net/third_party/nss/patches/chacha20poly1305.patch - Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21

Unified Diff: net/third_party/nss/patches/chacha20poly1305.patch

Issue 1511123006: Uprev NSS (in libssl) to NSS 3.21 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Updated deps Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/third_party/nss/patches/chacha20poly1305.patch

diff --git a/net/third_party/nss/patches/chacha20poly1305.patch b/net/third_party/nss/patches/chacha20poly1305.patch

index a9017f12504e4767da25e040d4c8ba427be8c3f9..e4c78017d9a11cc488469e85a37c214a0ae4f2de 100644

--- a/net/third_party/nss/patches/chacha20poly1305.patch

+++ b/net/third_party/nss/patches/chacha20poly1305.patch

@@ -1,8 +1,8 @@

-diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c

-index dabe333..6819b03 100644

---- a/ssl/ssl3con.c

-+++ b/ssl/ssl3con.c

-@@ -41,6 +41,21 @@

+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c

+index 299e414..2533679 100644

+--- a/lib/ssl/ssl3con.c

++++ b/lib/ssl/ssl3con.c

+@@ -43,6 +43,21 @@

#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)

#endif

@@ -24,16 +24,16 @@ index dabe333..6819b03 100644

#include <stdio.h>

#ifdef NSS_ENABLE_ZLIB

#include "zlib.h"

-@@ -105,6 +120,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {

+@@ -110,6 +125,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {

/* cipher_suite policy enabled isPresent */

#ifndef NSS_DISABLE_ECC

+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},

+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE},

- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},

- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},

+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},

+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},

/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around

-@@ -296,6 +313,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {

+@@ -307,6 +324,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {

{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},

{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},

{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},

@@ -41,16 +41,16 @@ index dabe333..6819b03 100644

{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},

};

-@@ -422,6 +440,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =

+@@ -433,6 +451,8 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =

{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},

{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},

{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},

+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa},

+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa},

- #ifndef NSS_DISABLE_ECC

- {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa},

-@@ -487,6 +507,7 @@ static const SSLCipher2Mech alg2Mech[] = {

+ {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},

+ {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},

+@@ -502,6 +522,7 @@ static const SSLCipher2Mech alg2Mech[] = {

{ calg_camellia , CKM_CAMELLIA_CBC },

{ calg_seed , CKM_SEED_CBC },

{ calg_aes_gcm , CKM_AES_GCM },

@@ -58,7 +58,7 @@ index dabe333..6819b03 100644

/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */

};

-@@ -662,6 +683,8 @@ ssl3_CipherSuiteAllowedForVersionRange(

+@@ -679,6 +700,8 @@ ssl3_CipherSuiteAllowedForVersionRange(

case TLS_RSA_WITH_NULL_SHA256:

return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;

@@ -67,7 +67,7 @@ index dabe333..6819b03 100644

case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:

case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:

case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:

-@@ -2070,6 +2093,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,

+@@ -2093,6 +2116,46 @@ ssl3_AESGCMBypass(ssl3KeyMaterial *keys,

}

#endif

@@ -114,7 +114,7 @@ index dabe333..6819b03 100644

/* Initialize encryption and MAC contexts for pending spec.

* Master Secret already is derived.

* Caller holds Spec write lock.

-@@ -2103,13 +2166,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)

+@@ -2126,13 +2189,17 @@ ssl3_InitPendingContextsPKCS11(sslSocket *ss)

pwSpec->client.write_mac_context = NULL;

pwSpec->server.write_mac_context = NULL;

@@ -134,11 +134,11 @@ index dabe333..6819b03 100644

return SECSuccess;

}

-diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c

-index 9b91270..31e0774 100644

---- a/ssl/ssl3ecc.c

-+++ b/ssl/ssl3ecc.c

-@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {

+diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c

+index cf8e741..ab5ab14 100644

+--- a/lib/ssl/ssl3ecc.c

++++ b/lib/ssl/ssl3ecc.c

+@@ -926,6 +926,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

@@ -146,7 +146,7 @@ index 9b91270..31e0774 100644

TLS_ECDHE_ECDSA_WITH_NULL_SHA,

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,

0 /* end of list marker */

-@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {

+@@ -937,6 +938,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,

@@ -154,7 +154,7 @@ index 9b91270..31e0774 100644

TLS_ECDHE_RSA_WITH_NULL_SHA,

TLS_ECDHE_RSA_WITH_RC4_128_SHA,

0 /* end of list marker */

-@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = {

+@@ -949,6 +951,7 @@ static const ssl3CipherSuite ecSuites[] = {

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

@@ -162,7 +162,7 @@ index 9b91270..31e0774 100644

TLS_ECDHE_ECDSA_WITH_NULL_SHA,

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,

-@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = {

+@@ -956,6 +959,7 @@ static const ssl3CipherSuite ecSuites[] = {

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,

@@ -170,10 +170,10 @@ index 9b91270..31e0774 100644

TLS_ECDHE_RSA_WITH_NULL_SHA,

TLS_ECDHE_RSA_WITH_RC4_128_SHA,

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,

-diff --git a/ssl/sslenum.c b/ssl/sslenum.c

-index 09ce43f..a036627 100644

---- a/ssl/sslenum.c

-+++ b/ssl/sslenum.c

+diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c

+index f69aed2..b4a8844 100644

+--- a/lib/ssl/sslenum.c

++++ b/lib/ssl/sslenum.c

@@ -37,17 +37,21 @@

* Exception: Because some servers ignore the high-order byte of the cipher

@@ -199,11 +199,11 @@ index 09ce43f..a036627 100644

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before

-diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h

-index ea71975..88b2eba 100644

---- a/ssl/sslimpl.h

-+++ b/ssl/sslimpl.h

-@@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType;

+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h

+index 60dd243..d5f326f 100644

+--- a/lib/ssl/sslimpl.h

++++ b/lib/ssl/sslimpl.h

+@@ -66,6 +66,7 @@ typedef SSLSignType SSL3SignType;

#define calg_camellia ssl_calg_camellia

#define calg_seed ssl_calg_seed

#define calg_aes_gcm ssl_calg_aes_gcm

@@ -211,16 +211,16 @@ index ea71975..88b2eba 100644

#define mac_null ssl_mac_null

#define mac_md5 ssl_mac_md5

-@@ -299,7 +300,7 @@ typedef struct {

+@@ -301,7 +302,7 @@ typedef struct {

} ssl3CipherSuiteCfg;

#ifndef NSS_DISABLE_ECC

--#define ssl_V3_SUITES_IMPLEMENTED 61

-+#define ssl_V3_SUITES_IMPLEMENTED 63

+-#define ssl_V3_SUITES_IMPLEMENTED 64

++#define ssl_V3_SUITES_IMPLEMENTED 66

#else

- #define ssl_V3_SUITES_IMPLEMENTED 37

+ #define ssl_V3_SUITES_IMPLEMENTED 40

#endif /* NSS_DISABLE_ECC */

-@@ -485,6 +486,7 @@ typedef enum {

+@@ -495,6 +496,7 @@ typedef enum {

cipher_camellia_256,

cipher_seed,

cipher_aes_128_gcm,

@@ -228,11 +228,11 @@ index ea71975..88b2eba 100644

cipher_missing /* reserved for no such supported cipher */

/* This enum must match ssl3_cipherName[] in ssl3con.c. */

} SSL3BulkCipher;

-diff --git a/ssl/sslinfo.c b/ssl/sslinfo.c

-index ba230d2..845d9f0 100644

---- a/ssl/sslinfo.c

-+++ b/ssl/sslinfo.c

-@@ -110,6 +110,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)

+diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c

+index 7048eb8..bef3190 100644

+--- a/lib/ssl/sslinfo.c

++++ b/lib/ssl/sslinfo.c

+@@ -148,6 +148,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,

#define C_NULL "NULL", calg_null

#define C_SJ "SKIPJACK", calg_sj

#define C_AESGCM "AES-GCM", calg_aes_gcm

@@ -240,7 +240,7 @@ index ba230d2..845d9f0 100644

#define B_256 256, 256, 256

#define B_128 128, 128, 128

-@@ -188,12 +189,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {

+@@ -229,12 +230,14 @@ static const SSLCipherSuiteInfo suiteInfo[] = {

{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, },

{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, },

{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, },

@@ -255,11 +255,11 @@ index ba230d2..845d9f0 100644

{0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, },

{0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, },

-diff --git a/ssl/sslproto.h b/ssl/sslproto.h

-index e02442c..dc653c9 100644

---- a/ssl/sslproto.h

-+++ b/ssl/sslproto.h

-@@ -258,6 +258,9 @@

+diff --git a/lib/ssl/sslproto.h b/lib/ssl/sslproto.h

+index 2db47a5..36ae6c9 100644

+--- a/lib/ssl/sslproto.h

++++ b/lib/ssl/sslproto.h

+@@ -260,6 +260,9 @@

#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F

#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031

@@ -269,11 +269,11 @@ index e02442c..dc653c9 100644

/* Netscape "experimental" cipher suites. */

#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0

#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1

-diff --git a/ssl/sslt.h b/ssl/sslt.h

-index 430d216..fe0ad07 100644

---- a/ssl/sslt.h

-+++ b/ssl/sslt.h

-@@ -94,7 +94,8 @@ typedef enum {

+diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h

+index 5593579..a2eff62 100644

+--- a/lib/ssl/sslt.h

++++ b/lib/ssl/sslt.h

+@@ -117,7 +117,8 @@ typedef enum {

ssl_calg_aes = 7,

ssl_calg_camellia = 8,

ssl_calg_seed = 9,

« no previous file with comments | « net/third_party/nss/patches/cachelocks.patch ('k') | net/third_party/nss/patches/channelid.patch » ('j') | no next file with comments »