Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/tlsunique.patch

Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated deps Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/tls12chromium.patch ('k') | net/third_party/nss/ssl/SSLerrs.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/ssl/ssl.h b/ssl/ssl.h 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
2 index 716537d..80717db 100644 2 index 120c257..eb7f7ec 100644
3 --- a/ssl/ssl.h 3 --- a/lib/ssl/ssl.h
4 +++ b/ssl/ssl.h 4 +++ b/lib/ssl/ssl.h
5 @@ -292,6 +292,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 ciphe r, PRBool *enabled); 5 @@ -385,6 +385,27 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
6 SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); 6 */
7 SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); 7 SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled );
8 8
9 +/* SSLChannelBindingType enumerates the types of supported channel binding 9 +/* SSLChannelBindingType enumerates the types of supported channel binding
10 + * values. See RFC 5929. */ 10 + * values. See RFC 5929. */
11 +typedef enum SSLChannelBindingType { 11 +typedef enum SSLChannelBindingType {
12 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1, 12 + SSL_CHANNEL_BINDING_TLS_UNIQUE = 1,
13 +} SSLChannelBindingType; 13 +} SSLChannelBindingType;
14 + 14 +
15 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined 15 +/* SSL_GetChannelBinding copies the requested channel binding value, as defined
16 + * in RFC 5929, into |out|. The full length of the binding value is written 16 + * in RFC 5929, into |out|. The full length of the binding value is written
17 + * into |*outLen|. 17 + * into |*outLen|.
18 + * 18 + *
19 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is 19 + * At most |outLenMax| bytes of data are copied. If |outLenMax| is
20 + * insufficient then the function returns SECFailure and sets the error to 20 + * insufficient then the function returns SECFailure and sets the error to
21 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set. 21 + * SEC_ERROR_OUTPUT_LEN, but |*outLen| is still set.
22 + * 22 + *
23 + * This call will fail if made during a renegotiation. */ 23 + * This call will fail if made during a renegotiation. */
24 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd, 24 +SSL_IMPORT SECStatus SSL_GetChannelBinding(PRFileDesc *fd,
25 + SSLChannelBindingType binding_type, 25 + SSLChannelBindingType binding_type,
26 + unsigned char *out, 26 + unsigned char *out,
27 + unsigned int *outLen, 27 + unsigned int *outLen,
28 + unsigned int outLenMax); 28 + unsigned int outLenMax);
29 + 29 +
30 /* SSL Version Range API 30 /* SSL Version Range API
31 ** 31 **
32 ** This API should be used to control SSL 3.0 & TLS support instead of the 32 ** This API should be used to control SSL 3.0 & TLS support instead of the
33 diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c 33 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
34 index c0e8e79..7c06815 100644 34 index 2ae8ce9..ce92cf1 100644
35 --- a/ssl/ssl3con.c 35 --- a/lib/ssl/ssl3con.c
36 +++ b/ssl/ssl3con.c 36 +++ b/lib/ssl/ssl3con.c
37 @@ -12479,6 +12479,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) 37 @@ -13241,6 +13241,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
38 PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); 38 ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms );
39 } 39 }
40 40
41 +SECStatus 41 +SECStatus
42 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, 42 +ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
43 + unsigned char *out, 43 + unsigned char *out,
44 + unsigned int *outLen, 44 + unsigned int *outLen,
45 + unsigned int outLenMax) { 45 + unsigned int outLenMax) {
46 + PRBool isTLS; 46 + PRBool isTLS;
47 + int index = 0; 47 + int index = 0;
48 + unsigned int len; 48 + unsigned int len;
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 + rv = SECSuccess; 96 + rv = SECSuccess;
97 + 97 +
98 +loser: 98 +loser:
99 + ssl_ReleaseSSL3HandshakeLock(ss); 99 + ssl_ReleaseSSL3HandshakeLock(ss);
100 + return rv; 100 + return rv;
101 +} 101 +}
102 + 102 +
103 /* ssl3_config_match_init must have already been called by 103 /* ssl3_config_match_init must have already been called by
104 * the caller of this function. 104 * the caller of this function.
105 */ 105 */
106 diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h 106 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
107 index e11860e..0ece0ed 100644 107 index c286518..976330e 100644
108 --- a/ssl/sslimpl.h 108 --- a/lib/ssl/sslimpl.h
109 +++ b/ssl/sslimpl.h 109 +++ b/lib/ssl/sslimpl.h
110 @@ -1864,6 +1864,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivat eKey *svrPrivKey, 110 @@ -1897,6 +1897,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivat eKey *svrPrivKey,
111 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, 111 extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
112 unsigned int length); 112 unsigned int length);
113 113
114 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss, 114 +extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
115 + unsigned char *out, 115 + unsigned char *out,
116 + unsigned int *outLen, 116 + unsigned int *outLen,
117 + unsigned int outLenMax); 117 + unsigned int outLenMax);
118 + 118 +
119 /* Construct a new NSPR socket for the app to use */ 119 /* Construct a new NSPR socket for the app to use */
120 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); 120 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
121 extern void ssl_FreePRSocket(PRFileDesc *fd); 121 extern void ssl_FreePRSocket(PRFileDesc *fd);
122 diff --git a/ssl/sslsock.c b/ssl/sslsock.c 122 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
123 index 042f24f..14ff328 100644 123 index efba686..c9a4493 100644
124 --- a/ssl/sslsock.c 124 --- a/lib/ssl/sslsock.c
125 +++ b/ssl/sslsock.c 125 +++ b/lib/ssl/sslsock.c
126 @@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void) 126 @@ -1540,6 +1540,28 @@ SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enable d)
127 return NSS_SetDomesticPolicy(); 127 return SECSuccess;
128 } 128 }
129 129
130 +SECStatus 130 +SECStatus
131 +SSL_GetChannelBinding(PRFileDesc *fd, 131 +SSL_GetChannelBinding(PRFileDesc *fd,
132 + SSLChannelBindingType binding_type, 132 + SSLChannelBindingType binding_type,
133 + unsigned char *out, 133 + unsigned char *out,
134 + unsigned int *outLen, 134 + unsigned int *outLen,
135 + unsigned int outLenMax) { 135 + unsigned int outLenMax) {
136 + sslSocket *ss = ssl_FindSocket(fd); 136 + sslSocket *ss = ssl_FindSocket(fd);
137 + 137 +
138 + if (!ss) { 138 + if (!ss) {
139 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding", 139 + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelBinding",
140 + SSL_GETPID(), fd)); 140 + SSL_GETPID(), fd));
141 + return SECFailure; 141 + return SECFailure;
142 + } 142 + }
143 + 143 +
144 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) { 144 + if (binding_type != SSL_CHANNEL_BINDING_TLS_UNIQUE) {
145 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR); 145 + PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
146 + return SECFailure; 146 + return SECFailure;
147 + } 147 + }
148 + 148 +
149 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax); 149 + return ssl3_GetTLSUniqueChannelBinding(ss, out, outLen, outLenMax);
150 +} 150 +}
151 +
152 #include "dhe-param.c"
151 153
152 154 static const SSLDHEGroupType ssl_default_dhe_groups[] = {
153 /* LOCKS ??? XXX */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/tls12chromium.patch ('k') | net/third_party/nss/ssl/SSLerrs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698