Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(159)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/tls12chromium.patch

Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated deps Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/suitebonly.patch ('k') | net/third_party/nss/patches/tlsunique.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c 1 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
2 index 7c06815..1167d6d 100644 2 index ce92cf1..c5cb1eb 100644
3 --- a/ssl/ssl3con.c 3 --- a/lib/ssl/ssl3con.c
4 +++ b/ssl/ssl3con.c 4 +++ b/lib/ssl/ssl3con.c
5 @@ -31,6 +31,15 @@ 5 @@ -33,6 +33,15 @@
6 #include "blapi.h" 6 #include "blapi.h"
7 #endif 7 #endif
8 8
9 +/* This is a bodge to allow this code to be compiled against older NSS headers 9 +/* This is a bodge to allow this code to be compiled against older NSS headers
10 + * that don't contain the TLS 1.2 changes. */ 10 + * that don't contain the TLS 1.2 changes. */
11 +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 11 +#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256
12 +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) 12 +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
13 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) 13 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
14 +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) 14 +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
15 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 15 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
16 +#endif 16 +#endif
17 + 17 +
18 #include <stdio.h> 18 #include <stdio.h>
19 #ifdef NSS_ENABLE_ZLIB 19 #ifdef NSS_ENABLE_ZLIB
20 #include "zlib.h" 20 #include "zlib.h"
21 diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c 21 diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
22 index dac7a9e..9b91270 100644 22 index 6d89bbe..cf8e741 100644
23 --- a/ssl/ssl3ecc.c 23 --- a/lib/ssl/ssl3ecc.c
24 +++ b/ssl/ssl3ecc.c 24 +++ b/lib/ssl/ssl3ecc.c
25 @@ -31,6 +31,12 @@ 25 @@ -31,6 +31,12 @@
26 26
27 #include <stdio.h> 27 #include <stdio.h>
28 28
29 +/* This is a bodge to allow this code to be compiled against older NSS headers 29 +/* This is a bodge to allow this code to be compiled against older NSS headers
30 + * that don't contain the TLS 1.2 changes. */ 30 + * that don't contain the TLS 1.2 changes. */
31 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 31 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
32 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 32 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
33 +#endif 33 +#endif
34 + 34 +
35 #ifndef NSS_DISABLE_ECC 35 #ifndef NSS_DISABLE_ECC
36 36
37 #ifndef PK11_SETATTRS 37 #ifndef PK11_SETATTRS
38 diff --git a/ssl/sslsock.c b/ssl/sslsock.c 38 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
39 index 14ff328..6a6c8d1 100644 39 index c9a4493..6d700a7 100644
40 --- a/ssl/sslsock.c 40 --- a/lib/ssl/sslsock.c
41 +++ b/ssl/sslsock.c 41 +++ b/lib/ssl/sslsock.c
42 @@ -17,8 +17,15 @@ 42 @@ -17,9 +17,16 @@
43 #ifndef NO_PKCS11_BYPASS 43 #ifndef NO_PKCS11_BYPASS
44 #include "blapi.h" 44 #include "blapi.h"
45 #endif 45 #endif
46 +#include "pk11pub.h" 46 +#include "pk11pub.h"
47 #include "nss.h" 47 #include "nss.h"
48 #include "pk11pqg.h"
48 49
49 +/* This is a bodge to allow this code to be compiled against older NSS headers 50 +/* This is a bodge to allow this code to be compiled against older NSS headers
50 + * that don't contain the TLS 1.2 changes. */ 51 + * that don't contain the TLS 1.2 changes. */
51 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 52 +#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256
52 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 53 +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
53 +#endif 54 +#endif
54 + 55 +
55 #define SET_ERROR_CODE /* reminder */ 56 #define SET_ERROR_CODE /* reminder */
56 57
57 static const sslSocketOps ssl_default_ops = { /* No SSL. */ 58 static const sslSocketOps ssl_default_ops = { /* No SSL. */
58 @@ -1878,6 +1885,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vran ge) 59 @@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vran ge)
59 return SECSuccess; 60 return SECSuccess;
60 } 61 }
61 62
62 +static PRCallOnceType checkTLS12TokenOnce; 63 +static PRCallOnceType checkTLS12TokenOnce;
63 +static PRBool tls12TokenExists; 64 +static PRBool tls12TokenExists;
64 + 65 +
65 +static PRStatus 66 +static PRStatus
66 +ssl_CheckTLS12Token(void) 67 +ssl_CheckTLS12Token(void)
67 +{ 68 +{
68 + tls12TokenExists = 69 + tls12TokenExists =
69 + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); 70 + PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256);
70 + return PR_SUCCESS; 71 + return PR_SUCCESS;
71 +} 72 +}
72 + 73 +
73 +static PRBool 74 +static PRBool
74 +ssl_TLS12TokenExists(void) 75 +ssl_TLS12TokenExists(void)
75 +{ 76 +{
76 + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); 77 + (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token);
77 + return tls12TokenExists; 78 + return tls12TokenExists;
78 +} 79 +}
79 + 80 +
80 SECStatus 81 SECStatus
81 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) 82 SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
82 { 83 {
83 @@ -1898,6 +1923,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) 84 @@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
84 ssl_GetSSL3HandshakeLock(ss); 85 ssl_GetSSL3HandshakeLock(ss);
85 86
86 ss->vrange = *vrange; 87 ss->vrange = *vrange;
87 + /* If we don't have a sufficiently up-to-date softoken then we cannot do 88 + /* If we don't have a sufficiently up-to-date softoken then we cannot do
88 + * TLS 1.2. */ 89 + * TLS 1.2. */
89 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && 90 + if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
90 + !ssl_TLS12TokenExists()) { 91 + !ssl_TLS12TokenExists()) {
91 + /* If the user requested a minimum version of 1.2, then we don't 92 + /* If the user requested a minimum version of 1.2, then we don't
92 + * silently downgrade. */ 93 + * silently downgrade. */
93 + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { 94 + if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) {
94 + ssl_ReleaseSSL3HandshakeLock(ss); 95 + ssl_ReleaseSSL3HandshakeLock(ss);
95 + ssl_Release1stHandshakeLock(ss); 96 + ssl_Release1stHandshakeLock(ss);
96 + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); 97 + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
97 + return SECFailure; 98 + return SECFailure;
98 + } 99 + }
99 + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; 100 + ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1;
100 + } 101 + }
101 102
102 ssl_ReleaseSSL3HandshakeLock(ss); 103 ssl_ReleaseSSL3HandshakeLock(ss);
103 ssl_Release1stHandshakeLock(ss); 104 ssl_Release1stHandshakeLock(ss);
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/suitebonly.patch ('k') | net/third_party/nss/patches/tlsunique.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698