Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/aesgcmchromium.patch

Issue 962593002: Use dlsym(RTLD_DEFAULT) instead of dlsym(dlopen(NULL)) in aesgcmchromium.patch. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address Ryan's comments -> fix the .patch. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c 1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
2 --- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800 2 --- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800
3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800 3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800
4 @@ -44,6 +44,9 @@ 4 @@ -8,6 +8,7 @@
5
6 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
7
8 +#define _GNU_SOURCE 1
9 #include "cert.h"
10 #include "ssl.h"
11 #include "cryptohi.h"» /* for DSAU_ stuff */
12 @@ -44,6 +45,9 @@
5 #ifdef NSS_ENABLE_ZLIB 13 #ifdef NSS_ENABLE_ZLIB
6 #include "zlib.h" 14 #include "zlib.h"
7 #endif 15 #endif
8 +#ifdef LINUX 16 +#ifdef LINUX
9 +#include <dlfcn.h> 17 +#include <dlfcn.h>
10 +#endif 18 +#endif
11 19
12 #ifndef PK11_SETATTRS 20 #ifndef PK11_SETATTRS
13 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \ 21 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
14 @@ -1842,6 +1845,69 @@ ssl3_BuildRecordPseudoHeader(unsigned ch 22 @@ -1842,6 +1846,63 @@ ssl3_BuildRecordPseudoHeader(unsigned ch
15 return 13; 23 return 13;
16 } 24 }
17 25
18 +typedef SECStatus (*PK11CryptFcn)( 26 +typedef SECStatus (*PK11CryptFcn)(
19 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param, 27 + PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism, SECItem *param,
20 + unsigned char *out, unsigned int *outLen, unsigned int maxLen, 28 + unsigned char *out, unsigned int *outLen, unsigned int maxLen,
21 + const unsigned char *in, unsigned int inLen); 29 + const unsigned char *in, unsigned int inLen);
22 + 30 +
23 +static PK11CryptFcn pk11_encrypt = NULL; 31 +static PK11CryptFcn pk11_encrypt = NULL;
24 +static PK11CryptFcn pk11_decrypt = NULL; 32 +static PK11CryptFcn pk11_decrypt = NULL;
25 + 33 +
26 +static PRCallOnceType resolvePK11CryptOnce; 34 +static PRCallOnceType resolvePK11CryptOnce;
27 + 35 +
28 +static PRStatus 36 +static PRStatus
29 +ssl3_ResolvePK11CryptFunctions(void) 37 +ssl3_ResolvePK11CryptFunctions(void)
30 +{ 38 +{
31 +#ifdef LINUX 39 +#ifdef LINUX
32 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and 40 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and
33 + * PK11_Decrypt functions at run time. */ 41 + * PK11_Decrypt functions at run time. */
34 + void *handle = dlopen(NULL, RTLD_LAZY); 42 + pk11_encrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Encrypt");
35 + if (!handle) { 43 + pk11_decrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Decrypt");
36 +» PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
37 +» return PR_FAILURE;
38 + }
39 + pk11_encrypt = (PK11CryptFcn)dlsym(handle, "PK11_Encrypt");
40 + pk11_decrypt = (PK11CryptFcn)dlsym(handle, "PK11_Decrypt");
41 + dlclose(handle);
42 + return PR_SUCCESS; 44 + return PR_SUCCESS;
43 +#else 45 +#else
44 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and 46 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and
45 + * PK11_Decrypt are known to be available. */ 47 + * PK11_Decrypt are known to be available. */
46 + pk11_encrypt = PK11_Encrypt; 48 + pk11_encrypt = PK11_Encrypt;
47 + pk11_decrypt = PK11_Decrypt; 49 + pk11_decrypt = PK11_Decrypt;
48 + return PR_SUCCESS; 50 + return PR_SUCCESS;
49 +#endif 51 +#endif
50 +} 52 +}
51 + 53 +
(...skipping 22 matching lines...) Expand all
74 + PR_FALSE); 76 + PR_FALSE);
75 + PORT_Assert(rv == SECSuccess); /* else is coding error */ 77 + PORT_Assert(rv == SECSuccess); /* else is coding error */
76 + } 78 + }
77 + } 79 + }
78 + return SECSuccess; 80 + return SECSuccess;
79 +} 81 +}
80 + 82 +
81 static SECStatus 83 static SECStatus
82 ssl3_AESGCM(ssl3KeyMaterial *keys, 84 ssl3_AESGCM(ssl3KeyMaterial *keys,
83 PRBool doDecrypt, 85 PRBool doDecrypt,
84 @@ -1893,10 +1959,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys, 86 @@ -1893,10 +1960,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
85 gcmParams.ulTagBits = tagSize * 8; 87 gcmParams.ulTagBits = tagSize * 8;
86 88
87 if (doDecrypt) { 89 if (doDecrypt) {
88 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen, 90 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
89 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen, 91 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
90 maxout, in, inlen); 92 maxout, in, inlen);
91 } else { 93 } else {
92 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen, 94 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
93 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen, 95 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
94 maxout, in, inlen); 96 maxout, in, inlen);
95 } 97 }
96 *outlen += (int) uOutLen; 98 *outlen += (int) uOutLen;
97 @@ -5103,6 +5169,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo 99 @@ -5103,6 +5170,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
98 ssl3_DisableNonDTLSSuites(ss); 100 ssl3_DisableNonDTLSSuites(ss);
99 } 101 }
100 102
101 + if (!ssl3_HasGCMSupport()) { 103 + if (!ssl3_HasGCMSupport()) {
102 + ssl3_DisableGCMSuites(ss); 104 + ssl3_DisableGCMSuites(ss);
103 + } 105 + }
104 + 106 +
105 /* how many suites are permitted by policy and user preference? */ 107 /* how many suites are permitted by policy and user preference? */
106 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); 108 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);
107 if (!num_suites) { 109 if (!num_suites) {
108 @@ -8080,6 +8150,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS 110 @@ -8080,6 +8151,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS
109 ssl3_DisableNonDTLSSuites(ss); 111 ssl3_DisableNonDTLSSuites(ss);
110 } 112 }
111 113
112 + if (!ssl3_HasGCMSupport()) { 114 + if (!ssl3_HasGCMSupport()) {
113 + ssl3_DisableGCMSuites(ss); 115 + ssl3_DisableGCMSuites(ss);
114 + } 116 + }
115 + 117 +
116 #ifdef PARANOID 118 #ifdef PARANOID
117 /* Look for a matching cipher suite. */ 119 /* Look for a matching cipher suite. */
118 j = ssl3_config_match_init(ss); 120 j = ssl3_config_match_init(ss);
OLDNEW
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698