summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
Diffstat (limited to 'net/third_party')
-rwxr-xr-xnet/third_party/nss/patches/applypatches.sh10
-rw-r--r--net/third_party/nss/patches/cachecerts.patch13
-rw-r--r--net/third_party/nss/patches/cachedinfo.patch78
-rw-r--r--net/third_party/nss/patches/cbcrandomiv.patch100
-rw-r--r--net/third_party/nss/patches/clientauth.patch131
-rw-r--r--net/third_party/nss/patches/didhandshakeresume.patch21
-rw-r--r--net/third_party/nss/patches/handshakeshortwrite.patch44
-rw-r--r--net/third_party/nss/patches/negotiatedextension.patch38
-rw-r--r--net/third_party/nss/patches/nextproto.patch19
-rw-r--r--net/third_party/nss/patches/ocspstapling.patch19
-rw-r--r--net/third_party/nss/patches/origin_bound_certs.patch57
-rw-r--r--net/third_party/nss/patches/peercertchain.patch13
-rw-r--r--net/third_party/nss/patches/renegoscsv.patch11
-rw-r--r--net/third_party/nss/patches/restartclientauth.patch68
-rw-r--r--net/third_party/nss/patches/secret_exporter.patch29
-rw-r--r--net/third_party/nss/patches/versionskew.patch12
16 files changed, 322 insertions, 341 deletions
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index ecf526f..207e396 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -21,20 +21,20 @@ patch -p6 < $patches_dir/peercertchain.patch
patch -p6 < $patches_dir/ocspstapling.patch
-patch -p4 < $patches_dir/clientauth.patch
+patch -p6 < $patches_dir/clientauth.patch
patch -p6 < $patches_dir/cachedinfo.patch
patch -p6 < $patches_dir/didhandshakeresume.patch
-patch -p5 < $patches_dir/cbcrandomiv.patch
+patch -p6 < $patches_dir/cbcrandomiv.patch
patch -p6 < $patches_dir/origin_bound_certs.patch
patch -p6 < $patches_dir/secret_exporter.patch
-patch -p5 < $patches_dir/handshakeshortwrite.patch
+patch -p6 < $patches_dir/handshakeshortwrite.patch
-patch -p5 < $patches_dir/restartclientauth.patch
+patch -p6 < $patches_dir/restartclientauth.patch
-patch -p5 < $patches_dir/negotiatedextension.patch
+patch -p6 < $patches_dir/negotiatedextension.patch
diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch
index babae67..9fe07ca 100644
--- a/net/third_party/nss/patches/cachecerts.patch
+++ b/net/third_party/nss/patches/cachecerts.patch
@@ -1,8 +1,13 @@
-commit 107c49e2efd15ef547b2055af14952610e0e7afa
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 15:52:55 2011 -0400
+From 4c2b4b3992f81f062248f03296f7eb59b5fc0868 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:20:29 -0400
+Subject: [PATCH] cachecerts.patch
- cachecerts.patch
+---
+ mozilla/security/nss/lib/ssl/ssl3con.c | 54 +++++++++++++++++++++++++++++-
+ mozilla/security/nss/lib/ssl/sslimpl.h | 3 ++
+ mozilla/security/nss/lib/ssl/sslnonce.c | 4 ++
+ 3 files changed, 59 insertions(+), 2 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
index 455a532..9830e65 100644
diff --git a/net/third_party/nss/patches/cachedinfo.patch b/net/third_party/nss/patches/cachedinfo.patch
index 14fa9ff..97ffb84 100644
--- a/net/third_party/nss/patches/cachedinfo.patch
+++ b/net/third_party/nss/patches/cachedinfo.patch
@@ -1,8 +1,20 @@
-commit b84efe75d31ad7e16bf8e97845d264a0f5994a3f
-Author: Adam Langley <agl@chromium.org>
-Date: Fri Jun 24 13:10:38 2011 -0400
+From 1c425d479c495d266c23876887198a54e82e7078 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:22:24 -0400
+Subject: [PATCH] cachedinfo.patch
- cachedinfo.patch
+---
+ mozilla/security/nss/lib/ssl/fnv1a64.c | 72 +++++++++
+ mozilla/security/nss/lib/ssl/manifest.mn | 1 +
+ mozilla/security/nss/lib/ssl/ssl.h | 26 +++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 221 +++++++++++++++++++------
+ mozilla/security/nss/lib/ssl/ssl3ext.c | 258 ++++++++++++++++++++++++++++++
+ mozilla/security/nss/lib/ssl/sslauth.c | 40 +++++
+ mozilla/security/nss/lib/ssl/sslimpl.h | 33 ++++-
+ mozilla/security/nss/lib/ssl/sslsock.c | 11 ++
+ mozilla/security/nss/lib/ssl/sslt.h | 3 +-
+ 9 files changed, 611 insertions(+), 54 deletions(-)
+ create mode 100644 mozilla/security/nss/lib/ssl/fnv1a64.c
diff --git a/mozilla/security/nss/lib/ssl/fnv1a64.c b/mozilla/security/nss/lib/ssl/fnv1a64.c
new file mode 100644
@@ -95,7 +107,7 @@ index 8451229..f09d770 100644
ssl3con.c \
ssl3gthr.c \
diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 563cfd5..e7d6c54 100644
+index 221fe2d..3a22b45 100644
--- a/mozilla/security/nss/lib/ssl/ssl.h
+++ b/mozilla/security/nss/lib/ssl/ssl.h
@@ -140,6 +140,8 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
@@ -134,7 +146,7 @@ index 563cfd5..e7d6c54 100644
/* SSL_GetStapledOCSPResponse returns the OCSP response that was provided by
* the TLS server. The resulting data is copied to |out_data|. On entry, |*len|
* must contain the size of |out_data|. On exit, |*len| will contain the size
-@@ -438,6 +453,17 @@ SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
+@@ -405,6 +420,17 @@ SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
void *arg);
/*
@@ -153,10 +165,10 @@ index 563cfd5..e7d6c54 100644
** certificate for the server and the servers private key. The arguments
** are copied.
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 0997e18..068f021 100644
+index ca2793f..dd99962 100644
--- a/mozilla/security/nss/lib/ssl/ssl3con.c
+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -5170,7 +5170,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -5145,7 +5145,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ssl3_CopyPeerCertsFromSID(ss, sid);
}
@@ -164,7 +176,7 @@ index 0997e18..068f021 100644
/* NULL value for PMS signifies re-use of the old MS */
rv = ssl3_InitPendingCipherSpec(ss, NULL);
if (rv != SECSuccess) {
-@@ -7804,6 +7803,69 @@ ssl3_SendCertificate(sslSocket *ss)
+@@ -7715,6 +7714,69 @@ ssl3_SendCertificate(sslSocket *ss)
}
}
@@ -234,7 +246,7 @@ index 0997e18..068f021 100644
rv = ssl3_AppendHandshakeHeader(ss, certificate, len + 3);
if (rv != SECSuccess) {
return rv; /* err set by AppendHandshake. */
-@@ -7958,7 +8020,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7869,7 +7931,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PRInt32 size;
SECStatus rv;
PRBool isServer = (PRBool)(!!ss->sec.isServer);
@@ -242,7 +254,7 @@ index 0997e18..068f021 100644
PRBool isTLS;
SSL3AlertDescription desc = bad_certificate;
int errCode = SSL_ERROR_RX_MALFORMED_CERTIFICATE;
-@@ -8018,35 +8079,46 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7929,35 +7990,46 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto loser; /* don't send alerts on memory errors */
}
@@ -313,7 +325,7 @@ index 0997e18..068f021 100644
remaining -= 3;
if (remaining < 0)
goto decode_loser;
-@@ -8060,35 +8132,63 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -7971,35 +8043,63 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
certItem.data = b;
certItem.len = size;
@@ -397,7 +409,7 @@ index 0997e18..068f021 100644
SECKEY_UpdateCertPQG(ss->sec.peerCert);
-@@ -8108,8 +8208,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -8019,8 +8119,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
/* someone will handle this connection asynchronously*/
SSL_DBG(("%d: SSL3[%d]: go to async cert handler",
SSL_GETPID(), ss->fd));
@@ -406,7 +418,7 @@ index 0997e18..068f021 100644
ssl_SetAlwaysBlock(ss);
goto cert_block;
}
-@@ -8134,7 +8232,7 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -8045,7 +8143,7 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -415,7 +427,7 @@ index 0997e18..068f021 100644
if (!ss->sec.isServer) {
/* set the server authentication and key exchange types and sizes
-@@ -8179,8 +8277,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+@@ -8090,8 +8188,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
}
}
@@ -424,7 +436,7 @@ index 0997e18..068f021 100644
cert_block:
if (ss->sec.isServer) {
ss->ssl3.hs.ws = wait_client_key;
-@@ -8250,7 +8346,10 @@ alert_loser:
+@@ -8161,7 +8257,10 @@ alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
@@ -436,7 +448,7 @@ index 0997e18..068f021 100644
ssl3_CleanupPeerCerts(ss);
if (ss->sec.peerCert != NULL) {
-@@ -9736,6 +9835,21 @@ ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
+@@ -9647,6 +9746,21 @@ ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
return rv;
}
@@ -458,7 +470,7 @@ index 0997e18..068f021 100644
/* Called from ssl_DestroySocketContents() in sslsock.c */
void
ssl3_DestroySSL3Info(sslSocket *ss)
-@@ -9759,6 +9873,9 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -9666,6 +9780,9 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ss->ssl3.clientCertChain = NULL;
}
@@ -469,7 +481,7 @@ index 0997e18..068f021 100644
if (ss->opt.bypassPKCS11) {
SHA1_DestroyContext((SHA1Context *)ss->ssl3.hs.sha_cx, PR_FALSE);
diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index 94dab58..79ed9e3 100644
+index 4e3d9cc..17898fb 100644
--- a/mozilla/security/nss/lib/ssl/ssl3ext.c
+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
@@ -236,6 +236,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
@@ -759,7 +771,7 @@ index 94dab58..79ed9e3 100644
* client side. See RFC 4366 section 3.6. */
PRInt32
diff --git a/mozilla/security/nss/lib/ssl/sslauth.c b/mozilla/security/nss/lib/ssl/sslauth.c
-index 447aaf8..8da5c66 100644
+index df40f30..fcd15ca 100644
--- a/mozilla/security/nss/lib/ssl/sslauth.c
+++ b/mozilla/security/nss/lib/ssl/sslauth.c
@@ -95,6 +95,46 @@ SSL_PeerCertificateChain(PRFileDesc *fd, CERTCertificate **certs,
@@ -810,10 +822,10 @@ index 447aaf8..8da5c66 100644
CERTCertificate *
SSL_LocalCertificate(PRFileDesc *fd)
diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index 2e1364e..95a1eee 100644
+index 8e2bd14..f1e9a3e 100644
--- a/mozilla/security/nss/lib/ssl/sslimpl.h
+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -349,6 +349,7 @@ typedef struct sslOptionsStr {
+@@ -340,6 +340,7 @@ typedef struct sslOptionsStr {
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
unsigned int enableOCSPStapling : 1; /* 24 */
@@ -821,7 +833,7 @@ index 2e1364e..95a1eee 100644
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -773,6 +774,11 @@ struct TLSExtensionDataStr {
+@@ -754,6 +755,11 @@ struct TLSExtensionDataStr {
PRUint32 sniNameArrSize;
};
@@ -833,7 +845,7 @@ index 2e1364e..95a1eee 100644
/*
** This is the "hs" member of the "ssl3" struct.
** This entire struct is protected by ssl3HandshakeLock
-@@ -854,6 +860,14 @@ struct ssl3StateStr {
+@@ -832,6 +838,14 @@ struct ssl3StateStr {
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
@@ -848,7 +860,7 @@ index 2e1364e..95a1eee 100644
int policy;
/* This says what cipher suites we can do, and should
* be either SSL_ALLOWED or SSL_RESTRICTED
-@@ -861,7 +875,10 @@ struct ssl3StateStr {
+@@ -839,7 +853,10 @@ struct ssl3StateStr {
PRArenaPool * peerCertArena;
/* These are used to keep track of the peer CA */
void * peerCertChain;
@@ -860,7 +872,7 @@ index 2e1364e..95a1eee 100644
CERTDistNames * ca_list;
/* used by server. trusted CAs for this socket. */
PRBool initialized;
-@@ -1550,6 +1567,10 @@ extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
+@@ -1524,6 +1541,10 @@ extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -871,7 +883,7 @@ index 2e1364e..95a1eee 100644
extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
-@@ -1571,6 +1592,10 @@ extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
+@@ -1545,6 +1566,10 @@ extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
*/
extern PRInt32 ssl3_SendServerNameXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
@@ -882,7 +894,7 @@ index 2e1364e..95a1eee 100644
/* Assigns new cert, cert chain and keys to ss->serverCerts
* struct. If certChain is NULL, tries to find one. Aborts if
-@@ -1694,6 +1719,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void);
+@@ -1648,6 +1673,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void);
SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
@@ -896,7 +908,7 @@ index 2e1364e..95a1eee 100644
#ifdef TRACE
#define SSL_TRACE(msg) ssl_Trace msg
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index 1bb211e..f00f8f4 100644
+index 4c4df3f..3d89d86 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
@@ -186,6 +186,7 @@ static sslOptions ssl_defaults = {
@@ -907,7 +919,7 @@ index 1bb211e..f00f8f4 100644
};
sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -747,6 +748,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+@@ -743,6 +744,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.enableOCSPStapling = on;
break;
@@ -918,7 +930,7 @@ index 1bb211e..f00f8f4 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -812,6 +817,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+@@ -808,6 +813,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
@@ -926,7 +938,7 @@ index 1bb211e..f00f8f4 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -866,6 +872,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+@@ -862,6 +868,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
case SSL_ENABLE_OCSP_STAPLING:
on = ssl_defaults.enableOCSPStapling;
break;
@@ -934,7 +946,7 @@ index 1bb211e..f00f8f4 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1017,6 +1024,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
+@@ -1013,6 +1020,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.enableOCSPStapling = on;
break;
diff --git a/net/third_party/nss/patches/cbcrandomiv.patch b/net/third_party/nss/patches/cbcrandomiv.patch
index 445b2f9..806e0b2 100644
--- a/net/third_party/nss/patches/cbcrandomiv.patch
+++ b/net/third_party/nss/patches/cbcrandomiv.patch
@@ -1,16 +1,17 @@
-Index: mozilla/security/nss/lib/ssl/ssl3con.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
-retrieving revision 1.151
-diff -u -p -8 -r1.151 ssl3con.c
---- mozilla/security/nss/lib/ssl/ssl3con.c 26 Jul 2011 02:13:37 -0000 1.151
-+++ mozilla/security/nss/lib/ssl/ssl3con.c 29 Sep 2011 17:39:16 -0000
-@@ -2032,56 +2032,56 @@ ssl3_ClientAuthTokenPresent(sslSessionID
- isPresent = PR_FALSE;
- }
- if (slot) {
- PK11_FreeSlot(slot);
- }
+From 03c5c660f3668ed1e9c9b6277d64c96d2ab3d890 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:23:29 -0400
+Subject: [PATCH] cbcrandomiv.patch
+
+---
+ mozilla/security/nss/lib/ssl/ssl3con.c | 96 +++++++++++++++++++++++---------
+ 1 files changed, 69 insertions(+), 27 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
+index dd99962..2648cbe 100644
+--- a/mozilla/security/nss/lib/ssl/ssl3con.c
++++ b/mozilla/security/nss/lib/ssl/ssl3con.c
+@@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
return isPresent;
}
@@ -42,16 +43,7 @@ diff -u -p -8 -r1.151 ssl3con.c
cipher_def = cwSpec->cipher_def;
if (cwSpec->compressor) {
- int outlen;
- rv = cwSpec->compressor(
- cwSpec->compressContext, wrBuf->buf + SSL3_RECORD_HEADER_LENGTH,
- &outlen, wrBuf->space - SSL3_RECORD_HEADER_LENGTH, pIn, contentLen);
- if (rv != SECSuccess)
- return rv;
- pIn = wrBuf->buf + SSL3_RECORD_HEADER_LENGTH;
- contentLen = outlen;
- }
-
+@@ -2073,12 +2073,12 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
/*
* Add the MAC
*/
@@ -66,17 +58,7 @@ diff -u -p -8 -r1.151 ssl3con.c
}
p1Len = contentLen;
p2Len = macLen;
- fragLen = contentLen + macLen; /* needs to be encrypted */
- PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024);
-
- /*
- * Pad the text (if we're doing a block cipher)
-@@ -2124,52 +2124,46 @@ ssl3_CompressMACEncryptRecord(sslSocket
- rv = cwSpec->encode( cwSpec->encodeContext,
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH, /* output */
- &cipherBytes, /* actual outlen */
- p1Len, /* max outlen */
- pIn, p1Len); /* input, and inputlen */
+@@ -2131,7 +2131,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
PORT_Assert(rv == SECSuccess && cipherBytes == p1Len);
if (rv != SECSuccess || cipherBytes != p1Len) {
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
@@ -85,13 +67,7 @@ diff -u -p -8 -r1.151 ssl3con.c
}
}
if (p2Len > 0) {
- PRInt32 cipherBytesPart2 = -1;
- rv = cwSpec->encode( cwSpec->encodeContext,
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len,
- &cipherBytesPart2, /* output and actual outLen */
- p2Len, /* max outlen */
- wrBuf->buf + SSL3_RECORD_HEADER_LENGTH + p1Len,
- p2Len); /* input and inputLen*/
+@@ -2145,7 +2145,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
PORT_Assert(rv == SECSuccess && cipherBytesPart2 == p2Len);
if (rv != SECSuccess || cipherBytesPart2 != p2Len) {
PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
@@ -100,14 +76,7 @@ diff -u -p -8 -r1.151 ssl3con.c
}
cipherBytes += cipherBytesPart2;
}
- PORT_Assert(cipherBytes <= MAX_FRAGMENT_LENGTH + 1024);
-
- ssl3_BumpSequenceNumber(&cwSpec->write_seq_num);
-
- wrBuf->len = cipherBytes + SSL3_RECORD_HEADER_LENGTH;
- wrBuf->buf[0] = type;
- wrBuf->buf[1] = MSB(cwSpec->version);
- wrBuf->buf[2] = LSB(cwSpec->version);
+@@ -2160,13 +2160,7 @@ ssl3_CompressMACEncryptRecord(sslSocket * ss,
wrBuf->buf[3] = MSB(cipherBytes);
wrBuf->buf[4] = LSB(cipherBytes);
@@ -121,17 +90,7 @@ diff -u -p -8 -r1.151 ssl3con.c
}
/* Process the plain text before sending it.
- * Returns the number of bytes of plaintext that were successfully sent
- * plus the number of bytes of plaintext that were copied into the
- * output (write) buffer.
- * Returns SECFailure on a hard IO error, memory error, or crypto error.
- * Does NOT return SECWouldBlock.
-@@ -2220,39 +2214,87 @@ ssl3_SendRecord( sslSocket * ss
- /* check for Token Presence */
- if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
- PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
- return SECFailure;
- }
+@@ -2227,20 +2221,70 @@ ssl3_SendRecord( sslSocket * ss,
while (nIn > 0) {
PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
@@ -166,9 +125,10 @@ diff -u -p -8 -r1.151 ssl3con.c
- return SECFailure; /* sslBuffer_Grow set a memory error code. */
+ SSL_GETPID(), ss->fd, spaceNeeded));
+ goto spec_locked_loser; /* sslBuffer_Grow set a memory error code. */
-+ }
-+ }
-+
+ }
+ }
+
+- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
+ if (numRecords == 2) {
+ sslBuffer secondRecord;
+
@@ -200,17 +160,16 @@ diff -u -p -8 -r1.151 ssl3con.c
+ if (rv == SECSuccess) {
+ PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:",
+ wrBuf->buf, wrBuf->len));
- }
- }
-
-- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
++ }
++ }
++
+spec_locked_loser:
+ ssl_ReleaseSpecReadLock(ss); /************************************/
+
if (rv != SECSuccess)
return SECFailure;
- pIn += contentLen;
+@@ -2248,8 +2292,6 @@ ssl3_SendRecord( sslSocket * ss,
nIn -= contentLen;
PORT_Assert( nIn >= 0 );
@@ -219,8 +178,3 @@ diff -u -p -8 -r1.151 ssl3con.c
/* If there's still some previously saved ciphertext,
* or the caller doesn't want us to send the data yet,
* then add all our new ciphertext to the amount previously saved.
- */
- if ((ss->pendingBuf.len > 0) ||
- (flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
-
- rv = ssl_SaveWriteData(ss, wrBuf->buf, wrBuf->len);
diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch
index 97d549f..371c640 100644
--- a/net/third_party/nss/patches/clientauth.patch
+++ b/net/third_party/nss/patches/clientauth.patch
@@ -1,11 +1,24 @@
-Index: security/nss/lib/ssl/ssl.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v
-retrieving revision 1.38.2.1
-diff -u -r1.38.2.1 ssl.h
---- security/nss/lib/ssl/ssl.h 31 Jul 2010 04:33:52 -0000 1.38.2.1
-+++ security/nss/lib/ssl/ssl.h 22 Sep 2011 00:21:33 -0000
-@@ -291,6 +291,45 @@
+From 1ebf459243cea430614e1958ecab1ad10457ccc2 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:44:48 -0400
+Subject: [PATCH] clientauth.patch
+
+---
+ mozilla/security/nss/lib/ssl/ssl.h | 39 +++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 163 ++++++++++---
+ mozilla/security/nss/lib/ssl/ssl3ext.c | 2 +-
+ mozilla/security/nss/lib/ssl/sslauth.c | 22 ++
+ mozilla/security/nss/lib/ssl/sslimpl.h | 45 ++++
+ mozilla/security/nss/lib/ssl/sslplatf.c | 399 +++++++++++++++++++++++++++++++
+ mozilla/security/nss/lib/ssl/sslsock.c | 14 +
+ 7 files changed, 647 insertions(+), 37 deletions(-)
+ create mode 100644 mozilla/security/nss/lib/ssl/sslplatf.c
+
+diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
+index 7e748bd..03535f3 100644
+--- a/mozilla/security/nss/lib/ssl/ssl.h
++++ b/mozilla/security/nss/lib/ssl/ssl.h
+@@ -353,6 +353,45 @@ typedef SECStatus (PR_CALLBACK *SSLGetClientAuthData)(void *arg,
SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
SSLGetClientAuthData f, void *a);
@@ -51,14 +64,11 @@ diff -u -r1.38.2.1 ssl.h
/*
** SNI extension processing callback function.
-Index: security/nss/lib/ssl/ssl3con.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
-retrieving revision 1.142.2.4
-diff -u -r1.142.2.4 ssl3con.c
---- security/nss/lib/ssl/ssl3con.c 1 Sep 2010 19:47:11 -0000 1.142.2.4
-+++ security/nss/lib/ssl/ssl3con.c 22 Sep 2011 00:21:33 -0000
-@@ -2016,6 +2016,9 @@
+diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
+index d372ee2..ad8f4cd 100644
+--- a/mozilla/security/nss/lib/ssl/ssl3con.c
++++ b/mozilla/security/nss/lib/ssl/ssl3con.c
+@@ -2018,6 +2018,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
PRBool isPresent = PR_TRUE;
/* we only care if we are doing client auth */
@@ -68,7 +78,7 @@ diff -u -r1.142.2.4 ssl3con.c
if (!sid || !sid->u.ssl3.clAuthValid) {
return PR_TRUE;
}
-@@ -4821,27 +4824,30 @@
+@@ -4865,27 +4868,30 @@ ssl3_SendCertificateVerify(sslSocket *ss)
}
isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
@@ -119,7 +129,7 @@ diff -u -r1.142.2.4 ssl3con.c
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
ss->ssl3.clientPrivateKey = NULL;
}
-@@ -4899,6 +4905,26 @@
+@@ -4943,6 +4949,26 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto alert_loser;
}
@@ -146,7 +156,7 @@ diff -u -r1.142.2.4 ssl3con.c
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
if (temp < 0) {
goto loser; /* alert has been sent */
-@@ -5441,6 +5467,10 @@
+@@ -5485,6 +5511,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SSL3AlertDescription desc = illegal_parameter;
SECItem cert_types = {siBuffer, NULL, 0};
CERTDistNames ca_list;
@@ -157,7 +167,7 @@ diff -u -r1.142.2.4 ssl3con.c
SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
SSL_GETPID(), ss->fd));
-@@ -5454,19 +5484,10 @@
+@@ -5498,19 +5528,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto alert_loser;
}
@@ -181,7 +191,7 @@ diff -u -r1.142.2.4 ssl3con.c
isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
-@@ -5533,6 +5554,20 @@
+@@ -5577,6 +5598,20 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
desc = no_certificate;
ss->ssl3.hs.ws = wait_hello_done;
@@ -202,7 +212,7 @@ diff -u -r1.142.2.4 ssl3con.c
if (ss->getClientAuthData == NULL) {
rv = SECFailure; /* force it to send a no_certificate alert */
} else {
-@@ -5542,12 +5577,52 @@
+@@ -5586,12 +5621,52 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
&ss->ssl3.clientCertificate,
&ss->ssl3.clientPrivateKey);
}
@@ -255,7 +265,7 @@ diff -u -r1.142.2.4 ssl3con.c
/* check what the callback function returned */
if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
/* we are missing either the key or cert */
-@@ -5610,6 +5685,10 @@
+@@ -5654,6 +5729,10 @@ loser:
done:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
@@ -266,7 +276,7 @@ diff -u -r1.142.2.4 ssl3con.c
return rv;
}
-@@ -5717,9 +5796,17 @@
+@@ -5785,9 +5864,17 @@ ssl3_HandleServerHelloDone(sslSocket *ss)
if (rv != SECSuccess) {
goto loser; /* error code is set. */
}
@@ -287,7 +297,7 @@ diff -u -r1.142.2.4 ssl3con.c
send_verify = PR_TRUE;
rv = ssl3_SendCertificate(ss);
if (rv != SECSuccess) {
-@@ -9453,6 +9540,10 @@
+@@ -9856,6 +9943,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
if (ss->ssl3.clientPrivateKey != NULL)
SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
@@ -298,13 +308,10 @@ diff -u -r1.142.2.4 ssl3con.c
if (ss->ssl3.peerCertArena != NULL)
ssl3_CleanupPeerCerts(ss);
-Index: security/nss/lib/ssl/ssl3ext.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ext.c,v
-retrieving revision 1.14
-diff -u -r1.14 ssl3ext.c
---- security/nss/lib/ssl/ssl3ext.c 3 Apr 2010 19:19:07 -0000 1.14
-+++ security/nss/lib/ssl/ssl3ext.c 22 Sep 2011 00:21:33 -0000
+diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
+index 887344b..e54b4fd 100644
+--- a/mozilla/security/nss/lib/ssl/ssl3ext.c
++++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
@@ -46,8 +46,8 @@
#include "nssrenam.h"
#include "nss.h"
@@ -315,14 +322,11 @@ diff -u -r1.14 ssl3ext.c
#include "pk11pub.h"
#include "blapi.h"
#include "prinit.h"
-Index: security/nss/lib/ssl/sslauth.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v
-retrieving revision 1.16.66.1
-diff -u -r1.16.66.1 sslauth.c
---- security/nss/lib/ssl/sslauth.c 3 Aug 2010 18:52:13 -0000 1.16.66.1
-+++ security/nss/lib/ssl/sslauth.c 22 Sep 2011 00:21:33 -0000
-@@ -216,6 +216,28 @@
+diff --git a/mozilla/security/nss/lib/ssl/sslauth.c b/mozilla/security/nss/lib/ssl/sslauth.c
+index fcd15ca..8da5c66 100644
+--- a/mozilla/security/nss/lib/ssl/sslauth.c
++++ b/mozilla/security/nss/lib/ssl/sslauth.c
+@@ -292,6 +292,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
return SECSuccess;
}
@@ -351,13 +355,10 @@ diff -u -r1.16.66.1 sslauth.c
/* NEED LOCKS IN HERE. */
SECStatus
SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-Index: security/nss/lib/ssl/sslimpl.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v
-retrieving revision 1.77.2.1
-diff -u -r1.77.2.1 sslimpl.h
---- security/nss/lib/ssl/sslimpl.h 31 Jul 2010 04:33:52 -0000 1.77.2.1
-+++ security/nss/lib/ssl/sslimpl.h 22 Sep 2011 00:21:33 -0000
+diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
+index 70ff4c3..d73a0e3 100644
+--- a/mozilla/security/nss/lib/ssl/sslimpl.h
++++ b/mozilla/security/nss/lib/ssl/sslimpl.h
@@ -65,6 +65,15 @@
#include "sslt.h" /* for some formerly private types, now public */
@@ -374,7 +375,7 @@ diff -u -r1.77.2.1 sslimpl.h
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
-@@ -456,6 +465,14 @@
+@@ -464,6 +473,14 @@ typedef SECStatus (*SSLCompressor)(void * context,
int inlen);
typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
@@ -389,7 +390,7 @@ diff -u -r1.77.2.1 sslimpl.h
/*
-@@ -811,6 +828,10 @@
+@@ -836,6 +853,10 @@ struct ssl3StateStr {
CERTCertificate * clientCertificate; /* used by client */
SECKEYPrivateKey * clientPrivateKey; /* used by client */
@@ -400,7 +401,7 @@ diff -u -r1.77.2.1 sslimpl.h
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
-@@ -1051,6 +1072,10 @@
+@@ -1097,6 +1118,10 @@ const unsigned char * preferredCipher;
void *authCertificateArg;
SSLGetClientAuthData getClientAuthData;
void *getClientAuthDataArg;
@@ -411,7 +412,7 @@ diff -u -r1.77.2.1 sslimpl.h
SSLSNISocketConfig sniSocketConfig;
void *sniSocketConfigArg;
SSLBadCertHandler handleBadCert;
-@@ -1595,6 +1620,26 @@
+@@ -1663,6 +1688,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
extern SECStatus ssl_FreeSessionCacheLocks(void);
@@ -438,12 +439,11 @@ diff -u -r1.77.2.1 sslimpl.h
/********************** misc calls *********************/
-Index: security/nss/lib/ssl/sslplatf.c
-===================================================================
-RCS file: security/nss/lib/ssl/sslplatf.c
-diff -N security/nss/lib/ssl/sslplatf.c
---- /dev/null 1 Jan 1970 00:00:00 -0000
-+++ security/nss/lib/ssl/sslplatf.c 22 Sep 2011 00:21:33 -0000
+diff --git a/mozilla/security/nss/lib/ssl/sslplatf.c b/mozilla/security/nss/lib/ssl/sslplatf.c
+new file mode 100644
+index 0000000..208956f
+--- /dev/null
++++ b/mozilla/security/nss/lib/ssl/sslplatf.c
@@ -0,0 +1,399 @@
+/*
+ * Platform specific crypto wrappers
@@ -844,14 +844,11 @@ diff -N security/nss/lib/ssl/sslplatf.c
+#endif
+
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
-Index: security/nss/lib/ssl/sslsock.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
-retrieving revision 1.67.2.1
-diff -u -r1.67.2.1 sslsock.c
---- security/nss/lib/ssl/sslsock.c 31 Jul 2010 04:33:52 -0000 1.67.2.1
-+++ security/nss/lib/ssl/sslsock.c 22 Sep 2011 00:21:33 -0000
-@@ -335,6 +335,10 @@
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index 7d12bfe..68fd3cb 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -339,6 +339,10 @@ ssl_DupSocket(sslSocket *os)
ss->authCertificateArg = os->authCertificateArg;
ss->getClientAuthData = os->getClientAuthData;
ss->getClientAuthDataArg = os->getClientAuthDataArg;
@@ -862,7 +859,7 @@ diff -u -r1.67.2.1 sslsock.c
ss->sniSocketConfig = os->sniSocketConfig;
ss->sniSocketConfigArg = os->sniSocketConfigArg;
ss->handleBadCert = os->handleBadCert;
-@@ -1354,6 +1358,12 @@
+@@ -1468,6 +1472,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
ss->getClientAuthData = sm->getClientAuthData;
if (sm->getClientAuthDataArg)
ss->getClientAuthDataArg = sm->getClientAuthDataArg;
@@ -875,7 +872,7 @@ diff -u -r1.67.2.1 sslsock.c
if (sm->sniSocketConfig)
ss->sniSocketConfig = sm->sniSocketConfig;
if (sm->sniSocketConfigArg)
-@@ -2366,6 +2376,10 @@
+@@ -2525,6 +2535,10 @@ ssl_NewSocket(PRBool makeLocks)
ss->sniSocketConfig = NULL;
ss->sniSocketConfigArg = NULL;
ss->getClientAuthData = NULL;
diff --git a/net/third_party/nss/patches/didhandshakeresume.patch b/net/third_party/nss/patches/didhandshakeresume.patch
index 8c2a5a5..95890e9 100644
--- a/net/third_party/nss/patches/didhandshakeresume.patch
+++ b/net/third_party/nss/patches/didhandshakeresume.patch
@@ -1,8 +1,13 @@
-commit c1b34e0cdaed8eef92aa268a442965eb60828c7b
-Author: Adam Langley <agl@chromium.org>
-Date: Tue Jun 21 11:41:12 2011 -0400
+From 56e625df4d443b939c39fa75f907518bf66f6584 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:23:01 -0400
+Subject: [PATCH] didhandshakeresume.patch
- didhandshakeresume.patch
+---
+ mozilla/security/nss/lib/ssl/ssl.def | 1 +
+ mozilla/security/nss/lib/ssl/ssl.h | 4 ++++
+ mozilla/security/nss/lib/ssl/sslsock.c | 14 ++++++++++++++
+ 3 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
index 35cc1e3..7ef15db 100644
@@ -17,10 +22,10 @@ index 35cc1e3..7ef15db 100644
SSL_SetNextProtoNego;
;+ local:
diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index e7d6c54..5682d0a 100644
+index 3a22b45..c32438d 100644
--- a/mozilla/security/nss/lib/ssl/ssl.h
+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -730,6 +730,10 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+@@ -697,6 +697,10 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
SSLExtensionType extId,
PRBool *yes);
@@ -32,10 +37,10 @@ index e7d6c54..5682d0a 100644
#endif /* __ssl_h_ */
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index f00f8f4..340d17c 100644
+index 3d89d86..11b53da 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
-@@ -1517,6 +1517,20 @@ SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
+@@ -1507,6 +1507,20 @@ SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
return SECSuccess;
}
diff --git a/net/third_party/nss/patches/handshakeshortwrite.patch b/net/third_party/nss/patches/handshakeshortwrite.patch
index 036a045..68e4330 100644
--- a/net/third_party/nss/patches/handshakeshortwrite.patch
+++ b/net/third_party/nss/patches/handshakeshortwrite.patch
@@ -1,16 +1,17 @@
-Index: mozilla/security/nss/lib/ssl/sslsecur.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v
-retrieving revision 1.43.2.4
-diff -p -u -8 -r1.43.2.4 sslsecur.c
---- mozilla/security/nss/lib/ssl/sslsecur.c 8 Apr 2011 05:25:21 -0000 1.43.2.4
-+++ mozilla/security/nss/lib/ssl/sslsecur.c 4 Aug 2011 23:33:46 -0000
-@@ -383,16 +383,28 @@ SSL_ForceHandshake(PRFileDesc *fd)
- SSL_GETPID(), fd));
- return rv;
- }
-
- /* Don't waste my time */
+From eb24998651cb972c60453b5d5fb1e13dfd8107ce Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:26:44 -0400
+Subject: [PATCH] handshakeshortwrite.patch
+
+---
+ mozilla/security/nss/lib/ssl/sslsecur.c | 13 ++++++++++++-
+ 1 files changed, 12 insertions(+), 1 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/ssl/sslsecur.c
+index 816b8f6..dc374e0 100644
+--- a/mozilla/security/nss/lib/ssl/sslsecur.c
++++ b/mozilla/security/nss/lib/ssl/sslsecur.c
+@@ -388,6 +388,18 @@ SSL_ForceHandshake(PRFileDesc *fd)
if (!ss->opt.useSecurity)
return SECSuccess;
@@ -29,17 +30,7 @@ diff -p -u -8 -r1.43.2.4 sslsecur.c
ssl_Get1stHandshakeLock(ss);
if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
- int gatherResult;
-
- ssl_GetRecvBufLock(ss);
- gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
- ssl_ReleaseRecvBufLock(ss);
-@@ -1132,17 +1144,16 @@ ssl_SecureRecv(sslSocket *ss, unsigned c
- if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
- ssl_GetXmitBufLock(ss);
- if (ss->pendingBuf.len != 0) {
- rv = ssl_SendSavedWriteData(ss);
- if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
+@@ -1128,7 +1140,6 @@ ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
ssl_ReleaseXmitBufLock(ss);
return SECFailure;
}
@@ -47,8 +38,3 @@ diff -p -u -8 -r1.43.2.4 sslsecur.c
}
ssl_ReleaseXmitBufLock(ss);
}
-
- rv = 0;
- /* If any of these is non-zero, the initial handshake is not done. */
- if (!ss->firstHsDone) {
- ssl_Get1stHandshakeLock(ss);
diff --git a/net/third_party/nss/patches/negotiatedextension.patch b/net/third_party/nss/patches/negotiatedextension.patch
index cba4baa..98fbc07 100644
--- a/net/third_party/nss/patches/negotiatedextension.patch
+++ b/net/third_party/nss/patches/negotiatedextension.patch
@@ -1,16 +1,17 @@
-Index: mozilla/security/nss/lib/ssl/sslreveal.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslreveal.c,v
-retrieving revision 1.8
-diff -u -p -u -8 -r1.8 sslreveal.c
---- mozilla/security/nss/lib/ssl/sslreveal.c 3 Aug 2010 18:48:45 -0000 1.8
-+++ mozilla/security/nss/lib/ssl/sslreveal.c 25 Aug 2011 00:48:18 -0000
-@@ -106,36 +106,29 @@ SSL_RevealURL(PRFileDesc * fd)
- SECStatus
- SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
- SSLExtensionType extId,
- PRBool *pYes)
- {
+From 577e6655d4edc789eb4c572b303daf888676a454 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:27:21 -0400
+Subject: [PATCH] negotiatedextension.patch
+
+---
+ mozilla/security/nss/lib/ssl/sslreveal.c | 9 +--------
+ 1 files changed, 1 insertions(+), 8 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ssl/sslreveal.c b/mozilla/security/nss/lib/ssl/sslreveal.c
+index 94b2c2f..0b9bb82 100644
+--- a/mozilla/security/nss/lib/ssl/sslreveal.c
++++ b/mozilla/security/nss/lib/ssl/sslreveal.c
+@@ -111,7 +111,6 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
/* some decisions derived from SSL_GetChannelInfo */
sslSocket * sslsocket = NULL;
SECStatus rv = SECFailure;
@@ -18,11 +19,7 @@ diff -u -p -u -8 -r1.8 sslreveal.c
if (!pYes)
return rv;
-
- sslsocket = ssl_FindSocket(socket);
- if (!sslsocket) {
- SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
- SSL_GETPID(), socket));
+@@ -123,14 +122,8 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
return rv;
}
@@ -38,8 +35,3 @@ diff -u -p -u -8 -r1.8 sslreveal.c
if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
/* now we know this socket went through ssl3_InitState() and
* ss->xtnData got initialized, which is the only member accessed by
- * ssl3_ExtensionNegotiated();
- * Member xtnData appears to get accessed in functions that handle
- * the handshake (hello messages and extension sending),
- * therefore the handshake lock should be sufficient.
- */
diff --git a/net/third_party/nss/patches/nextproto.patch b/net/third_party/nss/patches/nextproto.patch
index 4322fe9..a01f240 100644
--- a/net/third_party/nss/patches/nextproto.patch
+++ b/net/third_party/nss/patches/nextproto.patch
@@ -1,8 +1,19 @@
-commit de6d1a65eb146a0887a31ca92e9ca924045e9e69
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 15:49:24 2011 -0400
+From 6b594dc531e7a1d1d5bca2f0f78e7bc0ac3ff937 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:19:28 -0400
+Subject: [PATCH] nextproto.patch
- nextproto.patch
+---
+ mozilla/security/nss/cmd/tstclnt/tstclnt.c | 6 ++
+ mozilla/security/nss/lib/ssl/ssl.def | 7 ++
+ mozilla/security/nss/lib/ssl/ssl.h | 12 +++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 54 ++++++++++++
+ mozilla/security/nss/lib/ssl/ssl3ext.c | 122 +++++++++++++++++++++++++++-
+ mozilla/security/nss/lib/ssl/ssl3prot.h | 3 +-
+ mozilla/security/nss/lib/ssl/sslimpl.h | 24 ++++++
+ mozilla/security/nss/lib/ssl/sslsock.c | 74 +++++++++++++++++
+ mozilla/security/nss/lib/ssl/sslt.h | 3 +-
+ 9 files changed, 302 insertions(+), 3 deletions(-)
diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/cmd/tstclnt/tstclnt.c
index 55684e6..d209a33 100644
diff --git a/net/third_party/nss/patches/ocspstapling.patch b/net/third_party/nss/patches/ocspstapling.patch
index 4a6dcaf..4b342b9 100644
--- a/net/third_party/nss/patches/ocspstapling.patch
+++ b/net/third_party/nss/patches/ocspstapling.patch
@@ -1,8 +1,19 @@
-commit 5edecc25e3c8ec46e7708274f37096224c9b8b94
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 16:12:27 2011 -0400
+From 5d8c33901f2b1be41afd1b0211bee5d5236a868d Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:21:00 -0400
+Subject: [PATCH] ocspstapling.patch
- ocspstapling.patch
+---
+ mozilla/security/nss/lib/ssl/ssl.def | 1 +
+ mozilla/security/nss/lib/ssl/ssl.h | 18 +++++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 111 +++++++++++++++++++++++++++++++
+ mozilla/security/nss/lib/ssl/ssl3ext.c | 78 +++++++++++++++++++++-
+ mozilla/security/nss/lib/ssl/ssl3prot.h | 1 +
+ mozilla/security/nss/lib/ssl/sslerr.h | 2 +
+ mozilla/security/nss/lib/ssl/sslimpl.h | 13 ++++
+ mozilla/security/nss/lib/ssl/sslsock.c | 43 ++++++++++++
+ mozilla/security/nss/lib/ssl/sslt.h | 3 +-
+ 9 files changed, 268 insertions(+), 2 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
index 0fa8777..35cc1e3 100644
diff --git a/net/third_party/nss/patches/origin_bound_certs.patch b/net/third_party/nss/patches/origin_bound_certs.patch
index 99b0105..1f34654 100644
--- a/net/third_party/nss/patches/origin_bound_certs.patch
+++ b/net/third_party/nss/patches/origin_bound_certs.patch
@@ -1,11 +1,18 @@
-commit b5f89535668edebf59ac8186457d117572c05f2b
-Author: Adam Langley <agl@chromium.org>
-Date: Thu Jul 21 10:26:36 2011 -0400
+From 68d651bb679cd9da8f162774c5dcf40aad5ae3f1 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:25:10 -0400
+Subject: [PATCH] origin_bound_certs.patch
- obcerts
+---
+ mozilla/security/nss/lib/ssl/ssl.h | 1 +
+ mozilla/security/nss/lib/ssl/ssl3ext.c | 82 +++++++++++++++++++++++++++++++-
+ mozilla/security/nss/lib/ssl/sslimpl.h | 7 +++
+ mozilla/security/nss/lib/ssl/sslsock.c | 13 +++++-
+ mozilla/security/nss/lib/ssl/sslt.h | 5 +-
+ 5 files changed, 104 insertions(+), 4 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 5682d0a..53ca301 100644
+index c32438d..1115fa9 100644
--- a/mozilla/security/nss/lib/ssl/ssl.h
+++ b/mozilla/security/nss/lib/ssl/ssl.h
@@ -142,6 +142,7 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
@@ -16,26 +23,8 @@ index 5682d0a..53ca301 100644
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index c39b8f8..66071d2 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -2352,9 +2352,10 @@ ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
- ssl_ReleaseSpecReadLock(ss);
-
- if (isBlockCipher && len > 0) {
-- // We assume that block ciphers are used in CBC mode and prepend an
-- // empty record. This effectively randomizes the IV in a backwards
-- // compatible way.
-+ /* We assume that block ciphers are used in CBC mode and prepend an
-+ * empty record. This effectively randomizes the IV in a backwards
-+ * compatible way.
-+ */
- PRInt32 sent = ssl3_SendRecord(ss, content_application_data,
- in, 0 /* no payload */, flags);
- if (sent < 0) {
diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
-index 79ed9e3..e54b4fd 100644
+index 17898fb..887344b 100644
--- a/mozilla/security/nss/lib/ssl/ssl3ext.c
+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
@@ -237,6 +237,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
@@ -146,10 +135,10 @@ index 79ed9e3..e54b4fd 100644
+ return SECSuccess;
+}
diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index 95a1eee..df30029 100644
+index f1e9a3e..973a3c9 100644
--- a/mozilla/security/nss/lib/ssl/sslimpl.h
+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -350,6 +350,7 @@ typedef struct sslOptionsStr {
+@@ -341,6 +341,7 @@ typedef struct sslOptionsStr {
unsigned int enableFalseStart : 1; /* 23 */
unsigned int enableOCSPStapling : 1; /* 24 */
unsigned int enableCachedInfo : 1; /* 25 */
@@ -157,7 +146,7 @@ index 95a1eee..df30029 100644
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
-@@ -1573,10 +1574,14 @@ extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
+@@ -1547,10 +1548,14 @@ extern SECStatus ssl3_ClientHandleCachedInfoXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -172,7 +161,7 @@ index 95a1eee..df30029 100644
/* ClientHello and ServerHello extension senders.
* Note that not all extension senders are exposed here; only those that
-@@ -1596,6 +1601,8 @@ extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
+@@ -1570,6 +1575,8 @@ extern PRInt32 ssl3_ClientSendCachedInfoXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
extern PRInt32 ssl3_ServerSendCachedInfoXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
@@ -182,7 +171,7 @@ index 95a1eee..df30029 100644
/* Assigns new cert, cert chain and keys to ss->serverCerts
* struct. If certChain is NULL, tries to find one. Aborts if
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
-index 340d17c..68fd3cb 100644
+index 11b53da..7d12bfe 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
@@ -187,6 +187,7 @@ static sslOptions ssl_defaults = {
@@ -193,7 +182,7 @@ index 340d17c..68fd3cb 100644
};
sslSessionIDLookupFunc ssl_sid_lookup;
-@@ -752,6 +753,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+@@ -748,6 +749,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
ss->opt.enableCachedInfo = on;
break;
@@ -204,7 +193,7 @@ index 340d17c..68fd3cb 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
-@@ -817,7 +822,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+@@ -813,7 +818,8 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
@@ -214,7 +203,7 @@ index 340d17c..68fd3cb 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -873,6 +879,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+@@ -869,6 +875,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
on = ssl_defaults.enableOCSPStapling;
break;
case SSL_ENABLE_CACHED_INFO: on = ssl_defaults.enableCachedInfo; break;
@@ -222,7 +211,7 @@ index 340d17c..68fd3cb 100644
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1028,6 +1035,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
+@@ -1024,6 +1031,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
ssl_defaults.enableCachedInfo = on;
break;
@@ -234,7 +223,7 @@ index 340d17c..68fd3cb 100644
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
diff --git a/mozilla/security/nss/lib/ssl/sslt.h b/mozilla/security/nss/lib/ssl/sslt.h
-index bca7496..907c1dc 100644
+index bca7496..5f852fe 100644
--- a/mozilla/security/nss/lib/ssl/sslt.h
+++ b/mozilla/security/nss/lib/ssl/sslt.h
@@ -206,9 +206,10 @@ typedef enum {
diff --git a/net/third_party/nss/patches/peercertchain.patch b/net/third_party/nss/patches/peercertchain.patch
index e923901..4615ba7 100644
--- a/net/third_party/nss/patches/peercertchain.patch
+++ b/net/third_party/nss/patches/peercertchain.patch
@@ -1,8 +1,13 @@
-commit 3833600af1d2e49f0d3b9381de10d120ddf0a03c
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 15:54:45 2011 -0400
+From 40714671513378227413d1542c2911c2f62e3840 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:20:43 -0400
+Subject: [PATCH] peercertchain.patch
- peercertchain.patch
+---
+ mozilla/security/nss/lib/ssl/ssl.def | 1 +
+ mozilla/security/nss/lib/ssl/ssl.h | 11 +++++++++
+ mozilla/security/nss/lib/ssl/sslauth.c | 36 ++++++++++++++++++++++++++++++++
+ 3 files changed, 48 insertions(+), 0 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
index a1f4b51..0fa8777 100644
diff --git a/net/third_party/nss/patches/renegoscsv.patch b/net/third_party/nss/patches/renegoscsv.patch
index fd24d43..8ed9dfc 100644
--- a/net/third_party/nss/patches/renegoscsv.patch
+++ b/net/third_party/nss/patches/renegoscsv.patch
@@ -1,8 +1,11 @@
-commit f11613336a772057cd102a02759a6e4d111503d1
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 15:52:10 2011 -0400
+From 552c8d41b9ac9d55c8f1a861d81fc070a2a72aba Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:20:10 -0400
+Subject: [PATCH] renegoscsv.patch
- renegoscsv.patch
+---
+ mozilla/security/nss/lib/ssl/ssl3con.c | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
index e0cb4e9..455a532 100644
diff --git a/net/third_party/nss/patches/restartclientauth.patch b/net/third_party/nss/patches/restartclientauth.patch
index e95c263..f90825c 100644
--- a/net/third_party/nss/patches/restartclientauth.patch
+++ b/net/third_party/nss/patches/restartclientauth.patch
@@ -1,11 +1,20 @@
-Index: mozilla/security/nss/lib/ssl/ssl.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v
-retrieving revision 1.38.2.4
-diff -u -p -r1.38.2.4 ssl.h
---- mozilla/security/nss/lib/ssl/ssl.h 8 Apr 2011 05:44:32 -0000 1.38.2.4
-+++ mozilla/security/nss/lib/ssl/ssl.h 18 Aug 2011 22:52:10 -0000
-@@ -220,6 +220,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(
+From 3c9aa423a3e721fc2223dc5f64d21cc5b4898d4e Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:27:03 -0400
+Subject: [PATCH] restartclientauth.patch
+
+---
+ mozilla/security/nss/lib/ssl/ssl.h | 5 ++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 70 +++++++++++++++++++++----------
+ mozilla/security/nss/lib/ssl/sslimpl.h | 4 --
+ mozilla/security/nss/lib/ssl/sslsecur.c | 35 ++++++++++++---
+ 4 files changed, 80 insertions(+), 34 deletions(-)
+
+diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
+index 835d3cf..7e748bd 100644
+--- a/mozilla/security/nss/lib/ssl/ssl.h
++++ b/mozilla/security/nss/lib/ssl/ssl.h
+@@ -236,6 +236,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
PRIntervalTime timeout);
@@ -17,14 +26,11 @@ diff -u -p -r1.38.2.4 ssl.h
/*
** Query security status of socket. *on is set to one if security is
** enabled. *keySize will contain the stream key size used. *issuer will
-Index: mozilla/security/nss/lib/ssl/ssl3con.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
-retrieving revision 1.142.2.5
-diff -u -p -r1.142.2.5 ssl3con.c
---- mozilla/security/nss/lib/ssl/ssl3con.c 25 Jan 2011 01:49:22 -0000 1.142.2.5
-+++ mozilla/security/nss/lib/ssl/ssl3con.c 18 Aug 2011 22:52:10 -0000
-@@ -5621,9 +5621,10 @@ done:
+diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
+index f8838d6..d372ee2 100644
+--- a/mozilla/security/nss/lib/ssl/ssl3con.c
++++ b/mozilla/security/nss/lib/ssl/ssl3con.c
+@@ -5667,9 +5667,10 @@ done:
* reference count. The caller should drop its reference
* without calling CERT_DestroyCert after calling this function.
*
@@ -38,7 +44,7 @@ diff -u -p -r1.142.2.5 ssl3con.c
*
* certChain DER-encoded certs, client cert and its signers.
* Note: ssl takes this reference, and does not copy the chain.
-@@ -5643,27 +5644,50 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc
+@@ -5689,27 +5690,50 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket * ss,
SECKEYPrivateKey * key,
CERTCertificateList *certChain)
{
@@ -109,14 +115,11 @@ diff -u -p -r1.142.2.5 ssl3con.c
}
}
return rv;
-Index: mozilla/security/nss/lib/ssl/sslimpl.h
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v
-retrieving revision 1.77.2.2
-diff -u -p -r1.77.2.2 sslimpl.h
---- mozilla/security/nss/lib/ssl/sslimpl.h 16 Mar 2011 18:55:38 -0000 1.77.2.2
-+++ mozilla/security/nss/lib/ssl/sslimpl.h 18 Aug 2011 22:52:10 -0000
-@@ -1310,10 +1310,6 @@ extern SECStatus ssl3_MasterKeyDeriveBy
+diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
+index 906874a..70ff4c3 100644
+--- a/mozilla/security/nss/lib/ssl/sslimpl.h
++++ b/mozilla/security/nss/lib/ssl/sslimpl.h
+@@ -1356,10 +1356,6 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec,
extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
extern int SSL_RestartHandshakeAfterServerCert(struct sslSocketStr *ss);
@@ -127,14 +130,11 @@ diff -u -p -r1.77.2.2 sslimpl.h
extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
extern void ssl_FreeSocket(struct sslSocketStr *ssl);
extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
-Index: mozilla/security/nss/lib/ssl/sslsecur.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v
-retrieving revision 1.43.2.4
-diff -u -p -r1.43.2.4 sslsecur.c
---- mozilla/security/nss/lib/ssl/sslsecur.c 8 Apr 2011 05:25:21 -0000 1.43.2.4
-+++ mozilla/security/nss/lib/ssl/sslsecur.c 18 Aug 2011 22:52:10 -0000
-@@ -1453,11 +1453,13 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
+diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/ssl/sslsecur.c
+index dc374e0..bb5f0eb 100644
+--- a/mozilla/security/nss/lib/ssl/sslsecur.c
++++ b/mozilla/security/nss/lib/ssl/sslsecur.c
+@@ -1460,11 +1460,13 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
* cert Client cert chosen by application.
* Note: ssl takes this reference, and does not bump the
* reference count. The caller should drop its reference
@@ -152,7 +152,7 @@ diff -u -p -r1.43.2.4 sslsecur.c
*
* certChain Chain of signers for cert.
* Note: ssl takes this reference, and does not copy the chain.
-@@ -1469,19 +1471,38 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
+@@ -1476,19 +1478,38 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
* XXX This code only works on the initial handshake on a connection, XXX
* It does not work on a subsequent handshake (redo).
*/
diff --git a/net/third_party/nss/patches/secret_exporter.patch b/net/third_party/nss/patches/secret_exporter.patch
index 7e6eaa0..c6dc0e4 100644
--- a/net/third_party/nss/patches/secret_exporter.patch
+++ b/net/third_party/nss/patches/secret_exporter.patch
@@ -1,8 +1,15 @@
-commit c92170f883e6cfdc2c2dc6dbb49d3e6b8e9928f1
-Author: Adam Langley <agl@chromium.org>
-Date: Thu Jul 21 11:34:32 2011 -0400
+From a30a1a87579d0a0d2950ee685a41bae428f38284 Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:25:44 -0400
+Subject: [PATCH] secret_exporter.patch
- secret_extractor.patch
+---
+ mozilla/security/nss/lib/ssl/ssl.def | 1 +
+ mozilla/security/nss/lib/ssl/ssl.h | 13 ++++++
+ mozilla/security/nss/lib/ssl/ssl3con.c | 63 ++++++++++++++++++++-----------
+ mozilla/security/nss/lib/ssl/sslimpl.h | 6 +++
+ mozilla/security/nss/lib/ssl/sslinfo.c | 64 ++++++++++++++++++++++++++++++++
+ 5 files changed, 125 insertions(+), 22 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl.def b/mozilla/security/nss/lib/ssl/ssl.def
index 7ef15db..1993d3e 100644
@@ -17,10 +24,10 @@ index 7ef15db..1993d3e 100644
SSL_GetStapledOCSPResponse;
SSL_HandshakeResumedSession;
diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/ssl.h
-index 53ca301..6b364bb 100644
+index 1115fa9..835d3cf 100644
--- a/mozilla/security/nss/lib/ssl/ssl.h
+++ b/mozilla/security/nss/lib/ssl/ssl.h
-@@ -686,6 +686,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
+@@ -653,6 +653,19 @@ SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
/* Returnes negotiated through SNI host info. */
SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
@@ -41,10 +48,10 @@ index 53ca301..6b364bb 100644
** Return a new reference to the certificate that was most recently sent
** to the peer on this SSL/TLS connection, or NULL if none has been sent.
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index 66071d2..3bda2f3 100644
+index 2648cbe..f8838d6 100644
--- a/mozilla/security/nss/lib/ssl/ssl3con.c
+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -8443,33 +8443,33 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
+@@ -8371,33 +8371,33 @@ ssl3_RestartHandshakeAfterServerCert(sslSocket *ss)
return rv;
}
@@ -94,7 +101,7 @@ index 66071d2..3bda2f3 100644
PK11_DestroyContext(prf_context, PR_TRUE);
} else {
-@@ -8478,17 +8478,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
+@@ -8406,17 +8406,36 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
SECItem outData = { siBuffer, };
PRBool isFIPS = PR_FALSE;
@@ -138,10 +145,10 @@ index 66071d2..3bda2f3 100644
*/
static SECStatus
diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/ssl/sslimpl.h
-index df30029..073616f 100644
+index 973a3c9..906874a 100644
--- a/mozilla/security/nss/lib/ssl/sslimpl.h
+++ b/mozilla/security/nss/lib/ssl/sslimpl.h
-@@ -1726,6 +1726,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void);
+@@ -1680,6 +1680,12 @@ SECStatus SSL_DisableDefaultExportCipherSuites(void);
SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd);
PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite);
diff --git a/net/third_party/nss/patches/versionskew.patch b/net/third_party/nss/patches/versionskew.patch
index 0df63ea..c55df5a 100644
--- a/net/third_party/nss/patches/versionskew.patch
+++ b/net/third_party/nss/patches/versionskew.patch
@@ -1,8 +1,12 @@
-commit 47ee639fe155c26aed5ef6edba34be6d359a92c7
-Author: Adam Langley <agl@chromium.org>
-Date: Mon Jun 20 15:50:01 2011 -0400
+From 9a71b466147bcd334243d62996558a609657c07c Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Mon, 3 Oct 2011 12:19:48 -0400
+Subject: [PATCH] versionskew.patch
- versionskew.patch
+---
+ mozilla/security/nss/lib/ssl/sslsecur.c | 5 +++++
+ mozilla/security/nss/lib/ssl/sslsock.c | 6 ++++++
+ 2 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/ssl/sslsecur.c
index a0cae54..816b8f6 100644