Index: net/third_party/nss/patches/tls12chromium.patch |
diff --git a/net/third_party/nss/patches/tls12chromium.patch b/net/third_party/nss/patches/tls12chromium.patch |
deleted file mode 100644 |
index b6e168b53ccac25cfa03599be4f3fef01618b250..0000000000000000000000000000000000000000 |
--- a/net/third_party/nss/patches/tls12chromium.patch |
+++ /dev/null |
@@ -1,104 +0,0 @@ |
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
-index ce92cf1..c5cb1eb 100644 |
---- a/lib/ssl/ssl3con.c |
-+++ b/lib/ssl/ssl3con.c |
-@@ -33,6 +33,15 @@ |
- #include "blapi.h" |
- #endif |
- |
-+/* This is a bodge to allow this code to be compiled against older NSS headers |
-+ * that don't contain the TLS 1.2 changes. */ |
-+#ifndef CKM_NSS_TLS_PRF_GENERAL_SHA256 |
-+#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) |
-+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) |
-+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) |
-+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
-+#endif |
-+ |
- #include <stdio.h> |
- #ifdef NSS_ENABLE_ZLIB |
- #include "zlib.h" |
-diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c |
-index 6d89bbe..cf8e741 100644 |
---- a/lib/ssl/ssl3ecc.c |
-+++ b/lib/ssl/ssl3ecc.c |
-@@ -31,6 +31,12 @@ |
- |
- #include <stdio.h> |
- |
-+/* This is a bodge to allow this code to be compiled against older NSS headers |
-+ * that don't contain the TLS 1.2 changes. */ |
-+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
-+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
-+#endif |
-+ |
- #ifndef NSS_DISABLE_ECC |
- |
- #ifndef PK11_SETATTRS |
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
-index c9a4493..6d700a7 100644 |
---- a/lib/ssl/sslsock.c |
-+++ b/lib/ssl/sslsock.c |
-@@ -17,9 +17,16 @@ |
- #ifndef NO_PKCS11_BYPASS |
- #include "blapi.h" |
- #endif |
-+#include "pk11pub.h" |
- #include "nss.h" |
- #include "pk11pqg.h" |
- |
-+/* This is a bodge to allow this code to be compiled against older NSS headers |
-+ * that don't contain the TLS 1.2 changes. */ |
-+#ifndef CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 |
-+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) |
-+#endif |
-+ |
- #define SET_ERROR_CODE /* reminder */ |
- |
- static const sslSocketOps ssl_default_ops = { /* No SSL. */ |
-@@ -2133,6 +2140,24 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange) |
- return SECSuccess; |
- } |
- |
-+static PRCallOnceType checkTLS12TokenOnce; |
-+static PRBool tls12TokenExists; |
-+ |
-+static PRStatus |
-+ssl_CheckTLS12Token(void) |
-+{ |
-+ tls12TokenExists = |
-+ PK11_TokenExists(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256); |
-+ return PR_SUCCESS; |
-+} |
-+ |
-+static PRBool |
-+ssl_TLS12TokenExists(void) |
-+{ |
-+ (void) PR_CallOnce(&checkTLS12TokenOnce, ssl_CheckTLS12Token); |
-+ return tls12TokenExists; |
-+} |
-+ |
- SECStatus |
- SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) |
- { |
-@@ -2153,6 +2178,20 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange) |
- ssl_GetSSL3HandshakeLock(ss); |
- |
- ss->vrange = *vrange; |
-+ /* If we don't have a sufficiently up-to-date softoken then we cannot do |
-+ * TLS 1.2. */ |
-+ if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_2 && |
-+ !ssl_TLS12TokenExists()) { |
-+ /* If the user requested a minimum version of 1.2, then we don't |
-+ * silently downgrade. */ |
-+ if (ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_2) { |
-+ ssl_ReleaseSSL3HandshakeLock(ss); |
-+ ssl_Release1stHandshakeLock(ss); |
-+ PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); |
-+ return SECFailure; |
-+ } |
-+ ss->vrange.max = SSL_LIBRARY_VERSION_TLS_1_1; |
-+ } |
- |
- ssl_ReleaseSSL3HandshakeLock(ss); |
- ssl_Release1stHandshakeLock(ss); |