diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-18 21:52:15 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-18 21:52:15 +0000 |
| commit | c60940cd7be65eda1a733a375dee18350651b226 (patch) | |
| tree | c3943a7703dc4d732dfdc0581c80ab5c52134b91 /net/third_party | |
| parent | 2ab9d4d9df442ff2cf4d622d6d37298284c06365 (diff) | |
| download | chromium_src-c60940cd7be65eda1a733a375dee18350651b226.zip chromium_src-c60940cd7be65eda1a733a375dee18350651b226.tar.gz chromium_src-c60940cd7be65eda1a733a375dee18350651b226.tar.bz2 | |
Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and
weakserverkey.patch have been upstreamed. SSL_ERROR_WEAK_SERVER_KEY
has been renamed SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY. Pick up
fixes for two bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=586697
- https://bugzilla.mozilla.org/show_bug.cgi?id=588698
R=agl
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/6487026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75446 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
| -rw-r--r-- | net/third_party/nss/README.chromium | 13 | ||||
| -rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 5 | ||||
| -rw-r--r-- | net/third_party/nss/patches/falsestart.patch | 357 | ||||
| -rw-r--r-- | net/third_party/nss/patches/falsestart2.patch | 146 | ||||
| -rw-r--r-- | net/third_party/nss/patches/ocspstapling.patch | 2 | ||||
| -rw-r--r-- | net/third_party/nss/patches/weakserverkey.patch | 52 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl.h | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 10 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3gthr.c | 4 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslauth.c | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslerr.h | 4 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslimpl.h | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslinfo.c | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslreveal.c | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslsecur.c | 9 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/sslsock.c | 2 |
16 files changed, 21 insertions, 593 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index 22df661..f956ffd 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -4,7 +4,7 @@ URL: http://www.mozilla.org/projects/security/pki/nss/ This directory includes a copy of NSS's libssl from the CVS repo at: :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot -The snapshot was updated to the CVS tag: NSS_3_12_7_RTM +The snapshot was updated to the CVS tag: NSS_3_12_9_RTM Patches: @@ -12,11 +12,6 @@ Patches: patches/nextproto.patch http://codereview.chromium.org/415005 - * False start support - patches/falsestart.patch - patches/falsestart2.patch - https://bugzilla.mozilla.org/show_bug.cgi?id=525092 - * Commenting out a couple of functions because they need NSS symbols which may not exist in the system NSS library. patches/versionskew.patch @@ -32,12 +27,6 @@ Patches: patches/cachecerts.patch https://bugzilla.mozilla.org/show_bug.cgi?id=606049 - * Add the SSL_ERROR_WEAK_SERVER_KEY error code for a weak server key in - the Server Key Exchange handshake message. - patches/weakserverkey.patch - http://crbug.com/51694 - https://bugzilla.mozilla.org/show_bug.cgi?id=587234 - * Add Snap Start support patches/snapstart.patch patches/snapstart2.patch diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index 7bba438..0a858f8 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -7,17 +7,12 @@ patches_dir=/Users/wtc/chrome1/src/net/third_party/nss/patches patch -p5 < $patches_dir/nextproto.patch -patch -p4 < $patches_dir/falsestart.patch -patch -p4 < $patches_dir/falsestart2.patch - patch -p5 < $patches_dir/versionskew.patch patch -p4 < $patches_dir/renegoscsv.patch patch -p4 < $patches_dir/cachecerts.patch -patch -p4 < $patches_dir/weakserverkey.patch - patch -p5 < $patches_dir/snapstart.patch patch -p3 < $patches_dir/snapstart2.patch diff --git a/net/third_party/nss/patches/falsestart.patch b/net/third_party/nss/patches/falsestart.patch deleted file mode 100644 index a1975c6..0000000 --- a/net/third_party/nss/patches/falsestart.patch +++ /dev/null @@ -1,357 +0,0 @@ -Index: mozilla/security/nss/cmd/strsclnt/strsclnt.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v -retrieving revision 1.67 -diff -u -p -r1.67 strsclnt.c ---- mozilla/security/nss/cmd/strsclnt/strsclnt.c 3 Apr 2010 18:27:28 -0000 1.67 -+++ mozilla/security/nss/cmd/strsclnt/strsclnt.c 29 Jul 2010 01:49:04 -0000 -@@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE - static PRBool ignoreErrors = PR_FALSE; - static PRBool enableSessionTickets = PR_FALSE; - static PRBool enableCompression = PR_FALSE; -+static PRBool enableFalseStart = PR_FALSE; - - PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; - -@@ -197,7 +198,8 @@ Usage(const char *progName) - " -U means enable throttling up threads\n" - " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" - " -u enable TLS Session Ticket extension\n" -- " -z enable compression\n", -+ " -z enable compression\n" -+ " -g enable false start\n", - progName); - exit(1); - } -@@ -1244,6 +1246,12 @@ client_main( - errExit("SSL_OptionSet SSL_ENABLE_DEFLATE"); - } - -+ if (enableFalseStart) { -+ rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE); -+ if (rv != SECSuccess) -+ errExit("SSL_OptionSet SSL_ENABLE_FALSE_START"); -+ } -+ - SSL_SetURL(model_sock, hostName); - - SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate, -@@ -1354,7 +1362,7 @@ main(int argc, char **argv) - - - optstate = PL_CreateOptState(argc, argv, -- "23BC:DNP:TUW:a:c:d:f:in:op:qst:uvw:z"); -+ "23BC:DNP:TUW:a:c:d:f:gin:op:qst:uvw:z"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - -@@ -1384,6 +1392,8 @@ main(int argc, char **argv) - - case 'f': fileName = optstate->value; break; - -+ case 'g': enableFalseStart = PR_TRUE; break; -+ - case 'i': ignoreErrors = PR_TRUE; break; - - case 'n': nickName = PL_strdup(optstate->value); break; -Index: mozilla/security/nss/cmd/tstclnt/tstclnt.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v -retrieving revision 1.62 -diff -u -p -r1.62 tstclnt.c ---- mozilla/security/nss/cmd/tstclnt/tstclnt.c 10 Feb 2010 18:07:21 -0000 1.62 -+++ mozilla/security/nss/cmd/tstclnt/tstclnt.c 29 Jul 2010 01:49:04 -0000 -@@ -225,6 +225,7 @@ static void Usage(const char *progName) - fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N"); - fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); - fprintf(stderr, "%-20s Enable compression.\n", "-z"); -+ fprintf(stderr, "%-20s Enable false start.\n", "-g"); - fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", - "-c ciphers"); - fprintf(stderr, -@@ -521,6 +522,7 @@ int main(int argc, char **argv) - int useExportPolicy = 0; - int enableSessionTickets = 0; - int enableCompression = 0; -+ int enableFalseStart = 0; - PRSocketOptionData opt; - PRNetAddr addr; - PRPollDesc pollset[2]; -@@ -551,7 +553,7 @@ int main(int argc, char **argv) - } - - optstate = PL_CreateOptState(argc, argv, -- "23BSTW:a:c:d:fh:m:n:op:qr:suvw:xz"); -+ "23BSTW:a:c:d:fgh:m:n:op:qr:suvw:xz"); - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': -@@ -578,6 +580,8 @@ int main(int argc, char **argv) - - case 'c': cipherString = PORT_Strdup(optstate->value); break; - -+ case 'g': enableFalseStart = 1; break; -+ - case 'd': certDir = PORT_Strdup(optstate->value); break; - - case 'f': clientSpeaksFirst = PR_TRUE; break; -@@ -863,7 +867,14 @@ int main(int argc, char **argv) - SECU_PrintError(progName, "error enabling compression"); - return 1; - } -- -+ -+ /* enable false start. */ -+ rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); -+ if (rv != SECSuccess) { -+ SECU_PrintError(progName, "error enabling false start"); -+ return 1; -+ } -+ - SSL_SetPKCS11PinArg(s, &pwdata); - - SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); -Index: mozilla/security/nss/lib/ssl/ssl.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v -retrieving revision 1.38 -diff -u -p -r1.38 ssl.h ---- mozilla/security/nss/lib/ssl/ssl.h 17 Feb 2010 02:29:07 -0000 1.38 -+++ mozilla/security/nss/lib/ssl/ssl.h 29 Jul 2010 01:49:04 -0000 -@@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi - /* Renegotiation Info (RI) */ - /* extension in ALL handshakes. */ - /* default: off */ -+#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ -+ /* default, applies only to */ -+ /* clients). False start is a */ -+/* mode where an SSL client will start sending application data before */ -+/* verifying the server's Finished message. This means that we could end up */ -+/* sending data to an imposter. However, the data will be encrypted and */ -+/* only the true server can derive the session key. Thus, so long as the */ -+/* cipher isn't broken this is safe. Because of this, False Start will only */ -+/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ -+/* bits. The advantage of False Start is that it saves a round trip for */ -+/* client-speaks-first protocols when performing a full handshake. */ - - #ifdef SSL_DEPRECATED_FUNCTION - /* Old deprecated function names */ -Index: mozilla/security/nss/lib/ssl/ssl3con.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v -retrieving revision 1.142 -diff -u -p -r1.142 ssl3con.c ---- mozilla/security/nss/lib/ssl/ssl3con.c 24 Jun 2010 19:53:20 -0000 1.142 -+++ mozilla/security/nss/lib/ssl/ssl3con.c 29 Jul 2010 01:49:04 -0000 -@@ -5665,7 +5665,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc - return rv; - } - -- -+PRBool -+ssl3_CanFalseStart(sslSocket *ss) { -+ return ss->opt.enableFalseStart && -+ !ss->sec.isServer && -+ !ss->ssl3.hs.isResuming && -+ ss->ssl3.cwSpec && -+ ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && -+ (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || -+ ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || -+ ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); -+} - - /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete - * ssl3 Server Hello Done message. -@@ -5737,6 +5747,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss - ss->ssl3.hs.ws = wait_new_session_ticket; - else - ss->ssl3.hs.ws = wait_change_cipher; -+ -+ /* Do the handshake callback for sslv3 here, if we can false start. */ -+ if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { -+ (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); -+ } -+ - return SECSuccess; - - loser: -@@ -8476,8 +8492,8 @@ xmit_loser: - } - ss->ssl3.hs.ws = idle_handshake; - -- /* Do the handshake callback for sslv3 here. */ -- if (ss->handshakeCallback != NULL) { -+ /* Do the handshake callback for sslv3 here, if we cannot false start. */ -+ if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { - (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); - } - -Index: mozilla/security/nss/lib/ssl/ssl3gthr.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3gthr.c,v -retrieving revision 1.9 -diff -u -p -r1.9 ssl3gthr.c ---- mozilla/security/nss/lib/ssl/ssl3gthr.c 20 Nov 2008 07:37:25 -0000 1.9 -+++ mozilla/security/nss/lib/ssl/ssl3gthr.c 29 Jul 2010 01:49:04 -0000 -@@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket * - { - SSL3Ciphertext cText; - int rv; -+ PRBool canFalseStart = PR_FALSE; - - PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); - do { -@@ -207,7 +208,20 @@ ssl3_GatherCompleteHandshake(sslSocket * - if (rv < 0) { - return ss->recvdCloseNotify ? 0 : rv; - } -- } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); -+ -+ /* If we kicked off a false start in ssl3_HandleServerHelloDone, break -+ * out of this loop early without finishing the handshake. -+ */ -+ if (ss->opt.enableFalseStart) { -+ ssl_GetSSL3HandshakeLock(ss); -+ canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || -+ ss->ssl3.hs.ws == wait_new_session_ticket) && -+ ssl3_CanFalseStart(ss); -+ ssl_ReleaseSSL3HandshakeLock(ss); -+ } -+ } while (ss->ssl3.hs.ws != idle_handshake && -+ !canFalseStart && -+ ss->gs.buf.len == 0); - - ss->gs.readOffset = 0; - ss->gs.writeOffset = ss->gs.buf.len; -Index: mozilla/security/nss/lib/ssl/sslimpl.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v -retrieving revision 1.77 -diff -u -p -r1.77 sslimpl.h ---- mozilla/security/nss/lib/ssl/sslimpl.h 10 Feb 2010 00:33:50 -0000 1.77 -+++ mozilla/security/nss/lib/ssl/sslimpl.h 29 Jul 2010 01:49:04 -0000 -@@ -333,6 +333,7 @@ typedef struct sslOptionsStr { - unsigned int enableDeflate : 1; /* 19 */ - unsigned int enableRenegotiation : 2; /* 20-21 */ - unsigned int requireSafeNegotiation : 1; /* 22 */ -+ unsigned int enableFalseStart : 1; /* 23 */ - } sslOptions; - - typedef enum { sslHandshakingUndetermined = 0, -@@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslS - - extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); - -+extern PRBool ssl3_CanFalseStart(sslSocket *ss); -+ - #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) - #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock) - #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) -Index: mozilla/security/nss/lib/ssl/sslsecur.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v -retrieving revision 1.43 -diff -u -p -r1.43 sslsecur.c ---- mozilla/security/nss/lib/ssl/sslsecur.c 14 Jan 2010 22:15:25 -0000 1.43 -+++ mozilla/security/nss/lib/ssl/sslsecur.c 29 Jul 2010 01:49:04 -0000 -@@ -1199,8 +1199,17 @@ ssl_SecureSend(sslSocket *ss, const unsi - ss->writerThread = PR_GetCurrentThread(); - /* If any of these is non-zero, the initial handshake is not done. */ - if (!ss->firstHsDone) { -+ PRBool canFalseStart = PR_FALSE; - ssl_Get1stHandshakeLock(ss); -- if (ss->handshake || ss->nextHandshake || ss->securityHandshake) { -+ if (ss->version >= SSL_LIBRARY_VERSION_3_0 && -+ (ss->ssl3.hs.ws == wait_change_cipher || -+ ss->ssl3.hs.ws == wait_finished || -+ ss->ssl3.hs.ws == wait_new_session_ticket) && -+ ssl3_CanFalseStart(ss)) { -+ canFalseStart = PR_TRUE; -+ } -+ if (!canFalseStart && -+ (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { - rv = ssl_Do1stHandshake(ss); - } - ssl_Release1stHandshakeLock(ss); -Index: mozilla/security/nss/lib/ssl/sslsock.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v -retrieving revision 1.67 -diff -u -p -r1.67 sslsock.c ---- mozilla/security/nss/lib/ssl/sslsock.c 25 Apr 2010 23:37:38 -0000 1.67 -+++ mozilla/security/nss/lib/ssl/sslsock.c 29 Jul 2010 01:49:04 -0000 -@@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { - PR_FALSE, /* enableDeflate */ - 2, /* enableRenegotiation (default: requires extension) */ - PR_FALSE, /* requireSafeNegotiation */ -+ PR_FALSE, /* enableFalseStart */ - }; - - sslSessionIDLookupFunc ssl_sid_lookup; -@@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh - ss->opt.requireSafeNegotiation = on; - break; - -+ case SSL_ENABLE_FALSE_START: -+ ss->opt.enableFalseStart = on; -+ break; -+ - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - rv = SECFailure; -@@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh - on = ss->opt.enableRenegotiation; break; - case SSL_REQUIRE_SAFE_NEGOTIATION: - on = ss->opt.requireSafeNegotiation; break; -+ case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; - - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo - case SSL_REQUIRE_SAFE_NEGOTIATION: - on = ssl_defaults.requireSafeNegotiation; - break; -+ case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; - - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo - ssl_defaults.requireSafeNegotiation = on; - break; - -+ case SSL_ENABLE_FALSE_START: -+ ssl_defaults.enableFalseStart = on; -+ break; -+ - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -Index: mozilla/security/nss/tests/ssl/sslstress.txt -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/tests/ssl/sslstress.txt,v -retrieving revision 1.18 -diff -u -p -r1.18 sslstress.txt ---- mozilla/security/nss/tests/ssl/sslstress.txt 3 Feb 2010 02:25:36 -0000 1.18 -+++ mozilla/security/nss/tests/ssl/sslstress.txt 29 Jul 2010 01:49:04 -0000 -@@ -42,9 +42,11 @@ - noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 - noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128 with MD5 - noECC 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 -+ noECC 0 _ -c_1000_-C_c_-g Stress TLS RC4 128 with MD5 (false start) - noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket) - noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128 with MD5 (compression) - noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression) -+ noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, false start) - SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI) - - # -@@ -55,7 +57,9 @@ - noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth) - noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth) - noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth) -+ noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start) - noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression, client auth) -+ noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, client auth, false start) - SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, default virt host) - SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, change virt host) - diff --git a/net/third_party/nss/patches/falsestart2.patch b/net/third_party/nss/patches/falsestart2.patch deleted file mode 100644 index 0449b68..0000000 --- a/net/third_party/nss/patches/falsestart2.patch +++ /dev/null @@ -1,146 +0,0 @@ -Index: mozilla/security/nss/lib/ssl/sslauth.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v -retrieving revision 1.16 -diff -p -u -8 -r1.16 sslauth.c ---- mozilla/security/nss/lib/ssl/sslauth.c 20 Apr 2006 00:20:45 -0000 1.16 -+++ mozilla/security/nss/lib/ssl/sslauth.c 27 Aug 2010 02:01:44 -0000 -@@ -87,16 +87,17 @@ SSL_LocalCertificate(PRFileDesc *fd) - /* NEED LOCKS IN HERE. */ - SECStatus - SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1, - char **ip, char **sp) - { - sslSocket *ss; - const char *cipherName; - PRBool isDes = PR_FALSE; -+ PRBool enoughFirstHsDone = PR_FALSE; - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus", - SSL_GETPID(), fd)); - return SECFailure; - } - -@@ -104,18 +105,24 @@ SSL_SecurityStatus(PRFileDesc *fd, int * - if (kp0) *kp0 = 0; - if (kp1) *kp1 = 0; - if (ip) *ip = 0; - if (sp) *sp = 0; - if (op) { - *op = SSL_SECURITY_STATUS_OFF; - } - -- if (ss->opt.useSecurity && ss->firstHsDone) { -+ if (ss->firstHsDone) { -+ enoughFirstHsDone = PR_TRUE; -+ } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && -+ ssl3_CanFalseStart(ss)) { -+ enoughFirstHsDone = PR_TRUE; -+ } - -+ if (ss->opt.useSecurity && enoughFirstHsDone) { - if (ss->version < SSL_LIBRARY_VERSION_3_0) { - cipherName = ssl_cipherName[ss->sec.cipherType]; - } else { - cipherName = ssl3_cipherName[ss->sec.cipherType]; - } - PORT_Assert(cipherName); - if (cipherName) { - if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE; -Index: mozilla/security/nss/lib/ssl/sslinfo.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v -retrieving revision 1.23 -diff -p -u -8 -r1.23 sslinfo.c ---- mozilla/security/nss/lib/ssl/sslinfo.c 15 Jan 2010 01:49:33 -0000 1.23 -+++ mozilla/security/nss/lib/ssl/sslinfo.c 27 Aug 2010 02:01:44 -0000 -@@ -55,33 +55,41 @@ ssl_GetCompressionMethodName(SSLCompress - } - - SECStatus - SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) - { - sslSocket * ss; - SSLChannelInfo inf; - sslSessionID * sid; -+ PRBool enoughFirstHsDone = PR_FALSE; - - if (!info || len < sizeof inf.length) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo", - SSL_GETPID(), fd)); - return SECFailure; - } - - memset(&inf, 0, sizeof inf); - inf.length = PR_MIN(sizeof inf, len); - -- if (ss->opt.useSecurity && ss->firstHsDone) { -+ if (ss->firstHsDone) { -+ enoughFirstHsDone = PR_TRUE; -+ } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 && -+ ssl3_CanFalseStart(ss)) { -+ enoughFirstHsDone = PR_TRUE; -+ } -+ -+ if (ss->opt.useSecurity && enoughFirstHsDone) { - sid = ss->sec.ci.sid; - inf.protocolVersion = ss->version; - inf.authKeyBits = ss->sec.authKeyBits; - inf.keaKeyBits = ss->sec.keaKeyBits; - if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ - inf.cipherSuite = ss->sec.cipherType | 0xff00; - inf.compressionMethod = ssl_compression_null; - inf.compressionMethodName = "N/A"; -Index: mozilla/security/nss/lib/ssl/sslreveal.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslreveal.c,v -retrieving revision 1.7 -diff -p -u -8 -r1.7 sslreveal.c ---- mozilla/security/nss/lib/ssl/sslreveal.c 4 Feb 2010 03:21:11 -0000 1.7 -+++ mozilla/security/nss/lib/ssl/sslreveal.c 27 Aug 2010 02:01:44 -0000 -@@ -106,24 +106,36 @@ SSL_RevealURL(PRFileDesc * fd) - SECStatus - SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, - SSLExtensionType extId, - PRBool *pYes) - { - /* some decisions derived from SSL_GetChannelInfo */ - sslSocket * sslsocket = NULL; - SECStatus rv = SECFailure; -+ PRBool enoughFirstHsDone = PR_FALSE; - - if (!pYes) - return rv; - - sslsocket = ssl_FindSocket(socket); -+ if (!sslsocket) { -+ SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension", -+ SSL_GETPID(), socket)); -+ return rv; -+ } -+ -+ if (sslsocket->firstHsDone) { -+ enoughFirstHsDone = PR_TRUE; -+ } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) { -+ enoughFirstHsDone = PR_TRUE; -+ } - - /* according to public API SSL_GetChannelInfo, this doesn't need a lock */ -- if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) { -+ if (sslsocket->opt.useSecurity && enoughFirstHsDone) { - if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */ - /* now we know this socket went through ssl3_InitState() and - * ss->xtnData got initialized, which is the only member accessed by - * ssl3_ExtensionNegotiated(); - * Member xtnData appears to get accessed in functions that handle - * the handshake (hello messages and extension sending), - * therefore the handshake lock should be sufficient. - */ diff --git a/net/third_party/nss/patches/ocspstapling.patch b/net/third_party/nss/patches/ocspstapling.patch index 13de561..03b8f0a 100644 --- a/net/third_party/nss/patches/ocspstapling.patch +++ b/net/third_party/nss/patches/ocspstapling.patch @@ -344,7 +344,7 @@ index bd72f97..eb56ea9 100644 +++ b/net/third_party/nss/ssl/sslerr.h @@ -203,6 +203,8 @@ SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), - SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115), + SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115), +SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 116), + diff --git a/net/third_party/nss/patches/weakserverkey.patch b/net/third_party/nss/patches/weakserverkey.patch deleted file mode 100644 index 5eb84dc..0000000 --- a/net/third_party/nss/patches/weakserverkey.patch +++ /dev/null @@ -1,52 +0,0 @@ -Index: mozilla/security/nss/lib/ssl/ssl3con.c -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v -retrieving revision 1.144 -diff -p -u -8 -r1.144 ssl3con.c ---- mozilla/security/nss/lib/ssl/ssl3con.c 12 Aug 2010 01:15:38 -0000 1.144 -+++ mozilla/security/nss/lib/ssl/ssl3con.c 13 Aug 2010 23:23:40 -0000 -@@ -5299,18 +5299,20 @@ ssl3_HandleServerKeyExchange(sslSocket * - SECItem dh_p = {siBuffer, NULL, 0}; - SECItem dh_g = {siBuffer, NULL, 0}; - SECItem dh_Ys = {siBuffer, NULL, 0}; - - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); - if (rv != SECSuccess) { - goto loser; /* malformed. */ - } -- if (dh_p.len < 512/8) -+ if (dh_p.len < 512/8) { -+ errCode = SSL_ERROR_WEAK_SERVER_KEY; - goto alert_loser; -+ } - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); - if (rv != SECSuccess) { - goto loser; /* malformed. */ - } - if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || - (dh_g.len == 1 && dh_g.data[0] == 0)) - goto alert_loser; - rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); -Index: mozilla/security/nss/lib/ssl/sslerr.h -=================================================================== -RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslerr.h,v -retrieving revision 1.11 -diff -p -u -8 -r1.11 sslerr.h ---- mozilla/security/nss/lib/ssl/sslerr.h 24 Jun 2010 09:24:18 -0000 1.11 -+++ mozilla/security/nss/lib/ssl/sslerr.h 13 Aug 2010 23:23:40 -0000 -@@ -196,13 +196,15 @@ SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICK - SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110), - - SSL_ERROR_DECOMPRESSION_FAILURE = (SSL_ERROR_BASE + 111), - SSL_ERROR_RENEGOTIATION_NOT_ALLOWED = (SSL_ERROR_BASE + 112), - SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), - - SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), - -+SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115), -+ - SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ - } SSLErrorCodes; - #endif /* NO_SECURITY_ERROR_ENUM */ - - #endif /* __SSL_ERR_H_ */ diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index 21d7c8d..f2a0c11 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl.h,v 1.38 2010/02/17 02:29:07 wtc%google.com Exp $ */ +/* $Id: ssl.h,v 1.38.2.1 2010/07/31 04:33:52 wtc%google.com Exp $ */ #ifndef __ssl_h_ #define __ssl_h_ diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 8706e68..ac23c4c 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl3con.c,v 1.142 2010/06/24 19:53:20 wtc%google.com Exp $ */ +/* $Id: ssl3con.c,v 1.142.2.4 2010/09/01 19:47:11 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" @@ -2850,7 +2850,11 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) } if (pms || !pwSpec->master_secret) { - master_params.pVersion = &pms_version; + if (isDH) { + master_params.pVersion = NULL; + } else { + master_params.pVersion = &pms_version; + } master_params.RandomInfo.pClientRandom = cr; master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; master_params.RandomInfo.pServerRandom = sr; @@ -5372,7 +5376,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto loser; /* malformed. */ } if (dh_p.len < 512/8) { - errCode = SSL_ERROR_WEAK_SERVER_KEY; + errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length); diff --git a/net/third_party/nss/ssl/ssl3gthr.c b/net/third_party/nss/ssl/ssl3gthr.c index 6712370..65d96f8 100644 --- a/net/third_party/nss/ssl/ssl3gthr.c +++ b/net/third_party/nss/ssl/ssl3gthr.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl3gthr.c,v 1.9 2008/11/20 07:37:25 nelson%bolyard.com Exp $ */ +/* $Id: ssl3gthr.c,v 1.9.20.1 2010/07/31 04:33:52 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" @@ -200,6 +200,8 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) /* decipher it, and handle it if it's a handshake. * If it's application data, ss->gs.buf will not be empty upon return. + * If it's a change cipher spec, alert, or handshake message, + * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess. */ cText.type = (SSL3ContentType)ss->gs.hdr[0]; cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c index 3f4924d..447aaf8 100644 --- a/net/third_party/nss/ssl/sslauth.c +++ b/net/third_party/nss/ssl/sslauth.c @@ -33,7 +33,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslauth.c,v 1.16 2006/04/20 00:20:45 alexei.volkov.bugs%sun.com Exp $ */ +/* $Id: sslauth.c,v 1.16.66.1 2010/08/03 18:52:13 wtc%google.com Exp $ */ #include "cert.h" #include "secitem.h" #include "ssl.h" diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h index eb56ea9..c940f95 100644 --- a/net/third_party/nss/ssl/sslerr.h +++ b/net/third_party/nss/ssl/sslerr.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslerr.h,v 1.11 2010/06/24 09:24:18 nelson%bolyard.com Exp $ */ +/* $Id: sslerr.h,v 1.11.2.2 2010/09/01 19:47:11 wtc%google.com Exp $ */ #ifndef __SSL_ERR_H_ #define __SSL_ERR_H_ @@ -201,7 +201,7 @@ SSL_ERROR_UNSAFE_NEGOTIATION = (SSL_ERROR_BASE + 113), SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114), -SSL_ERROR_WEAK_SERVER_KEY = (SSL_ERROR_BASE + 115), +SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY = (SSL_ERROR_BASE + 115), SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 116), diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h index 98847f0..95beb57 100644 --- a/net/third_party/nss/ssl/sslimpl.h +++ b/net/third_party/nss/ssl/sslimpl.h @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslimpl.h,v 1.77 2010/02/10 00:33:50 wtc%google.com Exp $ */ +/* $Id: sslimpl.h,v 1.77.2.1 2010/07/31 04:33:52 wtc%google.com Exp $ */ #ifndef __sslimpl_h_ #define __sslimpl_h_ diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c index c1c3fd7..96377b0 100644 --- a/net/third_party/nss/ssl/sslinfo.c +++ b/net/third_party/nss/ssl/sslinfo.c @@ -34,7 +34,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslinfo.c,v 1.23 2010/01/15 01:49:33 alexei.volkov.bugs%sun.com Exp $ */ +/* $Id: sslinfo.c,v 1.23.2.1 2010/09/02 01:13:46 wtc%google.com Exp $ */ #include "ssl.h" #include "sslimpl.h" #include "sslproto.h" diff --git a/net/third_party/nss/ssl/sslreveal.c b/net/third_party/nss/ssl/sslreveal.c index 8941ff2..94b2c2fd 100644 --- a/net/third_party/nss/ssl/sslreveal.c +++ b/net/third_party/nss/ssl/sslreveal.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslreveal.c,v 1.7 2010/02/04 03:21:11 wtc%google.com Exp $ */ +/* $Id: sslreveal.c,v 1.7.2.1 2010/08/03 18:52:13 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c index 49a81bc..816b8f6 100644 --- a/net/third_party/nss/ssl/sslsecur.c +++ b/net/third_party/nss/ssl/sslsecur.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsecur.c,v 1.43 2010/01/14 22:15:25 alexei.volkov.bugs%sun.com Exp $ */ +/* $Id: sslsecur.c,v 1.43.2.2 2010/08/26 18:06:55 wtc%google.com Exp $ */ #include "cert.h" #include "secitem.h" #include "keyhi.h" @@ -1363,16 +1363,9 @@ SSL_DataPending(PRFileDesc *fd) ss = ssl_FindSocket(fd); if (ss && ss->opt.useSecurity) { - - ssl_Get1stHandshakeLock(ss); - ssl_GetSSL3HandshakeLock(ss); - ssl_GetRecvBufLock(ss); rv = ss->gs.writeOffset - ss->gs.readOffset; ssl_ReleaseRecvBufLock(ss); - - ssl_ReleaseSSL3HandshakeLock(ss); - ssl_Release1stHandshakeLock(ss); } return rv; diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c index b14a935..c5b63d1 100644 --- a/net/third_party/nss/ssl/sslsock.c +++ b/net/third_party/nss/ssl/sslsock.c @@ -40,7 +40,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsock.c,v 1.67 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */ +/* $Id: sslsock.c,v 1.67.2.1 2010/07/31 04:33:52 wtc%google.com Exp $ */ #include "seccomon.h" #include "cert.h" #include "keyhi.h" |