Replace hardcoded ssl_variant_stream with ss->protocolVariant.

R=rsleevi@chromium.org BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10836273 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151852 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-16 04:33:07 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-08-16 04:33:07 +0000
commit: 74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51 (patch)
tree: 5844c81631eba384708ce825d6a3b8153fed3a19 /net/third_party
parent: e91ce809048b33f62569a01404b833d3aa9f15d0 (diff)
download: chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.zip
chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.tar.gz
chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.tar.bz2
5 files changed, 61 insertions, 3 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 1069bdd..b01a110 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -90,11 +90,15 @@ Patches:
   * Don't crash when the SSL keylog file cannot be opened.
     patches/sslkeylogerror.patch
 
-  * Sets the record layer version number of ClientHello to at most TLS 1.0
+  * Set the record layer version number of ClientHello to at most TLS 1.0
     if we don't know what protocol version the server supports.
     https://bugzilla.mozilla.org/show_bug.cgi?id=774547
     patches/recordlayerversion.patch
 
+  * Replace hardcoded ssl_variant_stream by ss->protocolVariant.
+    https://bugzilla.mozilla.org/show_bug.cgi?id=681065
+    patches/sslprotocolvariant.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index b5736ad9..2fd594e 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -49,3 +49,5 @@ patch -p5 < $patches_dir/tlsunique.patch
 patch -p5 < $patches_dir/sslkeylogerror.patch
 
 patch -p4 < $patches_dir/recordlayerversion.patch
+
+patch -p5 < $patches_dir/sslprotocolvariant.patch
diff --git a/net/third_party/nss/patches/sslprotocolvariant.patch b/net/third_party/nss/patches/sslprotocolvariant.patch
new file mode 100644
index 0000000..181645d
--- /dev/null
+++ b/net/third_party/nss/patches/sslprotocolvariant.patch
@@ -0,0 +1,52 @@
+Index: mozilla/security/nss/lib/ssl/ssl3con.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
+retrieving revision 1.186
+diff -u -p -8 -r1.186 ssl3con.c
+--- mozilla/security/nss/lib/ssl/ssl3con.c	30 Jul 2012 00:47:36 -0000	1.186
++++ mozilla/security/nss/lib/ssl/ssl3con.c	15 Aug 2012 00:29:49 -0000
+@@ -770,17 +770,17 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL
+ 
+     if (peerVersion < ss->vrange.min ||
+ 	(peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
+ 	PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+ 	return SECFailure;
+     }
+ 
+     ss->version = PR_MIN(peerVersion, ss->vrange.max);
+-    PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version));
++    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
+ 
+     return SECSuccess;
+ }
+ 
+ static SECStatus
+ ssl3_GetNewRandom(SSL3Random *random)
+ {
+     PRUint32 gmt = ssl_Time();
+Index: mozilla/security/nss/lib/ssl/sslsock.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
+retrieving revision 1.93
+diff -u -p -8 -r1.93 sslsock.c
+--- mozilla/security/nss/lib/ssl/sslsock.c	14 Jun 2012 19:03:29 -0000	1.93
++++ mozilla/security/nss/lib/ssl/sslsock.c	15 Aug 2012 00:29:49 -0000
+@@ -1843,17 +1843,17 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
+     sslSocket *ss = ssl_FindSocket(fd);
+ 
+     if (!ss) {
+ 	SSL_DBG(("%d: SSL[%d]: bad socket in SSL3_VersionRangeSet",
+ 		SSL_GETPID(), fd));
+ 	return SECFailure;
+     }
+ 
+-    if (!ssl3_VersionRangeIsValid(ssl_variant_stream, vrange)) {
++    if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
+ 	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+ 	return SECFailure;
+     }
+ 
+     ssl_Get1stHandshakeLock(ss);
+     ssl_GetSSL3HandshakeLock(ss);
+ 
+     ss->vrange = *vrange;
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index e7741a0..34cfed9 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -786,7 +786,7 @@ ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
     }
 
     ss->version = PR_MIN(peerVersion, ss->vrange.max);
-    PORT_Assert(ssl3_VersionIsSupported(ssl_variant_stream, ss->version));
+    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
 
     return SECSuccess;
 }
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 2a93dae..69a2983 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -1921,7 +1921,7 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
 	return SECFailure;
     }
 
-    if (!ssl3_VersionRangeIsValid(ssl_variant_stream, vrange)) {
+    if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
 	PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
 	return SECFailure;
     }
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-16 04:33:07 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-08-16 04:33:07 +0000
commit	74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51 (patch)
tree	5844c81631eba384708ce825d6a3b8153fed3a19 /net/third_party
parent	e91ce809048b33f62569a01404b833d3aa9f15d0 (diff)
download	chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.zip chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.tar.gz chromium_src-74bb1ef7e044ab032eff67aefa5e23f5f5d0dc51.tar.bz2