| OLD | NEW |
|---|
| (Empty) | |
| 1 diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h |
| 2 index 8e9ba24..de2eada 100644 |
| 3 --- a/net/third_party/nss/ssl/ssl.h |
| 4 +++ b/net/third_party/nss/ssl/ssl.h |
| 5 @@ -204,6 +204,9 @@ SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd
, |
| 6 * protocol in server-preference order. If no matching protocol is found it |
| 7 * selects the first supported protocol. |
| 8 * |
| 9 + * In addition to SSL_SetNextProtoCallback, this allows the client to also |
| 10 + * support ALPN. |
| 11 + * |
| 12 * The supported protocols are specified in |data| in wire-format (8-bit |
| 13 * length-prefixed). For example: "\010http/1.1\006spdy/2". */ |
| 14 SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, |
| 15 @@ -213,7 +216,8 @@ SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd, |
| 16 typedef enum SSLNextProtoState { |
| 17 SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support */ |
| 18 SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement */ |
| 19 - SSL_NEXT_PROTO_NO_OVERLAP = 2 /* No protocol overlap found */ |
| 20 + SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found */ |
| 21 + SSL_NEXT_PROTO_SELECTED = 3, /* Server selected proto (ALPN) */ |
| 22 } SSLNextProtoState; |
| 23 |
| 24 /* SSL_GetNextProto can be used in the HandshakeCallback or any time after |
| 25 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con
.c |
| 26 index 4b7aed5..94087a8 100644 |
| 27 --- a/net/third_party/nss/ssl/ssl3con.c |
| 28 +++ b/net/third_party/nss/ssl/ssl3con.c |
| 29 @@ -9909,8 +9909,10 @@ ssl3_SendNextProto(sslSocket *ss) |
| 30 int padding_len; |
| 31 static const unsigned char padding[32] = {0}; |
| 32 |
| 33 - if (ss->ssl3.nextProto.len == 0) |
| 34 + if (ss->ssl3.nextProto.len == 0 || |
| 35 + ss->ssl3.nextProtoState == SSL_NEXT_PROTO_SELECTED) { |
| 36 return SECSuccess; |
| 37 + } |
| 38 |
| 39 PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); |
| 40 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); |
| 41 diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext
.c |
| 42 index c0ce548..1022de0 100644 |
| 43 --- a/net/third_party/nss/ssl/ssl3ext.c |
| 44 +++ b/net/third_party/nss/ssl/ssl3ext.c |
| 45 @@ -53,8 +53,12 @@ static SECStatus ssl3_HandleRenegotiationInfoXtn(sslSocket *s
s, |
| 46 PRUint16 ex_type, SECItem *data); |
| 47 static SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, |
| 48 PRUint16 ex_type, SECItem *data); |
| 49 +static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, |
| 50 + PRUint16 ex_type, SECItem *data); |
| 51 static SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss, |
| 52 PRUint16 ex_type, SECItem *data); |
| 53 +static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, |
| 54 + PRUint32 maxBytes); |
| 55 static PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append, |
| 56 PRUint32 maxBytes); |
| 57 static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, |
| 58 @@ -247,14 +251,15 @@ static const ssl3HelloExtensionHandler clientHelloHandlers
[] = { |
| 59 /* These two tables are used by the client, to handle server hello |
| 60 * extensions. */ |
| 61 static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { |
| 62 - { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
| 63 + { ssl_server_name_xtn, &ssl3_HandleServerNameXtn }, |
| 64 /* TODO: add a handler for ssl_ec_point_formats_xtn */ |
| 65 - { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 66 - { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 67 - { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 68 - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, |
| 69 - { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, |
| 70 - { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 71 + { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn }, |
| 72 + { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, |
| 73 + { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, |
| 74 + { ssl_application_layer_protocol, &ssl3_ClientHandleAppProtoXtn }, |
| 75 + { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, |
| 76 + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, |
| 77 + { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, |
| 78 { -1, NULL } |
| 79 }; |
| 80 |
| 81 @@ -271,17 +276,18 @@ static const ssl3HelloExtensionHandler serverHelloHandlers
SSL3[] = { |
| 82 */ |
| 83 static const |
| 84 ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { |
| 85 - { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 86 - { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 87 + { ssl_server_name_xtn, &ssl3_SendServerNameXtn }, |
| 88 + { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }, |
| 89 #ifdef NSS_ENABLE_ECC |
| 90 - { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 91 - { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 92 + { ssl_elliptic_curves_xtn, &ssl3_SendSupportedCurvesXtn }, |
| 93 + { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn }, |
| 94 #endif |
| 95 - { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 96 - { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 97 - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, |
| 98 - { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 99 - { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 100 + { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, |
| 101 + { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, |
| 102 + { ssl_application_layer_protocol, &ssl3_ClientSendAppProtoXtn }, |
| 103 + { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, |
| 104 + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, |
| 105 + { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, |
| 106 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } |
| 107 /* any extra entries will appear as { 0, NULL } */ |
| 108 }; |
| 109 @@ -639,6 +645,39 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 e
x_type, |
| 110 return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); |
| 111 } |
| 112 |
| 113 +static SECStatus |
| 114 +ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) |
| 115 +{ |
| 116 + const unsigned char* d = data->data; |
| 117 + PRUint16 name_list_len; |
| 118 + SECItem protocol_name; |
| 119 + |
| 120 + /* The extension data from the server has the following format: |
| 121 + * uint16 name_list_len; |
| 122 + * uint8 len; |
| 123 + * uint8 protocol_name[len]; */ |
| 124 + if (data->len < 4 || data->len > 2 + 1 + 255) { |
| 125 + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); |
| 126 + return SECFailure; |
| 127 + } |
| 128 + |
| 129 + name_list_len = ((PRUint16) d[0]) << 8 | |
| 130 + ((PRUint16) d[1]); |
| 131 + if (name_list_len != data->len - 2 || |
| 132 + d[2] != data->len - 3) { |
| 133 + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); |
| 134 + return SECFailure; |
| 135 + } |
| 136 + |
| 137 + protocol_name.data = data->data + 3; |
| 138 + protocol_name.len = data->len - 3; |
| 139 + |
| 140 + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 141 + ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; |
| 142 + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; |
| 143 + return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &protocol_name); |
| 144 +} |
| 145 + |
| 146 static PRInt32 |
| 147 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, |
| 148 PRUint32 maxBytes) |
| 149 @@ -672,6 +711,44 @@ loser: |
| 150 return -1; |
| 151 } |
| 152 |
| 153 +static PRInt32 |
| 154 +ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) |
| 155 +{ |
| 156 + PRInt32 extension_length; |
| 157 + |
| 158 + /* Renegotiations do not send this extension. */ |
| 159 + if (!ss->opt.nextProtoNego.data || ss->firstHsDone) { |
| 160 + return 0; |
| 161 + } |
| 162 + |
| 163 + extension_length = 2 /* extension type */ + 2 /* extension length */ + |
| 164 + 2 /* protocol name list length */ + |
| 165 + ss->opt.nextProtoNego.len; |
| 166 + |
| 167 + if (append && maxBytes >= extension_length) { |
| 168 + SECStatus rv; |
| 169 + rv = ssl3_AppendHandshakeNumber(ss, ssl_application_layer_protocol, 2); |
| 170 + if (rv != SECSuccess) |
| 171 + goto loser; |
| 172 + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); |
| 173 + if (rv != SECSuccess) |
| 174 + goto loser; |
| 175 + rv = ssl3_AppendHandshakeVariable(ss, ss->opt.nextProtoNego.data, |
| 176 + ss->opt.nextProtoNego.len, 2); |
| 177 + if (rv != SECSuccess) |
| 178 + goto loser; |
| 179 + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = |
| 180 + ssl_application_layer_protocol; |
| 181 + } else if (maxBytes < extension_length) { |
| 182 + return 0; |
| 183 + } |
| 184 + |
| 185 + return extension_length; |
| 186 + |
| 187 +loser: |
| 188 + return -1; |
| 189 +} |
| 190 + |
| 191 static SECStatus |
| 192 ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, |
| 193 SECItem *data) |
| 194 diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h |
| 195 index 109640c..96ec04e 100644 |
| 196 --- a/net/third_party/nss/ssl/sslt.h |
| 197 +++ b/net/third_party/nss/ssl/sslt.h |
| 198 @@ -196,12 +196,13 @@ typedef enum { |
| 199 #endif |
| 200 ssl_signature_algorithms_xtn = 13, |
| 201 ssl_use_srtp_xtn = 14, |
| 202 + ssl_application_layer_protocol = 16, |
| 203 ssl_session_ticket_xtn = 35, |
| 204 ssl_next_proto_nego_xtn = 13172, |
| 205 ssl_channel_id_xtn = 30031, |
| 206 ssl_renegotiation_info_xtn = 0xff01 /* experimental number */ |
| 207 } SSLExtensionType; |
| 208 |
| 209 -#define SSL_MAX_EXTENSIONS 10 |
| 210 +#define SSL_MAX_EXTENSIONS 11 |
| 211 |
| 212 #endif /* __sslt_h_ */ |
| OLD | NEW |
|---|
Chromium Code Reviews
