OLD | NEW |
1 --- net/third_party/nss/ssl/ssl3con.c.orig» 2013-08-14 14:22:50.479780305 -0
700 | 1 --- net/third_party/nss/ssl/ssl3con.c.orig» 2013-08-20 12:00:16.742760827 -0
700 |
2 +++ net/third_party/nss/ssl/ssl3con.c» 2013-08-14 14:23:57.670788603 -0700 | 2 +++ net/third_party/nss/ssl/ssl3con.c» 2013-08-20 11:59:56.782463207 -0700 |
3 @@ -44,6 +44,9 @@ | 3 @@ -44,6 +44,9 @@ |
4 #ifdef NSS_ENABLE_ZLIB | 4 #ifdef NSS_ENABLE_ZLIB |
5 #include "zlib.h" | 5 #include "zlib.h" |
6 #endif | 6 #endif |
7 +#ifdef LINUX | 7 +#ifdef LINUX |
8 +#include <dlfcn.h> | 8 +#include <dlfcn.h> |
9 +#endif | 9 +#endif |
10 | 10 |
11 #ifndef PK11_SETATTRS | 11 #ifndef PK11_SETATTRS |
12 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ | 12 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ |
13 @@ -1807,6 +1810,69 @@ ssl3_BuildRecordPseudoHeader(unsigned ch | 13 @@ -1819,6 +1822,69 @@ ssl3_BuildRecordPseudoHeader(unsigned ch |
14 return 13; | 14 return 13; |
15 } | 15 } |
16 | 16 |
17 +typedef SECStatus (*PK11CryptFcn)( | 17 +typedef SECStatus (*PK11CryptFcn)( |
18 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, | 18 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, |
19 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, | 19 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, |
20 + const unsigned char *in, unsigned int inLen); | 20 + const unsigned char *in, unsigned int inLen); |
21 + | 21 + |
22 +static PK11CryptFcn pk11_encrypt = NULL; | 22 +static PK11CryptFcn pk11_encrypt = NULL; |
23 +static PK11CryptFcn pk11_decrypt = NULL; | 23 +static PK11CryptFcn pk11_decrypt = NULL; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
73 + PR_FALSE); | 73 + PR_FALSE); |
74 + PORT_Assert(rv == SECSuccess); /* else is coding error */ | 74 + PORT_Assert(rv == SECSuccess); /* else is coding error */ |
75 + } | 75 + } |
76 + } | 76 + } |
77 + return SECSuccess; | 77 + return SECSuccess; |
78 +} | 78 +} |
79 + | 79 + |
80 static SECStatus | 80 static SECStatus |
81 ssl3_AESGCM(ssl3KeyMaterial *keys, | 81 ssl3_AESGCM(ssl3KeyMaterial *keys, |
82 PRBool doDecrypt, | 82 PRBool doDecrypt, |
83 @@ -1869,10 +1935,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, | 83 @@ -1870,10 +1936,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, |
84 gcmParams.ulTagBits = tagSize * 8; | 84 gcmParams.ulTagBits = tagSize * 8; |
85 | 85 |
86 if (doDecrypt) { | 86 if (doDecrypt) { |
87 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 87 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
88 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 88 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
89 maxout, in, inlen); | 89 maxout, in, inlen); |
90 } else { | 90 } else { |
91 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 91 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
92 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, | 92 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, |
93 maxout, in, inlen); | 93 maxout, in, inlen); |
94 } | 94 } |
95 *outlen += (int) uOutLen; | 95 *outlen += (int) uOutLen; |
96 @@ -5071,6 +5137,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo | 96 @@ -5023,6 +5089,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo |
97 ssl3_DisableNonDTLSSuites(ss); | 97 ssl3_DisableNonDTLSSuites(ss); |
98 } | 98 } |
99 | 99 |
100 + if (!ssl3_HasGCMSupport()) { | 100 + if (!ssl3_HasGCMSupport()) { |
101 + ssl3_DisableGCMSuites(ss); | 101 + ssl3_DisableGCMSuites(ss); |
102 + } | 102 + } |
103 + | 103 + |
104 /* how many suites are permitted by policy and user preference? */ | 104 /* how many suites are permitted by policy and user preference? */ |
105 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); | 105 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); |
106 if (!num_suites) | 106 if (!num_suites) |
107 @@ -7776,6 +7846,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS | 107 @@ -7728,6 +7798,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS |
108 ssl3_DisableNonDTLSSuites(ss); | 108 ssl3_DisableNonDTLSSuites(ss); |
109 } | 109 } |
110 | 110 |
111 + if (!ssl3_HasGCMSupport()) { | 111 + if (!ssl3_HasGCMSupport()) { |
112 + ssl3_DisableGCMSuites(ss); | 112 + ssl3_DisableGCMSuites(ss); |
113 + } | 113 + } |
114 + | 114 + |
115 #ifdef PARANOID | 115 #ifdef PARANOID |
116 /* Look for a matching cipher suite. */ | 116 /* Look for a matching cipher suite. */ |
117 j = ssl3_config_match_init(ss); | 117 j = ssl3_config_match_init(ss); |
OLD | NEW |