net/third_party/nss/patches/aesgcmchromium.patch - Issue 962593002: Use dlsym(RTLD_DEFAULT) instead of dlsym(dlopen(NULL)) in aesgcmchromium.patch.

Side by Side Diff: net/third_party/nss/patches/aesgcmchromium.patch

Issue 962593002: Use dlsym(RTLD_DEFAULT) instead of dlsym(dlopen(NULL)) in aesgcmchromium.patch. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Merge the patch change into aesgcmchromium.patch Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c	1 diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c

2 --- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800	2 --- a/nss/lib/ssl/ssl3con.c 2014-01-17 18:04:43.127747463 -0800

3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800	3 +++ b/nss/lib/ssl/ssl3con.c 2014-01-17 18:06:21.919386088 -0800

	4 @@ -8,6 +8,7 @@

	5

	6 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */

	7

	8 +#define _GNU_SOURCE 1

	9 #include "cert.h"

	10 #include "ssl.h"

	11 #include "cryptohi.h" /* for DSAU_ stuff */

4 @@ -44,6 +44,9 @@	12 @@ -44,6 +44,9 @@
	Ryan Sleevi 2015/03/02 21:15:14 +44,9 -> +45,9 +44,9 -> +45,9 ppi 2015/03/03 10:17:02 Done. Show quoted text On 2015/03/02 21:15:14, Ryan Sleevi wrote: > +44,9 -> +45,9 Done.
5 #ifdef NSS_ENABLE_ZLIB	13 #ifdef NSS_ENABLE_ZLIB

6 #include "zlib.h"	14 #include "zlib.h"

7 #endif	15 #endif

8 +#ifdef LINUX	16 +#ifdef LINUX

9 +#include <dlfcn.h>	17 +#include <dlfcn.h>

10 +#endif	18 +#endif

11	19

12 #ifndef PK11_SETATTRS	20 #ifndef PK11_SETATTRS

13 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \	21 #define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \

14 @@ -1842,6 +1845,69 @@ ssl3_BuildRecordPseudoHeader(unsigned ch	22 @@ -1842,6 +1845,69 @@ ssl3_BuildRecordPseudoHeader(unsigned ch
	Ryan Sleevi 2015/03/02 21:15:15 +1845,69 -> +1846,63 (Since you deleted 6 lines, +1845,69 -> +1846,63 (Since you deleted 6 lines, and +1 for the context offset in the new file) ppi 2015/03/03 10:17:02 Done. Show quoted text On 2015/03/02 21:15:15, Ryan Sleevi wrote: > +1845,69 -> +1846,63 > > (Since you deleted 6 lines, and +1 for the context offset in the new file) Done.
15 return 13;	23 return 13;

16 }	24 }

17	25

18 +typedef SECStatus (*PK11CryptFcn)(	26 +typedef SECStatus (*PK11CryptFcn)(

19 + PK11SymKey symKey, CK_MECHANISM_TYPE mechanism, SECItem param,	27 + PK11SymKey symKey, CK_MECHANISM_TYPE mechanism, SECItem param,

20 + unsigned char out, unsigned int outLen, unsigned int maxLen,	28 + unsigned char out, unsigned int outLen, unsigned int maxLen,

21 + const unsigned char *in, unsigned int inLen);	29 + const unsigned char *in, unsigned int inLen);

22 +	30 +

23 +static PK11CryptFcn pk11_encrypt = NULL;	31 +static PK11CryptFcn pk11_encrypt = NULL;

24 +static PK11CryptFcn pk11_decrypt = NULL;	32 +static PK11CryptFcn pk11_decrypt = NULL;

25 +	33 +

26 +static PRCallOnceType resolvePK11CryptOnce;	34 +static PRCallOnceType resolvePK11CryptOnce;

27 +	35 +

28 +static PRStatus	36 +static PRStatus

29 +ssl3_ResolvePK11CryptFunctions(void)	37 +ssl3_ResolvePK11CryptFunctions(void)

30 +{	38 +{

31 +#ifdef LINUX	39 +#ifdef LINUX

32 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and	40 + /* On Linux we use the system NSS libraries. Look up the PK11_Encrypt and

33 + * PK11_Decrypt functions at run time. */	41 + * PK11_Decrypt functions at run time. */

34 + void *handle = dlopen(NULL, RTLD_LAZY);	42 + pk11_encrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Encrypt");

35 + if (!handle) {	43 + pk11_decrypt = (PK11CryptFcn)dlsym(RTLD_DEFAULT, "PK11_Decrypt");

36 +» PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);

37 +» return PR_FAILURE;

38 + }

39 + pk11_encrypt = (PK11CryptFcn)dlsym(handle, "PK11_Encrypt");

40 + pk11_decrypt = (PK11CryptFcn)dlsym(handle, "PK11_Decrypt");

41 + dlclose(handle);

42 + return PR_SUCCESS;	44 + return PR_SUCCESS;

43 +#else	45 +#else

44 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and	46 + /* On other platforms we use our own copy of NSS. PK11_Encrypt and

45 + * PK11_Decrypt are known to be available. */	47 + * PK11_Decrypt are known to be available. */

46 + pk11_encrypt = PK11_Encrypt;	48 + pk11_encrypt = PK11_Encrypt;

47 + pk11_decrypt = PK11_Decrypt;	49 + pk11_decrypt = PK11_Decrypt;

48 + return PR_SUCCESS;	50 + return PR_SUCCESS;

49 +#endif	51 +#endif

50 +}	52 +}

51 +	53 +

(...skipping 22 matching lines...) Expand all Loading...
74 + PR_FALSE);	76 + PR_FALSE);

75 + PORT_Assert(rv == SECSuccess); /* else is coding error */	77 + PORT_Assert(rv == SECSuccess); /* else is coding error */

76 + }	78 + }

77 + }	79 + }

78 + return SECSuccess;	80 + return SECSuccess;

79 +}	81 +}

80 +	82 +

81 static SECStatus	83 static SECStatus

82 ssl3_AESGCM(ssl3KeyMaterial *keys,	84 ssl3_AESGCM(ssl3KeyMaterial *keys,

83 PRBool doDecrypt,	85 PRBool doDecrypt,

84 @@ -1893,10 +1959,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,	86 @@ -1893,10 +1959,10 @@ ssl3_AESGCM(ssl3KeyMaterial *keys,
	Ryan Sleevi 2015/03/02 21:15:15 +1959,10 -> +1960,10 +1959,10 -> +1960,10 ppi 2015/03/03 10:17:02 Done. Show quoted text On 2015/03/02 21:15:15, Ryan Sleevi wrote: > +1959,10 -> +1960,10 Done.
85 gcmParams.ulTagBits = tagSize * 8;	87 gcmParams.ulTagBits = tagSize * 8;

86	88

87 if (doDecrypt) {	89 if (doDecrypt) {

88 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,	90 - rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,

89 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,	91 + rv = pk11_decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,

90 maxout, in, inlen);	92 maxout, in, inlen);

91 } else {	93 } else {

92 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,	94 - rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,

93 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,	95 + rv = pk11_encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,

94 maxout, in, inlen);	96 maxout, in, inlen);

95 }	97 }

96 *outlen += (int) uOutLen;	98 *outlen += (int) uOutLen;

97 @@ -5103,6 +5169,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo	99 @@ -5103,6 +5169,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
	Ryan Sleevi 2015/03/02 21:15:15 +5169,10 -> +5170,10 +5169,10 -> +5170,10 ppi 2015/03/03 10:17:02 Done. Show quoted text On 2015/03/02 21:15:15, Ryan Sleevi wrote: > +5169,10 -> +5170,10 Done.
98 ssl3_DisableNonDTLSSuites(ss);	100 ssl3_DisableNonDTLSSuites(ss);

99 }	101 }

100	102

101 + if (!ssl3_HasGCMSupport()) {	103 + if (!ssl3_HasGCMSupport()) {

102 + ssl3_DisableGCMSuites(ss);	104 + ssl3_DisableGCMSuites(ss);

103 + }	105 + }

104 +	106 +

105 /* how many suites are permitted by policy and user preference? */	107 /* how many suites are permitted by policy and user preference? */

106 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);	108 num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE);

107 if (!num_suites) {	109 if (!num_suites) {

108 @@ -8080,6 +8150,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS	110 @@ -8080,6 +8150,10 @@ ssl3_HandleClientHello(sslSocket *ss, SS
	Ryan Sleevi 2015/03/02 21:15:15 +8150,10 -> +8151,10 +8150,10 -> +8151,10 ppi 2015/03/03 10:17:02 Done. Show quoted text On 2015/03/02 21:15:15, Ryan Sleevi wrote: > +8150,10 -> +8151,10 Done.
109 ssl3_DisableNonDTLSSuites(ss);	111 ssl3_DisableNonDTLSSuites(ss);

110 }	112 }

111	113

112 + if (!ssl3_HasGCMSupport()) {	114 + if (!ssl3_HasGCMSupport()) {

113 + ssl3_DisableGCMSuites(ss);	115 + ssl3_DisableGCMSuites(ss);

114 + }	116 + }

115 +	117 +

116 #ifdef PARANOID	118 #ifdef PARANOID

117 /* Look for a matching cipher suite. */	119 /* Look for a matching cipher suite. */

118 j = ssl3_config_match_init(ss);	120 j = ssl3_config_match_init(ss);

OLD	NEW

« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »