8 @@ ssl_DupSocket(sslSocket *os)
- ss->handshakeCallback = os->handshakeCallback;
- ss->handshakeCallbackData = os->handshakeCallbackData;
+--- a/nss/lib/ssl/sslsock.c 2014-01-03 19:32:06.914793097 -0800
++++ b/nss/lib/ssl/sslsock.c 2014-01-03 19:36:25.379018825 -0800
+@@ -274,6 +274,8 @@ ssl_DupSocket(sslSocket *os)
+ ss->canFalseStartCallback = os->canFalseStartCallback;
+ ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
ss->pkcs11PinArg = os->pkcs11PinArg;
+ ss->getChannelID = os->getChannelID;
+ ss->getChannelIDArg = os->getChannelIDArg;
/* Create security data */
rv = ssl_CopySecurityInfo(ss, os);
-@@ -1754,6 +1756,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+@@ -1669,6 +1671,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
ss->handshakeCallbackData = sm->handshakeCallbackData;
if (sm->pkcs11PinArg)
ss->pkcs11PinArg = sm->pkcs11PinArg;
@@ -567,7 +661,7 @@
return fd;
loser:
return NULL;
-@@ -3027,6 +3033,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+@@ -2946,6 +2952,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
ss->badCertArg = NULL;
ss->pkcs11PinArg = NULL;
ss->ephemeralECDHKeyPair = NULL;
@@ -577,13 +671,13 @@
ssl_ChooseOps(ss);
ssl2_InitSocketPolicy(ss);
diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
---- a/nss/lib/ssl/sslt.h 2013-07-31 12:07:10.974699609 -0700
-+++ b/nss/lib/ssl/sslt.h 2013-07-31 12:45:50.348515937 -0700
-@@ -184,9 +184,10 @@ typedef enum {
+--- a/nss/lib/ssl/sslt.h 2014-01-03 19:28:03.560814773 -0800
++++ b/nss/lib/ssl/sslt.h 2014-01-03 19:36:25.379018825 -0800
+@@ -189,9 +189,10 @@ typedef enum {
ssl_use_srtp_xtn = 14,
ssl_session_ticket_xtn = 35,
ssl_next_proto_nego_xtn = 13172,
-+ ssl_channel_id_xtn = 30031,
++ ssl_channel_id_xtn = 30032,
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
} SSLExtensionType;
« no previous file with comments | « net/third_party/nss/patches/chacha20poly1305.patch ('k') | net/third_party/nss/patches/channelid2.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698