Index: net/third_party/nss/patches/chacha20poly1305.patch |
diff --git a/net/third_party/nss/patches/chacha20poly1305.patch b/net/third_party/nss/patches/chacha20poly1305.patch |
index a9017f12504e4767da25e040d4c8ba427be8c3f9..e4c78017d9a11cc488469e85a37c214a0ae4f2de 100644 |
--- a/net/third_party/nss/patches/chacha20poly1305.patch |
+++ b/net/third_party/nss/patches/chacha20poly1305.patch |
@@ -1,8 +1,8 @@ |
-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c |
-index dabe333..6819b03 100644 |
---- a/ssl/ssl3con.c |
-+++ b/ssl/ssl3con.c |
-@@ -41,6 +41,21 @@ |
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
+index 299e414..2533679 100644 |
+--- a/lib/ssl/ssl3con.c |
++++ b/lib/ssl/ssl3con.c |
+@@ -43,6 +43,21 @@ |
#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
#endif |
@@ -24,16 +24,16 @@ index dabe333..6819b03 100644 |
#include <stdio.h> |
#ifdef NSS_ENABLE_ZLIB |
#include "zlib.h" |
-@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
+@@ -110,6 +125,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { |
/* cipher_suite policy enabled isPresent */ |
#ifndef NSS_DISABLE_ECC |
+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, |
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around |
-@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { |
+@@ -307,6 +324,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { |
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, |
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, |
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, |
@@ -41,16 +41,16 @@ index dabe333..6819b03 100644 |
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, |
}; |
-@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = |
+@@ -433,6 +451,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = |
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, |
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, |
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, |
+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa}, |
+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa}, |
- #ifndef NSS_DISABLE_ECC |
- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, |
-@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = { |
+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss}, |
+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, |
+@@ -502,6 +522,7 @@ static const SSLCipher2Mech alg2Mech[] = { |
{ calg_camellia , CKM_CAMELLIA_CBC }, |
{ calg_seed , CKM_SEED_CBC }, |
{ calg_aes_gcm , CKM_AES_GCM }, |
@@ -58,7 +58,7 @@ index dabe333..6819b03 100644 |
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ |
}; |
-@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange( |
+@@ -679,6 +700,8 @@ ssl3_CipherSuiteAllowedForVersionRange( |
case TLS_RSA_WITH_NULL_SHA256: |
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; |
@@ -67,7 +67,7 @@ index dabe333..6819b03 100644 |
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: |
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: |
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: |
-@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, |
+@@ -2093,6 +2116,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys, |
} |
#endif |
@@ -114,7 +114,7 @@ index dabe333..6819b03 100644 |
/* Initialize encryption and MAC contexts for pending spec. |
* Master Secret already is derived. |
* Caller holds Spec write lock. |
-@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) |
+@@ -2126,13 +2189,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss) |
pwSpec->client.write_mac_context = NULL; |
pwSpec->server.write_mac_context = NULL; |
@@ -134,11 +134,11 @@ index dabe333..6819b03 100644 |
return SECSuccess; |
} |
-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c |
-index 9b91270..31e0774 100644 |
---- a/ssl/ssl3ecc.c |
-+++ b/ssl/ssl3ecc.c |
-@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { |
+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c |
+index cf8e741..ab5ab14 100644 |
+--- a/lib/ssl/ssl3ecc.c |
++++ b/lib/ssl/ssl3ecc.c |
+@@ -926,6 +926,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
@@ -146,7 +146,7 @@ index 9b91270..31e0774 100644 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
0 /* end of list marker */ |
-@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { |
+@@ -937,6 +938,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
@@ -154,7 +154,7 @@ index 9b91270..31e0774 100644 |
TLS_ECDHE_RSA_WITH_NULL_SHA, |
TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
0 /* end of list marker */ |
-@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = { |
+@@ -949,6 +951,7 @@ static const ssl3CipherSuite ecSuites[] = { |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
@@ -162,7 +162,7 @@ index 9b91270..31e0774 100644 |
TLS_ECDHE_ECDSA_WITH_NULL_SHA, |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
-@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = { |
+@@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = { |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
@@ -170,10 +170,10 @@ index 9b91270..31e0774 100644 |
TLS_ECDHE_RSA_WITH_NULL_SHA, |
TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
-diff --git a/ssl/sslenum.c b/ssl/sslenum.c |
-index 09ce43f..a036627 100644 |
---- a/ssl/sslenum.c |
-+++ b/ssl/sslenum.c |
+diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c |
+index f69aed2..b4a8844 100644 |
+--- a/lib/ssl/sslenum.c |
++++ b/lib/ssl/sslenum.c |
@@ -37,17 +37,21 @@ |
* |
* Exception: Because some servers ignore the high-order byte of the cipher |
@@ -199,11 +199,11 @@ index 09ce43f..a036627 100644 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before |
-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h |
-index ea71975..88b2eba 100644 |
---- a/ssl/sslimpl.h |
-+++ b/ssl/sslimpl.h |
-@@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType; |
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h |
+index 60dd243..d5f326f 100644 |
+--- a/lib/ssl/sslimpl.h |
++++ b/lib/ssl/sslimpl.h |
+@@ -66,6 +66,7 @@ typedef SSLSignType SSL3SignType; |
#define calg_camellia ssl_calg_camellia |
#define calg_seed ssl_calg_seed |
#define calg_aes_gcm ssl_calg_aes_gcm |
@@ -211,16 +211,16 @@ index ea71975..88b2eba 100644 |
#define mac_null ssl_mac_null |
#define mac_md5 ssl_mac_md5 |
-@@ -299,7 +300,7 @@ typedef struct { |
+@@ -301,7 +302,7 @@ typedef struct { |
} ssl3CipherSuiteCfg; |
#ifndef NSS_DISABLE_ECC |
--#define ssl_V3_SUITES_IMPLEMENTED 61 |
-+#define ssl_V3_SUITES_IMPLEMENTED 63 |
+-#define ssl_V3_SUITES_IMPLEMENTED 64 |
++#define ssl_V3_SUITES_IMPLEMENTED 66 |
#else |
- #define ssl_V3_SUITES_IMPLEMENTED 37 |
+ #define ssl_V3_SUITES_IMPLEMENTED 40 |
#endif /* NSS_DISABLE_ECC */ |
-@@ -485,6 +486,7 @@ typedef enum { |
+@@ -495,6 +496,7 @@ typedef enum { |
cipher_camellia_256, |
cipher_seed, |
cipher_aes_128_gcm, |
@@ -228,11 +228,11 @@ index ea71975..88b2eba 100644 |
cipher_missing /* reserved for no such supported cipher */ |
/* This enum must match ssl3_cipherName[] in ssl3con.c. */ |
} SSL3BulkCipher; |
-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c |
-index ba230d2..845d9f0 100644 |
---- a/ssl/sslinfo.c |
-+++ b/ssl/sslinfo.c |
-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) |
+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c |
+index 7048eb8..bef3190 100644 |
+--- a/lib/ssl/sslinfo.c |
++++ b/lib/ssl/sslinfo.c |
+@@ -148,6 +148,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, |
#define C_NULL "NULL", calg_null |
#define C_SJ "SKIPJACK", calg_sj |
#define C_AESGCM "AES-GCM", calg_aes_gcm |
@@ -240,7 +240,7 @@ index ba230d2..845d9f0 100644 |
#define B_256 256, 256, 256 |
#define B_128 128, 128, 128 |
-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = { |
+@@ -229,12 +230,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = { |
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, |
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, |
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, |
@@ -255,11 +255,11 @@ index ba230d2..845d9f0 100644 |
{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, }, |
{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, |
-diff --git a/ssl/sslproto.h b/ssl/sslproto.h |
-index e02442c..dc653c9 100644 |
---- a/ssl/sslproto.h |
-+++ b/ssl/sslproto.h |
-@@ -258,6 +258,9 @@ |
+diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h |
+index 2db47a5..36ae6c9 100644 |
+--- a/lib/ssl/sslproto.h |
++++ b/lib/ssl/sslproto.h |
+@@ -260,6 +260,9 @@ |
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F |
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 |
@@ -269,11 +269,11 @@ index e02442c..dc653c9 100644 |
/* Netscape "experimental" cipher suites. */ |
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 |
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 |
-diff --git a/ssl/sslt.h b/ssl/sslt.h |
-index 430d216..fe0ad07 100644 |
---- a/ssl/sslt.h |
-+++ b/ssl/sslt.h |
-@@ -94,7 +94,8 @@ typedef enum { |
+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h |
+index 5593579..a2eff62 100644 |
+--- a/lib/ssl/sslt.h |
++++ b/lib/ssl/sslt.h |
+@@ -117,7 +117,8 @@ typedef enum { |
ssl_calg_aes = 7, |
ssl_calg_camellia = 8, |
ssl_calg_seed = 9, |