net/third_party/nss/patches/signedcertificatetimestamps.patch - Issue 142283002: Update net/third_party/nss to NSS_3_15_5_BETA2.

Unified Diff: net/third_party/nss/patches/signedcertificatetimestamps.patch

Issue 142283002: Update net/third_party/nss to NSS_3_15_5_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Fix applypatches.sh mistakes Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/patches/signedcertificatetimestamps.patch

===================================================================

--- net/third_party/nss/patches/signedcertificatetimestamps.patch (revision 245705)

+++ net/third_party/nss/patches/signedcertificatetimestamps.patch (working copy)

@@ -1,7 +1,7 @@

diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c

---- a/nss/lib/ssl/ssl3con.c 2014-01-03 19:03:55.547150312 -0800

-+++ b/nss/lib/ssl/ssl3con.c 2014-01-03 19:04:31.257733748 -0800

-@@ -6681,10 +6681,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS

+--- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:11:28.314468184 -0800

++++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:23:17.946207727 -0800

+@@ -6682,10 +6682,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS

sid->u.ssl3.sessionIDLength = sidBytes.len;

PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len);

@@ -24,7 +24,7 @@

/* If we will need a ChannelID key then we make the callback now. This

* allows the handshake to be restarted cleanly if the callback returns

* SECWouldBlock. */

-@@ -6710,6 +6722,9 @@ alert_loser:

+@@ -6711,6 +6723,9 @@ alert_loser:

(void)SSL3_SendAlert(ss, alert_fatal, desc);

loser:

@@ -35,8 +35,8 @@

return SECFailure;

}

diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c

---- a/nss/lib/ssl/ssl3ext.c 2014-01-03 19:04:20.207553209 -0800

-+++ b/nss/lib/ssl/ssl3ext.c 2014-01-03 19:04:31.257733748 -0800

+--- a/nss/lib/ssl/ssl3ext.c 2014-01-17 18:22:54.945827814 -0800

++++ b/nss/lib/ssl/ssl3ext.c 2014-01-17 18:35:21.798168722 -0800

@@ -81,6 +81,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn

PRUint32 maxBytes);

static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type,

@@ -60,17 +60,17 @@

};

@@ -287,7 +295,9 @@ ssl3HelloExtensionSender clientHelloSend

- { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },

- { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },

- { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },

-- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }

-+ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },

+ { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },

+ { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn },

+ { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },

+- { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }

++ { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },

+ { ssl_signed_certificate_timestamp_xtn,

+ &ssl3_ClientSendSignedCertTimestampXtn }

/* any extra entries will appear as { 0, NULL } */

};

-@@ -2372,3 +2382,65 @@ ssl3_AppendPaddingExtension(sslSocket *s

+@@ -2379,3 +2389,65 @@ ssl3_AppendPaddingExtension(sslSocket *s

return extensionLen;

}

@@ -137,18 +137,19 @@

+ return SECSuccess;

diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h

---- a/nss/lib/ssl/ssl.h 2014-01-03 18:58:03.661401846 -0800

-+++ b/nss/lib/ssl/ssl.h 2014-01-03 19:04:31.257733748 -0800

-@@ -161,6 +161,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF

+--- a/nss/lib/ssl/ssl.h 2014-01-17 18:00:11.213237373 -0800

++++ b/nss/lib/ssl/ssl.h 2014-01-17 18:38:15.791045050 -0800

+@@ -181,6 +181,9 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF

- #define SSL_CBC_RANDOM_IV 23

- #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */

-+/* Request Signed Certificate Timestamps via TLS extension (client) */

-+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 25

+ #define SSL_ENABLE_ALPN 26

++/* Request Signed Certificate Timestamps via TLS extension (client) */

++#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 27

#ifdef SSL_DEPRECATED_FUNCTION

/* Old deprecated function names */

-@@ -464,6 +466,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi

+ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);

+@@ -483,6 +486,23 @@ SSL_IMPORT CERTCertList *SSL_PeerCertifi

SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);

@@ -173,63 +174,17 @@

* in the fd's data, which may be sent as part of a server side cert_status

* handshake message. Parameter |responses| is for the server certificate of

diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h

---- a/nss/lib/ssl/sslimpl.h 2014-01-03 19:03:55.557150476 -0800

-+++ b/nss/lib/ssl/sslimpl.h 2014-01-03 19:04:31.257733748 -0800

-@@ -312,29 +312,30 @@ typedef struct sslOptionsStr {

- * list of supported protocols. */

- SECItem nextProtoNego;

-- unsigned int useSecurity : 1; /* 1 */

-- unsigned int useSocks : 1; /* 2 */

-- unsigned int requestCertificate : 1; /* 3 */

-- unsigned int requireCertificate : 2; /* 4-5 */

-- unsigned int handshakeAsClient : 1; /* 6 */

-- unsigned int handshakeAsServer : 1; /* 7 */

-- unsigned int enableSSL2 : 1; /* 8 */

-- unsigned int unusedBit9 : 1; /* 9 */

-- unsigned int unusedBit10 : 1; /* 10 */

-- unsigned int noCache : 1; /* 11 */

-- unsigned int fdx : 1; /* 12 */

-- unsigned int v2CompatibleHello : 1; /* 13 */

-- unsigned int detectRollBack : 1; /* 14 */

-- unsigned int noStepDown : 1; /* 15 */

-- unsigned int bypassPKCS11 : 1; /* 16 */

-- unsigned int noLocks : 1; /* 17 */

-- unsigned int enableSessionTickets : 1; /* 18 */

-- unsigned int enableDeflate : 1; /* 19 */

-- unsigned int enableRenegotiation : 2; /* 20-21 */

-- unsigned int requireSafeNegotiation : 1; /* 22 */

-- unsigned int enableFalseStart : 1; /* 23 */

-- unsigned int cbcRandomIV : 1; /* 24 */

-- unsigned int enableOCSPStapling : 1; /* 25 */

-+ unsigned int useSecurity : 1; /* 1 */

-+ unsigned int useSocks : 1; /* 2 */

-+ unsigned int requestCertificate : 1; /* 3 */

-+ unsigned int requireCertificate : 2; /* 4-5 */

-+ unsigned int handshakeAsClient : 1; /* 6 */

-+ unsigned int handshakeAsServer : 1; /* 7 */

-+ unsigned int enableSSL2 : 1; /* 8 */

-+ unsigned int unusedBit9 : 1; /* 9 */

-+ unsigned int unusedBit10 : 1; /* 10 */

-+ unsigned int noCache : 1; /* 11 */

-+ unsigned int fdx : 1; /* 12 */

-+ unsigned int v2CompatibleHello : 1; /* 13 */

-+ unsigned int detectRollBack : 1; /* 14 */

-+ unsigned int noStepDown : 1; /* 15 */

-+ unsigned int bypassPKCS11 : 1; /* 16 */

-+ unsigned int noLocks : 1; /* 17 */

-+ unsigned int enableSessionTickets : 1; /* 18 */

-+ unsigned int enableDeflate : 1; /* 19 */

-+ unsigned int enableRenegotiation : 2; /* 20-21 */

-+ unsigned int requireSafeNegotiation : 1; /* 22 */

-+ unsigned int enableFalseStart : 1; /* 23 */

-+ unsigned int cbcRandomIV : 1; /* 24 */

-+ unsigned int enableOCSPStapling : 1; /* 25 */

-+ unsigned int enableSignedCertTimestamps : 1; /* 26 */

+--- a/nss/lib/ssl/sslimpl.h 2014-01-17 18:11:28.314468184 -0800

++++ b/nss/lib/ssl/sslimpl.h 2014-01-17 18:27:22.540248428 -0800

+@@ -337,6 +337,7 @@ typedef struct sslOptionsStr {

+ unsigned int enableOCSPStapling : 1; /* 25 */

+ unsigned int enableNPN : 1; /* 26 */

+ unsigned int enableALPN : 1; /* 27 */

++ unsigned int enableSignedCertTimestamps : 1; /* 28 */

} sslOptions;

typedef enum { sslHandshakingUndetermined = 0,

-@@ -717,6 +718,11 @@ struct sslSessionIDStr {

+@@ -719,6 +720,11 @@ struct sslSessionIDStr {

* resumption handshake to the original handshake. */

SECItem originalHandshakeHash;

@@ -241,7 +196,7 @@

/* This lock is lazily initialized by CacheSID when a sid is first

* cached. Before then, there is no need to lock anything because

* the sid isn't being shared by anything.

-@@ -825,6 +831,18 @@ struct TLSExtensionDataStr {

+@@ -827,6 +833,18 @@ struct TLSExtensionDataStr {

* is beyond ssl3_HandleClientHello function. */

SECItem *sniNameArr;

PRUint32 sniNameArrSize;

@@ -261,9 +216,9 @@

typedef SECStatus (*sslRestartTarget)(sslSocket *);

diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c

---- a/nss/lib/ssl/sslnonce.c 2014-01-03 19:03:25.356657071 -0800

-+++ b/nss/lib/ssl/sslnonce.c 2014-01-03 19:05:48.568996889 -0800

-@@ -133,6 +133,9 @@ ssl_DestroySID(sslSessionID *sid)

+--- a/nss/lib/ssl/sslnonce.c 2014-01-17 18:11:28.314468184 -0800

++++ b/nss/lib/ssl/sslnonce.c 2014-01-17 18:23:17.956207890 -0800

+@@ -131,6 +131,9 @@ ssl_DestroySID(sslSessionID *sid)

if (sid->u.ssl3.originalHandshakeHash.data) {

SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);

}

@@ -274,61 +229,61 @@

if (sid->u.ssl3.lock) {

PR_DestroyRWLock(sid->u.ssl3.lock);

diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c

---- a/nss/lib/ssl/sslsock.c 2014-01-03 18:57:38.240986619 -0800

-+++ b/nss/lib/ssl/sslsock.c 2014-01-03 19:06:53.560058775 -0800

-@@ -85,7 +85,8 @@ static sslOptions ssl_defaults = {

- PR_FALSE, /* requireSafeNegotiation */

- PR_FALSE, /* enableFalseStart */

+--- a/nss/lib/ssl/sslsock.c 2014-01-17 18:04:43.127747463 -0800

++++ b/nss/lib/ssl/sslsock.c 2014-01-17 18:44:09.246889487 -0800

+@@ -87,7 +87,8 @@ static sslOptions ssl_defaults = {

PR_TRUE, /* cbcRandomIV */

-- PR_FALSE /* enableOCSPStapling */

-+ PR_FALSE, /* enableOCSPStapling */

+ PR_FALSE, /* enableOCSPStapling */

+ PR_TRUE, /* enableNPN */

+- PR_FALSE /* enableALPN */

++ PR_FALSE, /* enableALPN */

+ PR_FALSE /* enableSignedCertTimestamps */

};

-@@ -777,6 +778,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh

- ss->opt.enableOCSPStapling = on;

- break;

+@@ -787,6 +788,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh

+ ss->opt.enableALPN = on;

+ break;

+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

-+ ss->opt.enableSignedCertTimestamps = on;

-+ break;

++ ss->opt.enableSignedCertTimestamps = on;

++ break;

default:

PORT_SetError(SEC_ERROR_INVALID_ARGS);

rv = SECFailure;

-@@ -847,6 +852,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh

- case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;

- case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;

+@@ -859,6 +864,9 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh

case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;

+ case SSL_ENABLE_NPN: on = ss->opt.enableNPN; break;

+ case SSL_ENABLE_ALPN: on = ss->opt.enableALPN; break;

+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

-+ on = ss->opt.enableSignedCertTimestamps;

-+ break;

++ on = ss->opt.enableSignedCertTimestamps;

++ break;

default:

PORT_SetError(SEC_ERROR_INVALID_ARGS);

-@@ -908,6 +916,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo

- case SSL_ENABLE_OCSP_STAPLING:

- on = ssl_defaults.enableOCSPStapling;

+@@ -922,6 +930,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo

break;

+ case SSL_ENABLE_NPN: on = ssl_defaults.enableNPN; break;

+ case SSL_ENABLE_ALPN: on = ssl_defaults.enableALPN; break;

+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

-+ on = ssl_defaults.enableSignedCertTimestamps;

-+ break;

++ on = ssl_defaults.enableSignedCertTimestamps;

++ break;

default:

PORT_SetError(SEC_ERROR_INVALID_ARGS);

-@@ -1075,6 +1086,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo

- ssl_defaults.enableOCSPStapling = on;

- break;

+@@ -1097,6 +1108,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo

+ ssl_defaults.enableALPN = on;

+ break;

+ case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

-+ ssl_defaults.enableSignedCertTimestamps = on;

-+ break;

++ ssl_defaults.enableSignedCertTimestamps = on;

++ break;

default:

PORT_SetError(SEC_ERROR_INVALID_ARGS);

return SECFailure;

-@@ -1899,6 +1914,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc

+@@ -1921,6 +1936,29 @@ SSL_PeerStapledOCSPResponses(PRFileDesc

return &ss->sec.ci.sid->peerCertStatus;

}

@@ -359,8 +314,8 @@

SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {

sslSocket *ss = ssl_FindSocket(fd);

diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h

---- a/nss/lib/ssl/sslt.h 2014-01-03 19:03:55.557150476 -0800

-+++ b/nss/lib/ssl/sslt.h 2014-01-03 19:04:31.257733748 -0800

+--- a/nss/lib/ssl/sslt.h 2014-01-17 18:10:16.793281867 -0800

++++ b/nss/lib/ssl/sslt.h 2014-01-17 18:23:17.956207890 -0800

@@ -202,6 +202,7 @@ typedef enum {

ssl_signature_algorithms_xtn = 13,

ssl_use_srtp_xtn = 14,

« no previous file with comments | « net/third_party/nss/patches/sessioncache.patch ('k') | net/third_party/nss/patches/tls12chromium.patch » ('j') | net/third_party/nss/ssl/ssl.h » ('J')