| Index: net/third_party/nss/patches/paddingextension.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/paddingextension.patch (revision 245705)
|
| +++ net/third_party/nss/patches/paddingextension.patch (working copy)
|
| @@ -1,138 +0,0 @@
|
| -diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
|
| ---- a/nss/lib/ssl/ssl3con.c 2014-01-03 19:03:25.346656907 -0800
|
| -+++ b/nss/lib/ssl/ssl3con.c 2014-01-03 19:03:36.916845935 -0800
|
| -@@ -4987,6 +4987,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| - int actual_count = 0;
|
| - PRBool isTLS = PR_FALSE;
|
| - PRInt32 total_exten_len = 0;
|
| -+ unsigned paddingExtensionLen;
|
| - unsigned numCompressionMethods;
|
| - PRInt32 flags;
|
| -
|
| -@@ -5264,6 +5265,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| - length += 1 + ss->ssl3.hs.cookieLen;
|
| - }
|
| -
|
| -+ /* A padding extension may be included to ensure that the record containing
|
| -+ * the ClientHello doesn't have a length between 256 and 511 bytes
|
| -+ * (inclusive). Initial, ClientHello records with such lengths trigger bugs
|
| -+ * in F5 devices.
|
| -+ *
|
| -+ * This is not done for DTLS nor for renegotiation. */
|
| -+ if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
|
| -+ paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
|
| -+ total_exten_len += paddingExtensionLen;
|
| -+ length += paddingExtensionLen;
|
| -+ } else {
|
| -+ paddingExtensionLen = 0;
|
| -+ }
|
| -+
|
| - rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
|
| - if (rv != SECSuccess) {
|
| - if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); }
|
| -@@ -5398,6 +5413,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| - return SECFailure;
|
| - }
|
| - maxBytes -= extLen;
|
| -+
|
| -+ extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
|
| -+ if (extLen < 0) {
|
| -+ return SECFailure;
|
| -+ }
|
| -+ maxBytes -= extLen;
|
| -+
|
| - PORT_Assert(!maxBytes);
|
| - }
|
| -
|
| -diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
|
| ---- a/nss/lib/ssl/ssl3ext.c 2014-01-03 18:58:03.661401846 -0800
|
| -+++ b/nss/lib/ssl/ssl3ext.c 2014-01-03 19:03:36.916845935 -0800
|
| -@@ -2315,3 +2315,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss
|
| - loser:
|
| - return -1;
|
| - }
|
| -+
|
| -+unsigned int
|
| -+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
|
| -+{
|
| -+ unsigned int recordLength = 1 /* handshake message type */ +
|
| -+ 3 /* handshake message length */ +
|
| -+ clientHelloLength;
|
| -+ unsigned int extensionLength;
|
| -+
|
| -+ if (recordLength < 256 || recordLength >= 512) {
|
| -+ return 0;
|
| -+ }
|
| -+
|
| -+ extensionLength = 512 - recordLength;
|
| -+ /* Extensions take at least four bytes to encode. */
|
| -+ if (extensionLength < 4) {
|
| -+ extensionLength = 4;
|
| -+ }
|
| -+
|
| -+ return extensionLength;
|
| -+}
|
| -+
|
| -+/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
|
| -+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
|
| -+ * that we don't trigger bugs in F5 products. */
|
| -+PRInt32
|
| -+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
|
| -+ PRUint32 maxBytes)
|
| -+{
|
| -+ unsigned int paddingLen = extensionLen - 4;
|
| -+ unsigned char padding[256];
|
| -+
|
| -+ if (extensionLen == 0) {
|
| -+ return 0;
|
| -+ }
|
| -+
|
| -+ if (extensionLen < 4 ||
|
| -+ extensionLen > maxBytes ||
|
| -+ paddingLen > sizeof(padding)) {
|
| -+ PORT_Assert(0);
|
| -+ return -1;
|
| -+ }
|
| -+
|
| -+ if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
|
| -+ return -1;
|
| -+ if (SECSuccess != ssl3_AppendHandshakeNumber(ss, paddingLen, 2))
|
| -+ return -1;
|
| -+ memset(padding, 0, paddingLen);
|
| -+ if (SECSuccess != ssl3_AppendHandshake(ss, padding, paddingLen))
|
| -+ return -1;
|
| -+
|
| -+ return extensionLen;
|
| -+}
|
| -diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
|
| ---- a/nss/lib/ssl/sslimpl.h 2014-01-03 19:03:25.346656907 -0800
|
| -+++ b/nss/lib/ssl/sslimpl.h 2014-01-03 19:03:36.916845935 -0800
|
| -@@ -237,6 +237,13 @@ extern PRInt32
|
| - ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
|
| - const ssl3HelloExtensionSender *sender);
|
| -
|
| -+extern unsigned int
|
| -+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
|
| -+
|
| -+extern PRInt32
|
| -+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
|
| -+ PRUint32 maxBytes);
|
| -+
|
| - /* Socket ops */
|
| - struct sslSocketOpsStr {
|
| - int (*connect) (sslSocket *, const PRNetAddr *);
|
| -diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
|
| ---- a/nss/lib/ssl/sslt.h 2014-01-03 19:02:30.135754914 -0800
|
| -+++ b/nss/lib/ssl/sslt.h 2014-01-03 19:03:36.916845935 -0800
|
| -@@ -205,9 +205,10 @@ typedef enum {
|
| - ssl_session_ticket_xtn = 35,
|
| - ssl_next_proto_nego_xtn = 13172,
|
| - ssl_channel_id_xtn = 30032,
|
| -+ ssl_padding_xtn = 35655,
|
| - ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
|
| - } SSLExtensionType;
|
| -
|
| --#define SSL_MAX_EXTENSIONS 11
|
| -+#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */
|
| -
|
| - #endif /* __sslt_h_ */
|
|
|
Chromium Code Reviews
Issue 142283002:
Update net/third_party/nss to NSS_3_15_5_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/