Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(595)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/tls12chromium.patch

Issue 142283002: Update net/third_party/nss to NSS_3_15_5_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Fix applypatches.sh mistakes Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/signedcertificatetimestamps.patch ('k') | net/third_party/nss/patches/tlsunique.patch » ('j') | net/third_party/nss/ssl/ssl.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-03 18:55:44.659133336 -0800 2 --- a/nss/lib/ssl/ssl3con.c» 2014-01-17 18:00:11.213237373 -0800
3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-03 18:57:20.390695317 -0800 3 +++ b/nss/lib/ssl/ssl3con.c» 2014-01-17 18:04:22.497405273 -0800
4 @@ -31,6 +31,15 @@ 4 @@ -31,6 +31,15 @@
5 #include "blapi.h" 5 #include "blapi.h"
6 #endif 6 #endif
7 7
8 +/* This is a bodge to allow this code to be compiled against older NSS headers 8 +/* This is a bodge to allow this code to be compiled against older NSS headers
9 + * that don't contain the TLS 1.2 changes. */ 9 + * that don't contain the TLS 1.2 changes. */
10 +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 10 +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256
11 +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) 11 +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
12 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) 12 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
13 +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) 13 +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
14 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 14 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
15 +#endif 15 +#endif
16 + 16 +
17 #include <stdio.h> 17 #include <stdio.h>
18 #ifdef NSS_ENABLE_ZLIB 18 #ifdef NSS_ENABLE_ZLIB
19 #include "zlib.h" 19 #include "zlib.h"
20 diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c 20 diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
21 --- a/nss/lib/ssl/ssl3ecc.c» 2014-01-03 18:56:43.300090124 -0800 21 --- a/nss/lib/ssl/ssl3ecc.c» 2014-01-17 18:01:31.474568608 -0800
22 +++ b/nss/lib/ssl/ssl3ecc.c» 2014-01-03 18:57:20.390695317 -0800 22 +++ b/nss/lib/ssl/ssl3ecc.c» 2014-01-17 18:04:22.497405273 -0800
23 @@ -30,6 +30,12 @@ 23 @@ -30,6 +30,12 @@
24 24
25 #include <stdio.h> 25 #include <stdio.h>
26 26
27 +/* This is a bodge to allow this code to be compiled against older NSS headers 27 +/* This is a bodge to allow this code to be compiled against older NSS headers
28 + * that don't contain the TLS 1.2 changes. */ 28 + * that don't contain the TLS 1.2 changes. */
29 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 29 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
30 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 30 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
31 +#endif 31 +#endif
32 + 32 +
33 #ifdef NSS_ENABLE_ECC 33 #ifdef NSS_ENABLE_ECC
34 34
35 #ifndef PK11_SETATTRS 35 #ifndef PK11_SETATTRS
36 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c 36 diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
37 --- a/nss/lib/ssl/sslsock.c» 2014-01-03 18:55:44.669133500 -0800 37 --- a/nss/lib/ssl/sslsock.c» 2014-01-17 18:00:11.213237373 -0800
38 +++ b/nss/lib/ssl/sslsock.c» 2014-01-03 18:57:20.400695477 -0800 38 +++ b/nss/lib/ssl/sslsock.c» 2014-01-17 18:04:22.497405273 -0800
39 @@ -17,8 +17,15 @@ 39 @@ -17,8 +17,15 @@
40 #ifndef NO_PKCS11_BYPASS 40 #ifndef NO_PKCS11_BYPASS
41 #include "blapi.h" 41 #include "blapi.h"
42 #endif 42 #endif
43 +#include "pk11pub.h" 43 +#include "pk11pub.h"
44 #include "nss.h" 44 #include "nss.h"
45 45
46 +/* This is a bodge to allow this code to be compiled against older NSS headers 46 +/* This is a bodge to allow this code to be compiled against older NSS headers
47 + * that don't contain the TLS 1.2 changes. */ 47 + * that don't contain the TLS 1.2 changes. */
48 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 48 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
49 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 49 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
50 +#endif 50 +#endif
51 + 51 +
52 #define SET_ERROR_CODE /* reminder */ 52 #define SET_ERROR_CODE /* reminder */
53 53
54 static const sslSocketOps ssl_default_ops = { /* No SSL. */ 54 static const sslSocketOps ssl_default_ops = { /* No SSL. */
55 @@ -1814,6 +1821,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV 55 @@ -1836,6 +1843,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLV
56 return SECSuccess; 56 return SECSuccess;
57 } 57 }
58 58
59 +static PRCallOnceType checkTLS12TokenOnce; 59 +static PRCallOnceType checkTLS12TokenOnce;
60 +static PRBool tls12TokenExists; 60 +static PRBool tls12TokenExists;
61 + 61 +
62 +static PRStatus 62 +static PRStatus
63 +ssl_CheckTLS12Token(void) 63 +ssl_CheckTLS12Token(void)
64 +{ 64 +{
65 + tls12TokenExists = 65 + tls12TokenExists =
66 + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); 66 + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
67 + return PR_SUCCESS; 67 + return PR_SUCCESS;
68 +} 68 +}
69 + 69 +
70 +static PRBool 70 +static PRBool
71 +ssl_TLS12TokenExists(void) 71 +ssl_TLS12TokenExists(void)
72 +{ 72 +{
73 + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); 73 + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
74 + return tls12TokenExists; 74 + return tls12TokenExists;
75 +} 75 +}
76 + 76 +
77 SECStatus 77 SECStatus
78 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) 78 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
79 { 79 {
80 @@ -1834,6 +1859,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons 80 @@ -1856,6 +1881,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
81 ssl_GetSSL3HandshakeLock(ss); 81 ssl_GetSSL3HandshakeLock(ss);
82 82
83 ss->vrange = *vrange; 83 ss->vrange = *vrange;
84 + /* If we don't have a sufficiently up-to-date softoken then we cannot do 84 + /* If we don't have a sufficiently up-to-date softoken then we cannot do
85 + * TLS 1.2. */ 85 + * TLS 1.2. */
86 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && 86 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
87 + !ssl_TLS12TokenExists()) { 87 + !ssl_TLS12TokenExists()) {
88 + /* If the user requested a minimum version of 1.2, then we don't 88 + /* If the user requested a minimum version of 1.2, then we don't
89 + * silently downgrade. */ 89 + * silently downgrade. */
90 + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { 90 + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
91 + ssl_ReleaseSSL3HandshakeLock(ss); 91 + ssl_ReleaseSSL3HandshakeLock(ss);
92 + ssl_Release1stHandshakeLock(ss); 92 + ssl_Release1stHandshakeLock(ss);
93 + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); 93 + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
94 + return SECFailure; 94 + return SECFailure;
95 + } 95 + }
96 + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; 96 + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
97 + } 97 + }
98 98
99 ssl_ReleaseSSL3HandshakeLock(ss); 99 ssl_ReleaseSSL3HandshakeLock(ss);
100 ssl_Release1stHandshakeLock(ss); 100 ssl_Release1stHandshakeLock(ss);
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/signedcertificatetimestamps.patch ('k') | net/third_party/nss/patches/tlsunique.patch » ('j') | net/third_party/nss/ssl/ssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698