Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(698)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/paddingextension.patch

Issue 142283002: Update net/third_party/nss to NSS_3_15_5_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Fix applypatches.sh mistakes Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/nssrwlock.patch ('k') | net/third_party/nss/patches/paddingextensionall.patch » ('j') | net/third_party/nss/ssl/ssl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 --- a/nss/lib/ssl/ssl3con.c 2014-01-03 19:03:25.346656907 -0800
3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-03 19:03:36.916845935 -0800
4 @@ -4987,6 +4987,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
5 int actual_count = 0;
6 PRBool isTLS = PR_FALSE;
7 PRInt32 total_exten_len = 0;
8 + unsigned paddingExtensionLen;
9 unsigned numCompressionMethods;
10 PRInt32 flags;
11
12 @@ -5264,6 +5265,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
13 length += 1 + ss->ssl3.hs.cookieLen;
14 }
15
16 + /* A padding extension may be included to ensure that the record containing
17 + * the ClientHello doesn't have a length between 256 and 511 bytes
18 + * (inclusive). Initial, ClientHello records with such lengths trigger bugs
19 + * in F5 devices.
20 + *
21 + * This is not done for DTLS nor for renegotiation. */
22 + if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
23 + paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
24 + total_exten_len += paddingExtensionLen;
25 + length += paddingExtensionLen;
26 + } else {
27 + paddingExtensionLen = 0;
28 + }
29 +
30 rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
31 if (rv != SECSuccess) {
32 if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
33 @@ -5398,6 +5413,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
34 return SECFailure;
35 }
36 maxBytes -= extLen;
37 +
38 + extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
39 + if (extLen < 0) {
40 + return SECFailure;
41 + }
42 + maxBytes -= extLen;
43 +
44 PORT_Assert(!maxBytes);
45 }
46
47 diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
48 --- a/nss/lib/ssl/ssl3ext.c 2014-01-03 18:58:03.661401846 -0800
49 +++ b/nss/lib/ssl/ssl3ext.c 2014-01-03 19:03:36.916845935 -0800
50 @@ -2315,3 +2315,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss
51 loser:
52 return -1;
53 }
54 +
55 +unsigned int
56 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
57 +{
58 + unsigned int recordLength = 1 /* handshake message type */ +
59 + 3 /* handshake message length */ +
60 + clientHelloLength;
61 + unsigned int extensionLength;
62 +
63 + if (recordLength < 256 || recordLength >= 512) {
64 + return 0;
65 + }
66 +
67 + extensionLength = 512 - recordLength;
68 + /* Extensions take at least four bytes to encode. */
69 + if (extensionLength < 4) {
70 + extensionLength = 4;
71 + }
72 +
73 + return extensionLength;
74 +}
75 +
76 +/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
77 + * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
78 + * that we don't trigger bugs in F5 products. */
79 +PRInt32
80 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
81 + PRUint32 maxBytes)
82 +{
83 + unsigned int paddingLen = extensionLen - 4;
84 + unsigned char padding[256];
85 +
86 + if (extensionLen == 0) {
87 + return 0;
88 + }
89 +
90 + if (extensionLen < 4 ||
91 + extensionLen > maxBytes ||
92 + paddingLen > sizeof(padding)) {
93 + PORT_Assert(0);
94 + return -1;
95 + }
96 +
97 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
98 + return -1;
99 + if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
100 + return -1;
101 + memset(padding, 0, paddingLen);
102 + if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
103 + return -1;
104 +
105 + return extensionLen;
106 +}
107 diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
108 --- a/nss/lib/ssl/sslimpl.h 2014-01-03 19:03:25.346656907 -0800
109 +++ b/nss/lib/ssl/sslimpl.h 2014-01-03 19:03:36.916845935 -0800
110 @@ -237,6 +237,13 @@ extern PRInt32
111 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
112 const ssl3HelloExtensionSender *sender);
113
114 +extern unsigned int
115 +ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
116 +
117 +extern PRInt32
118 +ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
119 + PRUint32 maxBytes);
120 +
121 /* Socket ops */
122 struct sslSocketOpsStr {
123 int (*connect) (sslSocket *, const PRNetAddr *);
124 diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
125 --- a/nss/lib/ssl/sslt.h 2014-01-03 19:02:30.135754914 -0800
126 +++ b/nss/lib/ssl/sslt.h 2014-01-03 19:03:36.916845935 -0800
127 @@ -205,9 +205,10 @@ typedef enum {
128 ssl_session_ticket_xtn = 35,
129 ssl_next_proto_nego_xtn = 13172,
130 ssl_channel_id_xtn = 30032,
131 + ssl_padding_xtn = 35655,
132 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
133 } SSLExtensionType;
134
135 -#define SSL_MAX_EXTENSIONS 11
136 +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. * /
137
138 #endif /* __sslt_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/nssrwlock.patch ('k') | net/third_party/nss/patches/paddingextensionall.patch » ('j') | net/third_party/nss/ssl/ssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698