diff options
Diffstat (limited to 'net/third_party/nss')
-rw-r--r-- | net/third_party/nss/README.chromium | 4 | ||||
-rw-r--r-- | net/third_party/nss/patches/aes256keylength.patch | 15 | ||||
-rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
-rw-r--r-- | net/third_party/nss/ssl.gyp | 1 | ||||
-rw-r--r-- | net/third_party/nss/ssl/bodge/secure_memcmp.c | 59 | ||||
-rw-r--r-- | net/third_party/nss/ssl/sslsnce.c | 5 |
6 files changed, 86 insertions, 0 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index 4c7e137..197c2d6 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -75,6 +75,10 @@ Patches: patches/cbc.patch https://code.google.com/p/chromium/issues/detail?id=172658#c12 + * Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it. + Remove this patch when all system NSS packages are NSS 3.12.10 or later. + patches/aes256keylength.patch + * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS versions older than 3.15 report an EC key size range of 112 bits to 571 bits, even when it is compiled to support only the NIST P-256, P-384, and diff --git a/net/third_party/nss/patches/aes256keylength.patch b/net/third_party/nss/patches/aes256keylength.patch new file mode 100644 index 0000000..e77e16e --- /dev/null +++ b/net/third_party/nss/patches/aes256keylength.patch @@ -0,0 +1,15 @@ +diff -pu a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c +--- a/nss/lib/ssl/sslsnce.c 2013-04-27 09:17:17.216390477 -0700 ++++ b/nss/lib/ssl/sslsnce.c 2013-04-27 09:41:36.887048239 -0700 +@@ -87,6 +87,11 @@ + #include "nspr.h" + #include "sslmutex.h" + ++/* AES_256_KEY_LENGTH was added to blapit.h in NSS 3.12.10. */ ++#ifndef AES_256_KEY_LENGTH ++#define AES_256_KEY_LENGTH 32 /* bytes */ ++#endif ++ + /* + ** Format of a cache entry in the shared memory. + */ diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index aee9fb0..e8d9f5f 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -38,6 +38,8 @@ patch -p4 < $patches_dir/secretexporterlocks.patch patch -p4 < $patches_dir/cbc.patch +patch -p4 < $patches_dir/aes256keylength.patch + patch -p4 < $patches_dir/suitebonly.patch patch -p4 < $patches_dir/secitemarray.patch diff --git a/net/third_party/nss/ssl.gyp b/net/third_party/nss/ssl.gyp index c5d7ede..31567c2 100644 --- a/net/third_party/nss/ssl.gyp +++ b/net/third_party/nss/ssl.gyp @@ -68,6 +68,7 @@ 'ssl/win32err.c', 'ssl/win32err.h', 'ssl/bodge/secitem_array.c', + 'ssl/bodge/secure_memcmp.c', ], 'sources!': [ 'ssl/os2_err.c', diff --git a/net/third_party/nss/ssl/bodge/secure_memcmp.c b/net/third_party/nss/ssl/bodge/secure_memcmp.c new file mode 100644 index 0000000..b18579c --- /dev/null +++ b/net/third_party/nss/ssl/bodge/secure_memcmp.c @@ -0,0 +1,59 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +// This file exists to provide the secure memcmp function. This was added in +// NSS 3.12.5. + +#include <stdlib.h> + +/* + * Perform a constant-time compare of two memory regions. The return value is + * 0 if the memory regions are equal and non-zero otherwise. + */ +int +NSS_SecureMemcmp(const void *ia, const void *ib, size_t n) +{ + const unsigned char *a = (const unsigned char*) ia; + const unsigned char *b = (const unsigned char*) ib; + size_t i; + unsigned char r = 0; + + for (i = 0; i < n; ++i) { + r |= *a++ ^ *b++; + } + + return r; +} diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c index eb39b5d..6b30f7d 100644 --- a/net/third_party/nss/ssl/sslsnce.c +++ b/net/third_party/nss/ssl/sslsnce.c @@ -87,6 +87,11 @@ #include "nspr.h" #include "sslmutex.h" +/* AES_256_KEY_LENGTH was added to blapit.h in NSS 3.12.10. */ +#ifndef AES_256_KEY_LENGTH +#define AES_256_KEY_LENGTH 32 /* bytes */ +#endif + /* ** Format of a cache entry in the shared memory. */ |