Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(463)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/cipherorder.patch

Issue 1844813002: Uprev NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more GN fix Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/third_party/nss/patches/channelid.patch ('k') | net/third_party/nss/patches/clientauth.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h 1 diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h
2 index db09425..437a822 100644 2 index 3550580..70665a1 100644
3 --- a/lib/ssl/ssl.h 3 --- a/lib/ssl/ssl.h
4 +++ b/lib/ssl/ssl.h 4 +++ b/lib/ssl/ssl.h
5 @@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, 5 @@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
6 */ 6 */
7 SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled ); 7 SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled );
8 8
9 +/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|, 9 +/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
10 + * which must be an array of cipher suite ids of length |len|. All the given 10 + * which must be an array of cipher suite ids of length |len|. All the given
11 + * cipher suite ids must appear in the array that is returned by 11 + * cipher suite ids must appear in the array that is returned by
12 + * |SSL_GetImplementedCiphers| and may only appear once, at most. */ 12 + * |SSL_GetImplementedCiphers| and may only appear once, at most. */
13 +SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers , 13 +SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers ,
14 + unsigned int len); 14 + unsigned int len);
15 + 15 +
16 /* SSLChannelBindingType enumerates the types of supported channel binding 16 /* SSLChannelBindingType enumerates the types of supported channel binding
17 * values. See RFC 5929. */ 17 * values. See RFC 5929. */
18 typedef enum SSLChannelBindingType { 18 typedef enum SSLChannelBindingType {
19 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c 19 diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
20 index 5c09f25..572bba9 100644 20 index d7d186a..b100b9b 100644
21 --- a/lib/ssl/ssl3con.c 21 --- a/lib/ssl/ssl3con.c
22 +++ b/lib/ssl/ssl3con.c 22 +++ b/lib/ssl/ssl3con.c
23 @@ -13390,6 +13390,46 @@ SSL_SignatureMaxCount() { 23 @@ -13797,6 +13797,46 @@ SSL_SignatureMaxCount()
24 return MAX_SIGNATURE_ALGORITHMS; 24 return MAX_SIGNATURE_ALGORITHMS;
25 } 25 }
26 26
27 +SECStatus 27 +SECStatus
28 +ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len) 28 +ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
29 +{ 29 +{
30 + /* |i| iterates over |ciphers| while |done| and |j| iterate over 30 + /* |i| iterates over |ciphers| while |done| and |j| iterate over
31 + * |ss->cipherSuites|. */ 31 + * |ss->cipherSuites|. */
32 + unsigned int i, done; 32 + unsigned int i, done;
33 + 33 +
34 + for (i = done = 0; i < len; i++) { 34 + for (i = done = 0; i < len; i++) {
35 +» PRUint16 id = ciphers[i]; 35 + PRUint16 id = ciphers[i];
36 +» unsigned int existingIndex, j; 36 + unsigned int existingIndex, j;
37 +» PRBool found = PR_FALSE; 37 + PRBool found = PR_FALSE;
38 + 38 +
39 +» for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { 39 + for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
40 +» if (ss->cipherSuites[j].cipher_suite == id) { 40 + if (ss->cipherSuites[j].cipher_suite == id) {
41 +» » existingIndex = j; 41 + existingIndex = j;
42 +» » found = PR_TRUE; 42 + found = PR_TRUE;
43 +» » break; 43 + break;
44 +» } 44 + }
45 +» } 45 + }
46 + 46 +
47 +» if (!found) { 47 + if (!found) {
48 +» continue; 48 + continue;
49 +» } 49 + }
50 + 50 +
51 +» if (existingIndex != done) { 51 + if (existingIndex != done) {
52 +» const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; 52 + const ssl3CipherSuiteCfg temp = ss->cipherSuites[done];
53 +» ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; 53 + ss->cipherSuites[done] = ss->cipherSuites[existingIndex];
54 +» ss->cipherSuites[existingIndex] = temp; 54 + ss->cipherSuites[existingIndex] = temp;
55 +» } 55 + }
56 +» done++; 56 + done++;
57 + } 57 + }
58 + 58 +
59 + /* Disable all cipher suites that weren't included. */ 59 + /* Disable all cipher suites that weren't included. */
60 + for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) { 60 + for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) {
61 +» ss->cipherSuites[done].enabled = 0; 61 + ss->cipherSuites[done].enabled = 0;
62 + } 62 + }
63 + 63 +
64 + return SECSuccess; 64 + return SECSuccess;
65 +} 65 +}
66 + 66 +
67 /* copy global default policy into socket. */ 67 /* copy global default policy into socket. */
68 void 68 void
69 ssl3_InitSocketPolicy(sslSocket *ss) 69 ssl3_InitSocketPolicy(sslSocket *ss)
70 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h 70 diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
71 index 080debe..3403091 100644 71 index c0e3a0b..f56ab53 100644
72 --- a/lib/ssl/sslimpl.h 72 --- a/lib/ssl/sslimpl.h
73 +++ b/lib/ssl/sslimpl.h 73 +++ b/lib/ssl/sslimpl.h
74 @@ -1786,6 +1786,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3Cip herSuite which, PRBool 74 @@ -1835,6 +1835,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3Cip herSuite which, PRBool
75 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBoo l *on); 75 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBoo l *on);
76 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enable d); 76 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enable d);
77 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabl ed); 77 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabl ed);
78 +extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciph er, 78 +extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciph er,
79 +» » » » unsigned int len); 79 + unsigned int len);
80 80
81 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); 81 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
82 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); 82 extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
83 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c 83 diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
84 index 28e3543..8ad1517 100644 84 index e312d82..e82c916 100644
85 --- a/lib/ssl/sslsock.c 85 --- a/lib/ssl/sslsock.c
86 +++ b/lib/ssl/sslsock.c 86 +++ b/lib/ssl/sslsock.c
87 @@ -1369,6 +1369,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool e nabled) 87 @@ -1500,6 +1500,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool e nabled)
88 } 88 }
89 89
90 SECStatus 90 SECStatus
91 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len) 91 +SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
92 +{ 92 +{
93 + sslSocket *ss = ssl_FindSocket(fd); 93 + sslSocket *ss = ssl_FindSocket(fd);
94 + 94 +
95 + if (!ss) { 95 + if (!ss) {
96 +» SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), 96 + SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
97 +» » fd)); 97 + fd));
98 +» return SECFailure; 98 + return SECFailure;
99 + } 99 + }
100 + return ssl3_CipherOrderSet(ss, ciphers, len); 100 + return ssl3_CipherOrderSet(ss, ciphers, len);
101 +} 101 +}
102 + 102 +
103 +SECStatus 103 +SECStatus
104 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) 104 SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
105 { 105 {
106 SECStatus rv; 106 SECStatus rv;
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/channelid.patch ('k') | net/third_party/nss/patches/clientauth.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698