Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(104)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/patches/balloonextension.patch

Issue 62103003: NSS: add `balloon' extension to when we might hit the F5 bug. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/README.chromium ('K') | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/balloonextension.patch
diff --git a/net/third_party/nss/patches/balloonextension.patch b/net/third_party/nss/patches/balloonextension.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4f008109596d2d042ee82614818f0aaf2d5c3c70
--- /dev/null
+++ b/net/third_party/nss/patches/balloonextension.patch
@@ -0,0 +1,130 @@
+diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+index 8b8b758..f5b973b 100644
+--- a/nss/lib/ssl/ssl3con.c
++++ b/nss/lib/ssl/ssl3con.c
+@@ -4974,7 +4974,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+ int actual_count = 0;
+ PRBool isTLS = PR_FALSE;
+ PRBool requestingResume = PR_FALSE;
+- PRInt32 total_exten_len = 0;
++ PRInt32 total_exten_len = 0, balloonExtensionLen;
+ unsigned numCompressionMethods;
+ PRInt32 flags;
+
+@@ -5241,6 +5241,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+ length += 1 + ss->ssl3.hs.cookieLen;
+ }
+
++ balloonExtensionLen = ssl3_CalculateBalloonExtensionLength(length);
++ total_exten_len += balloonExtensionLen;
++ length += balloonExtensionLen;
++
+ rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
+ if (rv != SECSuccess) {
+ return rv; /* err set by ssl3_AppendHandshake* */
+@@ -5360,6 +5364,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+ return SECFailure;
+ }
+ maxBytes -= extLen;
++
++ extLen = ssl3_AppendBalloonExtension(ss, balloonExtensionLen, maxBytes);
++ if (extLen < 0) {
++ return SECFailure;
++ }
++ maxBytes -= extLen;
++
+ PORT_Assert(!maxBytes);
+ }
+ if (ss->ssl3.hs.sendingSCSV) {
+diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+index 0415770..a596c37 100644
+--- a/nss/lib/ssl/ssl3ext.c
++++ b/nss/lib/ssl/ssl3ext.c
+@@ -2297,3 +2297,54 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
+ loser:
+ return -1;
+ }
++
++PRInt32
++ssl3_CalculateBalloonExtensionLength(int clientHelloLength)
++{
++ int recordLength = clientHelloLength +
++ 1 /* handshake message type */ +
++ 3 /* handshake message length */;
++
++ if (recordLength < 256 || recordLength >= 512) {
++ return 0;
++ }
++
++ return 512 - recordLength;
++}
++
++/* ssl3_AppendBalloonExtension possibly adds an extension which ensures that a
++ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
++ * that we don't trigger bugs in F5 products. */
++PRInt32
++ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes)
++{
++ SECStatus rv;
++ PRInt32 paddingLen = extensionLen - 4;
++ unsigned char *padding;
++
++ if (extensionLen == 0) {
++ return 0;
++ }
++
++ if (extensionLen > maxBytes) {
++ PORT_Assert(0);
++ return 0;
++ }
++
++ rv = ssl3_AppendHandshakeNumber(ss, ssl_balloon_xtn, 2);
++ if (rv != SECSuccess)
++ return -1;
++ rv = ssl3_AppendHandshakeNumber(ss, paddingLen, 2);
++ if (rv != SECSuccess)
++ return -1;
++ padding = PORT_Alloc(paddingLen);
++ if (!padding)
++ return -1;
++ memset(padding, ' ', paddingLen);
++ rv = ssl3_AppendHandshake(ss, padding, paddingLen);
++ PORT_Free(padding);
++ if (rv != SECSuccess)
++ return -1;
++
++ return extensionLen;
++}
+diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+index 614eed1..0fa5087 100644
+--- a/nss/lib/ssl/sslimpl.h
++++ b/nss/lib/ssl/sslimpl.h
+@@ -237,6 +237,12 @@ extern PRInt32
+ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
+ const ssl3HelloExtensionSender *sender);
+
++extern PRInt32
++ssl3_CalculateBalloonExtensionLength(int clientHelloLength);
++
++extern PRInt32
++ssl3_AppendBalloonExtension(sslSocket *ss, int extensionLen, PRUint32 maxBytes);
++
+ /* Socket ops */
+ struct sslSocketOpsStr {
+ int (*connect) (sslSocket *, const PRNetAddr *);
+diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
+index a8007d8..542afd7 100644
+--- a/nss/lib/ssl/sslt.h
++++ b/nss/lib/ssl/sslt.h
+@@ -205,9 +205,10 @@ typedef enum {
+ ssl_session_ticket_xtn = 35,
+ ssl_next_proto_nego_xtn = 13172,
+ ssl_channel_id_xtn = 30031,
++ ssl_balloon_xtn = 35655,
+ ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
+ } SSLExtensionType;
+
+-#define SSL_MAX_EXTENSIONS 11
++#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_balloon_xtn. */
+
+ #endif /* __sslt_h_ */
« net/third_party/nss/README.chromium ('K') | « net/third_party/nss/patches/applypatches.sh ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698