summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-12 20:16:18 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-12 20:16:18 +0000
commit20dd903083c08a71a25bd38bbe33c3c2acfd03b1 (patch)
tree1ebd6d754a96a3381c54de35e2e814c82bcf8b27 /net/third_party
parent1673cafa26a222117bbd137f1ca61628e7f7bbaa (diff)
downloadchromium_src-20dd903083c08a71a25bd38bbe33c3c2acfd03b1.zip
chromium_src-20dd903083c08a71a25bd38bbe33c3c2acfd03b1.tar.gz
chromium_src-20dd903083c08a71a25bd38bbe33c3c2acfd03b1.tar.bz2
net: don't add padding extension for SSLv3.
This is a no-op change because our SSLv3 handshakes aren't long enough to trigger the padding extension. But, if they were, the padding extension would break them. BUG=315828 Review URL: https://codereview.chromium.org/66553007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@234619 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/nss/patches/paddingextension.patch14
-rw-r--r--net/third_party/nss/ssl/ssl3con.c2
-rw-r--r--net/third_party/nss/ssl/ssl3ext.c4
-rw-r--r--net/third_party/nss/ssl/sslimpl.h2
4 files changed, 11 insertions, 11 deletions
diff --git a/net/third_party/nss/patches/paddingextension.patch b/net/third_party/nss/patches/paddingextension.patch
index 8ea388c..bbf57d7 100644
--- a/net/third_party/nss/patches/paddingextension.patch
+++ b/net/third_party/nss/patches/paddingextension.patch
@@ -1,5 +1,5 @@
diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
-index 8b8b758..567d481 100644
+index 8b8b758..882e356 100644
--- a/nss/lib/ssl/ssl3con.c
+++ b/nss/lib/ssl/ssl3con.c
@@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
@@ -20,7 +20,7 @@ index 8b8b758..567d481 100644
+ * in F5 devices.
+ *
+ * This is not done for DTLS nor for renegotiation. */
-+ if (!IS_DTLS(ss) && !ss->firstHsDone) {
++ if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
+ paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
+ total_exten_len += paddingExtensionLen;
+ length += paddingExtensionLen;
@@ -46,7 +46,7 @@ index 8b8b758..567d481 100644
}
if (ss->ssl3.hs.sendingSCSV) {
diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
-index 0415770..8be042e 100644
+index 0415770..cdebcc9 100644
--- a/nss/lib/ssl/ssl3ext.c
+++ b/nss/lib/ssl/ssl3ext.c
@@ -2297,3 +2297,56 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
@@ -78,7 +78,7 @@ index 0415770..8be042e 100644
+/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
+ * that we don't trigger bugs in F5 products. */
-+unsigned int
++PRInt32
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+ PRUint32 maxBytes)
+{
@@ -93,7 +93,7 @@ index 0415770..8be042e 100644
+ extensionLen > maxBytes ||
+ paddingLen > sizeof(padding)) {
+ PORT_Assert(0);
-+ return 0;
++ return -1;
+ }
+
+ if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
@@ -107,7 +107,7 @@ index 0415770..8be042e 100644
+ return extensionLen;
+}
diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
-index 614eed1..621f25e 100644
+index 614eed1..9c789bf 100644
--- a/nss/lib/ssl/sslimpl.h
+++ b/nss/lib/ssl/sslimpl.h
@@ -237,6 +237,13 @@ extern PRInt32
@@ -117,7 +117,7 @@ index 614eed1..621f25e 100644
+extern unsigned int
+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
+
-+extern unsigned int
++extern PRInt32
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+ PRUint32 maxBytes);
+
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 567d481..882e356 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -5248,7 +5248,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
* in F5 devices.
*
* This is not done for DTLS nor for renegotiation. */
- if (!IS_DTLS(ss) && !ss->firstHsDone) {
+ if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone) {
paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
total_exten_len += paddingExtensionLen;
length += paddingExtensionLen;
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 8be042e..cdebcc9 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -2322,7 +2322,7 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
* ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
* that we don't trigger bugs in F5 products. */
-unsigned int
+PRInt32
ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
PRUint32 maxBytes)
{
@@ -2337,7 +2337,7 @@ ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
extensionLen > maxBytes ||
paddingLen > sizeof(padding)) {
PORT_Assert(0);
- return 0;
+ return -1;
}
if (SECSuccess != ssl3_AppendHandshakeNumber(ss, ssl_padding_xtn, 2))
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index 621f25e..9c789bf 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -240,7 +240,7 @@ ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
extern unsigned int
ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
-extern unsigned int
+extern PRInt32
ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
PRUint32 maxBytes);
generated by cgit v1.1 at 2025-01-27 12:21:39 +0000