Index: net/third_party/nss/patches/cipherorder.patch |
diff --git a/net/third_party/nss/patches/cipherorder.patch b/net/third_party/nss/patches/cipherorder.patch |
index eb15be7b73551c22785868cab03bba37f88bd27a..26e83261f7f84d42fbad349c474f0d597076f904 100644 |
--- a/net/third_party/nss/patches/cipherorder.patch |
+++ b/net/third_party/nss/patches/cipherorder.patch |
@@ -1,5 +1,5 @@ |
diff --git a/lib/ssl/ssl.h b/lib/ssl/ssl.h |
-index db09425..437a822 100644 |
+index 3550580..70665a1 100644 |
--- a/lib/ssl/ssl.h |
+++ b/lib/ssl/ssl.h |
@@ -387,6 +387,13 @@ SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, |
@@ -17,10 +17,10 @@ index db09425..437a822 100644 |
* values. See RFC 5929. */ |
typedef enum SSLChannelBindingType { |
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c |
-index 5c09f25..572bba9 100644 |
+index d7d186a..b100b9b 100644 |
--- a/lib/ssl/ssl3con.c |
+++ b/lib/ssl/ssl3con.c |
-@@ -13390,6 +13390,46 @@ SSL_SignatureMaxCount() { |
+@@ -13797,6 +13797,46 @@ SSL_SignatureMaxCount() |
return MAX_SIGNATURE_ALGORITHMS; |
} |
@@ -32,33 +32,33 @@ index 5c09f25..572bba9 100644 |
+ unsigned int i, done; |
+ |
+ for (i = done = 0; i < len; i++) { |
-+ PRUint16 id = ciphers[i]; |
-+ unsigned int existingIndex, j; |
-+ PRBool found = PR_FALSE; |
++ PRUint16 id = ciphers[i]; |
++ unsigned int existingIndex, j; |
++ PRBool found = PR_FALSE; |
+ |
-+ for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
-+ if (ss->cipherSuites[j].cipher_suite == id) { |
-+ existingIndex = j; |
-+ found = PR_TRUE; |
-+ break; |
-+ } |
-+ } |
++ for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
++ if (ss->cipherSuites[j].cipher_suite == id) { |
++ existingIndex = j; |
++ found = PR_TRUE; |
++ break; |
++ } |
++ } |
+ |
-+ if (!found) { |
-+ continue; |
-+ } |
++ if (!found) { |
++ continue; |
++ } |
+ |
-+ if (existingIndex != done) { |
-+ const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; |
-+ ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; |
-+ ss->cipherSuites[existingIndex] = temp; |
-+ } |
-+ done++; |
++ if (existingIndex != done) { |
++ const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; |
++ ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; |
++ ss->cipherSuites[existingIndex] = temp; |
++ } |
++ done++; |
+ } |
+ |
+ /* Disable all cipher suites that weren't included. */ |
+ for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) { |
-+ ss->cipherSuites[done].enabled = 0; |
++ ss->cipherSuites[done].enabled = 0; |
+ } |
+ |
+ return SECSuccess; |
@@ -68,23 +68,23 @@ index 5c09f25..572bba9 100644 |
void |
ssl3_InitSocketPolicy(sslSocket *ss) |
diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h |
-index 080debe..3403091 100644 |
+index c0e3a0b..f56ab53 100644 |
--- a/lib/ssl/sslimpl.h |
+++ b/lib/ssl/sslimpl.h |
-@@ -1786,6 +1786,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool |
+@@ -1835,6 +1835,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool |
extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); |
extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); |
extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); |
+extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *cipher, |
-+ unsigned int len); |
++ unsigned int len); |
extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); |
extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); |
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c |
-index 28e3543..8ad1517 100644 |
+index e312d82..e82c916 100644 |
--- a/lib/ssl/sslsock.c |
+++ b/lib/ssl/sslsock.c |
-@@ -1369,6 +1369,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) |
+@@ -1500,6 +1500,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) |
} |
SECStatus |
@@ -93,9 +93,9 @@ index 28e3543..8ad1517 100644 |
+ sslSocket *ss = ssl_FindSocket(fd); |
+ |
+ if (!ss) { |
-+ SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), |
-+ fd)); |
-+ return SECFailure; |
++ SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(), |
++ fd)); |
++ return SECFailure; |
+ } |
+ return ssl3_CipherOrderSet(ss, ciphers, len); |
+} |
@@ -103,4 +103,4 @@ index 28e3543..8ad1517 100644 |
+SECStatus |
SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled) |
{ |
- SECStatus rv; |
+ SECStatus rv; |