Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(42)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/tlsunique.patch

Issue 11275240: Update net/third_party/nss/ssl to NSS 3.14. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before commit Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/sslprotocolvariant.patch ('k') | net/third_party/nss/patches/versionskew.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h 1 diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co n.c
2 index bb8c0b7..518cb21 100644 2 --- a/net/third_party/nss/ssl/ssl3con.c»2012-11-09 16:13:22.012407752 -0800
3 --- a/net/third_party/nss/ssl/ssl.h 3 +++ b/net/third_party/nss/ssl/ssl3con.c»2012-11-09 16:14:14.123162240 -0800
4 +++ b/net/third_party/nss/ssl/ssl.h 4 @@ -10719,6 +10719,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
5 @@ -282,6 +282,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 ciphe r, PRBool *enabled);
6 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
7 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
8
9 +/* SSLChannelBindingType enumerates the types of supported channel binding
10 + * values. See RFC 5929. */
11 +typedef enum SSLChannelBindingType {
12 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
13 +} SSLChannelBindingType;
14 +
15 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined
16 + * in RFC 5929, into |out|. The full length of the binding value is written
17 + * into |*outLen|.
18 + *
19 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is
20 + * insufficient then the function returns SECFailure and sets the error to
21 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
22 + *
23 + * This call will fail if made during a renegotiation. */
24 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
25 +» » » » » SSLChannelBindingType binding_type,
26 +» » » » » unsigned char *out,
27 +» » » » » unsigned int *outLen,
28 +» » » » » unsigned int outLenMax);
29 +
30 /* SSL Version Range API
31 **
32 ** This API should be used to control SSL 3.0 & TLS support instead of the
33 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con .c
34 index 0f1cdc6..1f6def2 100644
35 --- a/net/third_party/nss/ssl/ssl3con.c
36 +++ b/net/third_party/nss/ssl/ssl3con.c
37 @@ -10539,6 +10539,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
38 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); 5 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
39 } 6 }
40 7
41 +SECStatus 8 +SECStatus
42 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, 9 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
43 + unsigned char *out, 10 + unsigned char *out,
44 + unsigned int *outLen, 11 + unsigned int *outLen,
45 + unsigned int outLenMax) { 12 + unsigned int outLenMax) {
46 + PRBool isTLS; 13 + PRBool isTLS;
47 + int index = 0; 14 + int index = 0;
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 + rv = SECSuccess; 63 + rv = SECSuccess;
97 + 64 +
98 +loser: 65 +loser:
99 + ssl_ReleaseSSL3HandshakeLock(ss); 66 + ssl_ReleaseSSL3HandshakeLock(ss);
100 + return rv; 67 + return rv;
101 +} 68 +}
102 + 69 +
103 /* ssl3_config_match_init must have already been called by 70 /* ssl3_config_match_init must have already been called by
104 * the caller of this function. 71 * the caller of this function.
105 */ 72 */
106 diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl .h 73 diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
107 index adad5d0..eda1885 100644 74 --- a/net/third_party/nss/ssl/ssl.h» 2012-11-09 16:13:22.062408475 -0800
108 --- a/net/third_party/nss/ssl/sslimpl.h 75 +++ b/net/third_party/nss/ssl/ssl.h» 2012-11-09 16:14:14.123162240 -0800
109 +++ b/net/third_party/nss/ssl/sslimpl.h 76 @@ -250,6 +250,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
110 @@ -1775,6 +1775,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivat eKey *svrPrivKey, 77 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
78 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
79
80 +/* SSLChannelBindingType enumerates the types of supported channel binding
81 + * values. See RFC 5929. */
82 +typedef enum SSLChannelBindingType {
83 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
84 +} SSLChannelBindingType;
85 +
86 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined
87 + * in RFC 5929, into |out|. The full length of the binding value is written
88 + * into |*outLen|.
89 + *
90 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is
91 + * insufficient then the function returns SECFailure and sets the error to
92 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
93 + *
94 + * This call will fail if made during a renegotiation. */
95 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
96 +» » » » » SSLChannelBindingType binding_type,
97 +» » » » » unsigned char *out,
98 +» » » » » unsigned int *outLen,
99 +» » » » » unsigned int outLenMax);
100 +
101 /* SSL Version Range API
102 **
103 ** This API should be used to control SSL 3.0 & TLS support instead of the
104 diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp l.h
105 --- a/net/third_party/nss/ssl/sslimpl.h»2012-11-09 16:13:22.062408475 -0800
106 +++ b/net/third_party/nss/ssl/sslimpl.h»2012-11-09 16:14:14.123162240 -0800
107 @@ -1732,6 +1732,11 @@ extern PRBool ssl_GetSessionTicketKeysPK
111 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, 108 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
112 unsigned int length); 109 unsigned int length);
113 110
114 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, 111 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
115 + unsigned char *out, 112 + unsigned char *out,
116 + unsigned int *outLen, 113 + unsigned int *outLen,
117 + unsigned int outLenMax); 114 + unsigned int outLenMax);
118 + 115 +
119 /* Construct a new NSPR socket for the app to use */ 116 /* Construct a new NSPR socket for the app to use */
120 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); 117 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
121 extern void ssl_FreePRSocket(PRFileDesc *fd); 118 extern void ssl_FreePRSocket(PRFileDesc *fd);
122 diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock .c 119 diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsoc k.c
123 index 9387a21..1823a1c 100644 120 --- a/net/third_party/nss/ssl/sslsock.c»2012-11-09 16:13:22.062408475 -0800
124 --- a/net/third_party/nss/ssl/sslsock.c 121 +++ b/net/third_party/nss/ssl/sslsock.c»2012-11-09 16:14:14.123162240 -0800
125 +++ b/net/third_party/nss/ssl/sslsock.c 122 @@ -1354,6 +1354,27 @@ NSS_SetFrancePolicy(void)
126 @@ -1382,6 +1382,27 @@ NSS_SetFrancePolicy(void)
127 return NSS_SetDomesticPolicy(); 123 return NSS_SetDomesticPolicy();
128 } 124 }
129 125
130 +SECStatus 126 +SECStatus
131 +SSL_GetChannelBinding(PRFileDesc *fd, 127 +SSL_GetChannelBinding(PRFileDesc *fd,
132 + SSLChannelBindingType binding_type, 128 + SSLChannelBindingType binding_type,
133 + unsigned char *out, 129 + unsigned char *out,
134 + unsigned int *outLen, 130 + unsigned int *outLen,
135 + unsigned int outLenMax) { 131 + unsigned int outLenMax) {
136 + sslSocket *ss = ssl_FindSocket(fd); 132 + sslSocket *ss = ssl_FindSocket(fd);
137 + 133 +
138 + if (!ss) { 134 + if (!ss) {
139 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding", 135 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
140 + SSL_GETPID(), fd)); 136 + SSL_GETPID(), fd));
141 + return SECFailure; 137 + return SECFailure;
142 + } 138 + }
143 + 139 +
144 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) { 140 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
145 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); 141 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
146 + return SECFailure; 142 + return SECFailure;
147 + } 143 + }
148 + 144 +
149 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax); 145 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
150 +} 146 +}
151 147
152 148
153 /* LOCKS ??? XXX */ 149 /* LOCKS ??? XXX */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/sslprotocolvariant.patch ('k') | net/third_party/nss/patches/versionskew.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698