diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-07-07 11:39:03 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-07-07 10:30:25 +0000 |
| commit | b80be2a302fe1e662a4a2b269d7ee8b7875581df (patch) | |
| tree | 3a6e79ab9bc38ff554f77127b250edde8e476119 /chromium/net | |
| parent | 813fbf95af77a531c57a8c497345ad2c61d475b3 (diff) | |
| download | qtwebengine-chromium-b80be2a302fe1e662a4a2b269d7ee8b7875581df.tar.gz | |
BASELINE: Update to chromium 44.0.2403.80
Change-Id: Ib190ddcbbb5f312742c16d159bdfe9dbf7360c8a
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
Diffstat (limited to 'chromium/net')
45 files changed, 896 insertions, 797 deletions
diff --git a/chromium/net/http/http_server_properties.h b/chromium/net/http/http_server_properties.h index d269335f90e..7a12d5e09c7 100644 --- a/chromium/net/http/http_server_properties.h +++ b/chromium/net/http/http_server_properties.h @@ -187,6 +187,14 @@ struct NET_EXPORT SupportsQuic { struct NET_EXPORT ServerNetworkStats { ServerNetworkStats() : bandwidth_estimate(QuicBandwidth::Zero()) {} + bool operator==(const ServerNetworkStats& other) const { + return srtt == other.srtt && bandwidth_estimate == other.bandwidth_estimate; + } + + bool operator!=(const ServerNetworkStats& other) const { + return !this->operator==(other); + } + base::TimeDelta srtt; QuicBandwidth bandwidth_estimate; }; @@ -314,6 +322,7 @@ class NET_EXPORT HttpServerProperties { virtual void SetSupportsQuic(bool used_quic, const IPAddressNumber& last_address) = 0; + // Sets |stats| for |host_port_pair|. virtual void SetServerNetworkStats(const HostPortPair& host_port_pair, ServerNetworkStats stats) = 0; diff --git a/chromium/net/http/http_server_properties_manager.cc b/chromium/net/http/http_server_properties_manager.cc index a52036ec316..669b091d13c 100644 --- a/chromium/net/http/http_server_properties_manager.cc +++ b/chromium/net/http/http_server_properties_manager.cc @@ -245,8 +245,15 @@ bool HttpServerPropertiesManager::WasAlternativeServiceRecentlyBroken( void HttpServerPropertiesManager::ConfirmAlternativeService( const AlternativeService& alternative_service) { DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); + bool old_value = http_server_properties_impl_->IsAlternativeServiceBroken( + alternative_service); http_server_properties_impl_->ConfirmAlternativeService(alternative_service); - ScheduleUpdatePrefsOnNetworkThread(CONFIRM_ALTERNATIVE_SERVICE); + bool new_value = http_server_properties_impl_->IsAlternativeServiceBroken( + alternative_service); + // For persisting, we only care about the value returned by + // IsAlternativeServiceBroken. If that value changes, then call persist. + if (old_value != new_value) + ScheduleUpdatePrefsOnNetworkThread(CONFIRM_ALTERNATIVE_SERVICE); } void HttpServerPropertiesManager::ClearAlternativeService( @@ -329,16 +336,29 @@ void HttpServerPropertiesManager::SetSupportsQuic( bool used_quic, const IPAddressNumber& address) { DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); + IPAddressNumber old_last_quic_addr; + http_server_properties_impl_->GetSupportsQuic(&old_last_quic_addr); http_server_properties_impl_->SetSupportsQuic(used_quic, address); - ScheduleUpdatePrefsOnNetworkThread(SET_SUPPORTS_QUIC); + IPAddressNumber new_last_quic_addr; + http_server_properties_impl_->GetSupportsQuic(&new_last_quic_addr); + if (old_last_quic_addr != new_last_quic_addr) + ScheduleUpdatePrefsOnNetworkThread(SET_SUPPORTS_QUIC); } void HttpServerPropertiesManager::SetServerNetworkStats( const HostPortPair& host_port_pair, ServerNetworkStats stats) { DCHECK(network_task_runner_->RunsTasksOnCurrentThread()); + ServerNetworkStats old_stats; + const ServerNetworkStats* old_stats_ptr = + http_server_properties_impl_->GetServerNetworkStats(host_port_pair); + if (http_server_properties_impl_->GetServerNetworkStats(host_port_pair)) + old_stats = *old_stats_ptr; http_server_properties_impl_->SetServerNetworkStats(host_port_pair, stats); - ScheduleUpdatePrefsOnNetworkThread(SET_SERVER_NETWORK_STATS); + ServerNetworkStats new_stats = + *(http_server_properties_impl_->GetServerNetworkStats(host_port_pair)); + if (old_stats != new_stats) + ScheduleUpdatePrefsOnNetworkThread(SET_SERVER_NETWORK_STATS); } const ServerNetworkStats* HttpServerPropertiesManager::GetServerNetworkStats( diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc index e34e76d19c3..8d390578c93 100644 --- a/chromium/net/http/http_server_properties_manager_unittest.cc +++ b/chromium/net/http/http_server_properties_manager_unittest.cc @@ -548,6 +548,52 @@ TEST_F(HttpServerPropertiesManagerTest, ClearAlternativeService) { EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); } +TEST_F(HttpServerPropertiesManagerTest, ConfirmAlternativeService) { + ExpectPrefsUpdate(); + + HostPortPair spdy_server_mail("mail.google.com", 80); + EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); + AlternativeService alternative_service(NPN_SPDY_4, "mail.google.com", 443); + + ExpectScheduleUpdatePrefsOnNetworkThread(); + http_server_props_manager_->SetAlternativeService(spdy_server_mail, + alternative_service, 1.0); + + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); + + ExpectScheduleUpdatePrefsOnNetworkThread(); + http_server_props_manager_->MarkAlternativeServiceBroken(alternative_service); + EXPECT_TRUE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_TRUE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); + + ExpectScheduleUpdatePrefsOnNetworkThread(); + http_server_props_manager_->ConfirmAlternativeService(alternative_service); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); + // ExpectScheduleUpdatePrefsOnNetworkThread() should be called only once. + http_server_props_manager_->ConfirmAlternativeService(alternative_service); + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); + + // Run the task. + base::RunLoop().RunUntilIdle(); + Mock::VerifyAndClearExpectations(http_server_props_manager_.get()); + + EXPECT_FALSE(http_server_props_manager_->IsAlternativeServiceBroken( + alternative_service)); + EXPECT_FALSE(http_server_props_manager_->WasAlternativeServiceRecentlyBroken( + alternative_service)); +} + TEST_F(HttpServerPropertiesManagerTest, SupportsQuic) { ExpectPrefsUpdate(); ExpectScheduleUpdatePrefsOnNetworkThread(); @@ -558,6 +604,8 @@ TEST_F(HttpServerPropertiesManagerTest, SupportsQuic) { IPAddressNumber actual_address; CHECK(ParseIPLiteralToNumber("127.0.0.1", &actual_address)); http_server_props_manager_->SetSupportsQuic(true, actual_address); + // ExpectScheduleUpdatePrefsOnNetworkThread() should be called only once. + http_server_props_manager_->SetSupportsQuic(true, actual_address); // Run the task. base::RunLoop().RunUntilIdle(); @@ -578,6 +626,8 @@ TEST_F(HttpServerPropertiesManagerTest, ServerNetworkStats) { ServerNetworkStats stats1; stats1.srtt = base::TimeDelta::FromMicroseconds(10); http_server_props_manager_->SetServerNetworkStats(mail_server, stats1); + // ExpectScheduleUpdatePrefsOnNetworkThread() should be called only once. + http_server_props_manager_->SetServerNetworkStats(mail_server, stats1); // Run the task. base::RunLoop().RunUntilIdle(); diff --git a/chromium/net/http/http_stream_factory_impl_job.cc b/chromium/net/http/http_stream_factory_impl_job.cc index b9864156563..87a9539a8de 100644 --- a/chromium/net/http/http_stream_factory_impl_job.cc +++ b/chromium/net/http/http_stream_factory_impl_job.cc @@ -20,6 +20,7 @@ #include "build/build_config.h" #include "net/base/connection_type_histograms.h" #include "net/base/net_util.h" +#include "net/cert/cert_verifier.h" #include "net/http/http_basic_stream.h" #include "net/http/http_network_session.h" #include "net/http/http_proxy_client_socket.h" @@ -795,18 +796,51 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() { DCHECK(session_->params().enable_quic_for_proxies); } + if (proxy_info_.is_https() || proxy_info_.is_quic()) { + InitSSLConfig(proxy_info_.proxy_server().host_port_pair(), + &proxy_ssl_config_, /*is_proxy=*/true); + // Disable revocation checking for HTTPS proxies since the revocation + // requests are probably going to need to go through the proxy too. + proxy_ssl_config_.rev_checking_enabled = false; + } + if (using_ssl_) { + InitSSLConfig(server_, &server_ssl_config_, /*is_proxy=*/false); + } + if (using_quic_) { if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) { NOTREACHED(); // TODO(rch): support QUIC proxies for HTTPS urls. return ERR_NOT_IMPLEMENTED; } - HostPortPair destination = proxy_info_.is_quic() - ? proxy_info_.proxy_server().host_port_pair() - : server_; - bool secure_quic = using_ssl_ || proxy_info_.is_quic(); + HostPortPair destination; + bool secure_quic; + SSLConfig* ssl_config; + if (proxy_info_.is_quic()) { + // A proxy's certificate is expected to be valid for the proxy hostname. + destination = proxy_info_.proxy_server().host_port_pair(); + secure_quic = true; + ssl_config = &proxy_ssl_config_; + } else { + // The certificate of a QUIC alternative server is expected to be valid + // for the origin of the request (in addition to being valid for the + // server itself). + destination = server_; + secure_quic = using_ssl_; + ssl_config = &server_ssl_config_; + } + // TODO(rtenneti): Move the cert_verify_flags code into SSLConfig class. + int flags = 0; + if (ssl_config->rev_checking_enabled) + flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; + if (ssl_config->verify_ev_cert) + flags |= CertVerifier::VERIFY_EV_CERT; + if (ssl_config->cert_io_enabled) + flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; + if (ssl_config->rev_checking_required_local_anchors) + flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; int rv = quic_request_.Request( - destination, secure_quic, request_info_.privacy_mode, + destination, secure_quic, request_info_.privacy_mode, flags, request_info_.method, net_log_, io_callback_); if (rv == OK) { using_existing_quic_session_ = true; @@ -860,18 +894,6 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() { // TODO(bnc): s/want_spdy_over_npn/expect_spdy_over_npn/ bool want_spdy_over_npn = IsAlternate(); - if (proxy_info_.is_https()) { - InitSSLConfig(proxy_info_.proxy_server().host_port_pair(), - &proxy_ssl_config_, - true /* is a proxy server */); - // Disable revocation checking for HTTPS proxies since the revocation - // requests are probably going to need to go through the proxy too. - proxy_ssl_config_.rev_checking_enabled = false; - } - if (using_ssl_) { - InitSSLConfig(server_, &server_ssl_config_, false /* not a proxy server */); - } - base::WeakPtr<HttpServerProperties> http_server_properties = session_->http_server_properties(); if (http_server_properties) { diff --git a/chromium/net/proxy/proxy_list.cc b/chromium/net/proxy/proxy_list.cc index e53fe7ce3fd..99322450f13 100644 --- a/chromium/net/proxy/proxy_list.cc +++ b/chromium/net/proxy/proxy_list.cc @@ -187,16 +187,13 @@ void ProxyList::AddProxyToRetryList(ProxyRetryInfoMap* proxy_retry_info, int net_error, const BoundNetLog& net_log) const { // Mark this proxy as bad. + TimeTicks bad_until = TimeTicks::Now() + retry_delay; std::string proxy_key = proxy_to_retry.ToURI(); ProxyRetryInfoMap::iterator iter = proxy_retry_info->find(proxy_key); - if (iter != proxy_retry_info->end()) { - // TODO(nsylvain): This is not the first time we get this. We should - // double the retry time. Bug 997660. - iter->second.bad_until = TimeTicks::Now() + iter->second.current_delay; - } else { + if (iter == proxy_retry_info->end() || bad_until > iter->second.bad_until) { ProxyRetryInfo retry_info; retry_info.current_delay = retry_delay; - retry_info.bad_until = TimeTicks().Now() + retry_info.current_delay; + retry_info.bad_until = bad_until; retry_info.try_while_bad = try_while_bad; retry_info.net_error = net_error; (*proxy_retry_info)[proxy_key] = retry_info; diff --git a/chromium/net/proxy/proxy_list_unittest.cc b/chromium/net/proxy/proxy_list_unittest.cc index 0dbb53a2d03..e98d9c51977 100644 --- a/chromium/net/proxy/proxy_list_unittest.cc +++ b/chromium/net/proxy/proxy_list_unittest.cc @@ -245,6 +245,66 @@ TEST(ProxyListTest, UpdateRetryInfoOnFallback) { EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy2:80")); EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy3:80")); } + // If the bad proxy is already on the retry list, and the old retry info would + // cause the proxy to be retried later than the newly specified retry info, + // then the old retry info should be kept. + { + ProxyList list; + ProxyRetryInfoMap retry_info_map; + BoundNetLog net_log; + list.SetFromPacString("PROXY foopy1:80;PROXY foopy2:80;PROXY foopy3:80"); + + // First, mark the proxy as bad for 60 seconds. + list.UpdateRetryInfoOnFallback( + &retry_info_map, base::TimeDelta::FromSeconds(60), true, + std::vector<ProxyServer>(), ERR_PROXY_CONNECTION_FAILED, net_log); + // Next, mark the same proxy as bad for 1 second. This call should have no + // effect, since this would cause the bad proxy to be retried sooner than + // the existing retry info. + list.UpdateRetryInfoOnFallback(&retry_info_map, + base::TimeDelta::FromSeconds(1), false, + std::vector<ProxyServer>(), OK, net_log); + EXPECT_TRUE(retry_info_map.end() != retry_info_map.find("foopy1:80")); + EXPECT_EQ(ERR_PROXY_CONNECTION_FAILED, + retry_info_map["foopy1:80"].net_error); + EXPECT_TRUE(retry_info_map["foopy1:80"].try_while_bad); + EXPECT_EQ(base::TimeDelta::FromSeconds(60), + retry_info_map["foopy1:80"].current_delay); + EXPECT_GT(retry_info_map["foopy1:80"].bad_until, + base::TimeTicks::Now() + base::TimeDelta::FromSeconds(30)); + EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy2:80")); + EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy3:80")); + } + // If the bad proxy is already on the retry list, and the newly specified + // retry info would cause the proxy to be retried later than the old retry + // info, then the old retry info should be replaced with the new retry info. + { + ProxyList list; + ProxyRetryInfoMap retry_info_map; + BoundNetLog net_log; + list.SetFromPacString("PROXY foopy1:80;PROXY foopy2:80;PROXY foopy3:80"); + + // First, mark the proxy as bad for 1 second. + list.UpdateRetryInfoOnFallback(&retry_info_map, + base::TimeDelta::FromSeconds(1), false, + std::vector<ProxyServer>(), OK, net_log); + // Next, mark the same proxy as bad for 60 seconds. This call should replace + // the existing retry info with the new 60 second retry info. + list.UpdateRetryInfoOnFallback( + &retry_info_map, base::TimeDelta::FromSeconds(60), true, + std::vector<ProxyServer>(), ERR_PROXY_CONNECTION_FAILED, net_log); + + EXPECT_TRUE(retry_info_map.end() != retry_info_map.find("foopy1:80")); + EXPECT_EQ(ERR_PROXY_CONNECTION_FAILED, + retry_info_map["foopy1:80"].net_error); + EXPECT_TRUE(retry_info_map["foopy1:80"].try_while_bad); + EXPECT_EQ(base::TimeDelta::FromSeconds(60), + retry_info_map["foopy1:80"].current_delay); + EXPECT_GT(retry_info_map["foopy1:80"].bad_until, + base::TimeTicks::Now() + base::TimeDelta::FromSeconds(30)); + EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy2:80")); + EXPECT_TRUE(retry_info_map.end() == retry_info_map.find("foopy3:80")); + } } } // namesapce diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.cc b/chromium/net/quic/crypto/proof_verifier_chromium.cc index 8fcca0a4647..280ca5ade8d 100644 --- a/chromium/net/quic/crypto/proof_verifier_chromium.cc +++ b/chromium/net/quic/crypto/proof_verifier_chromium.cc @@ -47,6 +47,7 @@ class ProofVerifierChromium::Job { Job(ProofVerifierChromium* proof_verifier, CertVerifier* cert_verifier, TransportSecurityState* transport_security_state, + int cert_verify_flags, const BoundNetLog& net_log); // Starts the proof verification. If |QUIC_PENDING| is returned, then @@ -94,6 +95,10 @@ class ProofVerifierChromium::Job { // X509Certificate from a chain of DER encoded certificates. scoped_refptr<X509Certificate> cert_; + // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is + // passed to CertVerifier::Verify. + int cert_verify_flags_; + State next_state_; BoundNetLog net_log_; @@ -105,10 +110,12 @@ ProofVerifierChromium::Job::Job( ProofVerifierChromium* proof_verifier, CertVerifier* cert_verifier, TransportSecurityState* transport_security_state, + int cert_verify_flags, const BoundNetLog& net_log) : proof_verifier_(proof_verifier), verifier_(cert_verifier), transport_security_state_(transport_security_state), + cert_verify_flags_(cert_verify_flags), next_state_(STATE_NONE), net_log_(net_log) { } @@ -222,13 +229,12 @@ void ProofVerifierChromium::Job::OnIOComplete(int result) { int ProofVerifierChromium::Job::DoVerifyCert(int result) { next_state_ = STATE_VERIFY_CERT_COMPLETE; - int flags = 0; - return verifier_->Verify(cert_.get(), hostname_, std::string(), flags, - SSLConfigService::GetCRLSet().get(), - &verify_details_->cert_verify_result, - base::Bind(&ProofVerifierChromium::Job::OnIOComplete, - base::Unretained(this)), - &cert_verifier_request_, net_log_); + return verifier_->Verify( + cert_.get(), hostname_, std::string(), cert_verify_flags_, + SSLConfigService::GetCRLSet().get(), &verify_details_->cert_verify_result, + base::Bind(&ProofVerifierChromium::Job::OnIOComplete, + base::Unretained(this)), + &cert_verifier_request_, net_log_); } int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { @@ -380,13 +386,12 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof( } const ProofVerifyContextChromium* chromium_context = reinterpret_cast<const ProofVerifyContextChromium*>(verify_context); - scoped_ptr<Job> job(new Job(this, - cert_verifier_, - transport_security_state_, + scoped_ptr<Job> job(new Job(this, cert_verifier_, transport_security_state_, + chromium_context->cert_verify_flags, chromium_context->net_log)); - QuicAsyncStatus status = job->VerifyProof(hostname, server_config, certs, - signature, error_details, - verify_details, callback); + QuicAsyncStatus status = + job->VerifyProof(hostname, server_config, certs, signature, error_details, + verify_details, callback); if (status == QUIC_PENDING) { active_jobs_.insert(job.release()); } diff --git a/chromium/net/quic/crypto/proof_verifier_chromium.h b/chromium/net/quic/crypto/proof_verifier_chromium.h index 830417911e7..7c0b069f8e2 100644 --- a/chromium/net/quic/crypto/proof_verifier_chromium.h +++ b/chromium/net/quic/crypto/proof_verifier_chromium.h @@ -44,9 +44,10 @@ class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium // ProofVerifierChromium needs in order to log correctly. struct ProofVerifyContextChromium : public ProofVerifyContext { public: - explicit ProofVerifyContextChromium(const BoundNetLog& net_log) - : net_log(net_log) {} + ProofVerifyContextChromium(int cert_verify_flags, const BoundNetLog& net_log) + : cert_verify_flags(cert_verify_flags), net_log(net_log) {} + int cert_verify_flags; BoundNetLog net_log; }; diff --git a/chromium/net/quic/quic_client_session.cc b/chromium/net/quic/quic_client_session.cc index b5f1d98bd67..9721e719961 100644 --- a/chromium/net/quic/quic_client_session.cc +++ b/chromium/net/quic/quic_client_session.cc @@ -98,6 +98,7 @@ void RecordHandshakeState(HandshakeState state) { base::Value* NetLogQuicClientSessionCallback( const QuicServerId* server_id, + int cert_verify_flags, bool require_confirmation, NetLogCaptureMode /* capture_mode */) { base::DictionaryValue* dict = new base::DictionaryValue(); @@ -107,6 +108,7 @@ base::Value* NetLogQuicClientSessionCallback( dict->SetBoolean("privacy_mode", server_id->privacy_mode() == PRIVACY_MODE_ENABLED); dict->SetBoolean("require_confirmation", require_confirmation); + dict->SetInteger("cert_verify_flags", cert_verify_flags); return dict; } @@ -157,6 +159,7 @@ QuicClientSession::QuicClientSession( QuicStreamFactory* stream_factory, TransportSecurityState* transport_security_state, scoped_ptr<QuicServerInfo> server_info, + int cert_verify_flags, const QuicConfig& config, const char* const connection_description, base::TimeTicks dns_resolution_end_time, @@ -168,6 +171,7 @@ QuicClientSession::QuicClientSession( socket_(socket.Pass()), transport_security_state_(transport_security_state), server_info_(server_info.Pass()), + cert_verify_flags_(cert_verify_flags), num_total_streams_(0), task_runner_(task_runner), net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_QUIC_SESSION)), @@ -191,18 +195,18 @@ void QuicClientSession::InitializeSession( QuicCryptoClientStreamFactory* crypto_client_stream_factory) { server_id_ = server_id; crypto_stream_.reset( - crypto_client_stream_factory ? - crypto_client_stream_factory->CreateQuicCryptoClientStream( - server_id, this, crypto_config) : - new QuicCryptoClientStream(server_id, this, - new ProofVerifyContextChromium(net_log_), - crypto_config)); + crypto_client_stream_factory + ? crypto_client_stream_factory->CreateQuicCryptoClientStream( + server_id, this, crypto_config) + : new QuicCryptoClientStream( + server_id, this, + new ProofVerifyContextChromium(cert_verify_flags_, net_log_), + crypto_config)); QuicClientSessionBase::InitializeSession(); // TODO(rch): pass in full host port proxy pair net_log_.BeginEvent(NetLog::TYPE_QUIC_SESSION, - base::Bind(NetLogQuicClientSessionCallback, - &server_id, - require_confirmation_)); + base::Bind(NetLogQuicClientSessionCallback, &server_id, + cert_verify_flags_, require_confirmation_)); } QuicClientSession::~QuicClientSession() { diff --git a/chromium/net/quic/quic_client_session.h b/chromium/net/quic/quic_client_session.h index 6b7dab68fdb..db13de99830 100644 --- a/chromium/net/quic/quic_client_session.h +++ b/chromium/net/quic/quic_client_session.h @@ -97,6 +97,7 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicClientSessionBase, QuicStreamFactory* stream_factory, TransportSecurityState* transport_security_state, scoped_ptr<QuicServerInfo> server_info, + int cert_verify_flags, const QuicConfig& config, const char* const connection_description, base::TimeTicks dns_resolution_end_time, @@ -249,6 +250,7 @@ class NET_EXPORT_PRIVATE QuicClientSession : public QuicClientSessionBase, TransportSecurityState* transport_security_state_; scoped_ptr<QuicServerInfo> server_info_; scoped_ptr<CertVerifyResult> cert_verify_result_; + int cert_verify_flags_; std::string pinning_failure_log_; ObserverSet observers_; StreamRequestQueue stream_requests_; diff --git a/chromium/net/quic/quic_client_session_test.cc b/chromium/net/quic/quic_client_session_test.cc index b6457ec2dbf..1d9f0218a77 100644 --- a/chromium/net/quic/quic_client_session_test.cc +++ b/chromium/net/quic/quic_client_session_test.cc @@ -48,6 +48,7 @@ class QuicClientSessionTest : public ::testing::TestWithParam<QuicVersion> { nullptr, &transport_security_state_, make_scoped_ptr((QuicServerInfo*)nullptr), + /*cert_verify_flags=*/0, DefaultQuicConfig(), "CONNECTION_UNKNOWN", base::TimeTicks::Now(), diff --git a/chromium/net/quic/quic_connection.cc b/chromium/net/quic/quic_connection.cc index 12f929021fa..73f43127873 100644 --- a/chromium/net/quic/quic_connection.cc +++ b/chromium/net/quic/quic_connection.cc @@ -64,7 +64,7 @@ const size_t kMaxFecGroups = 2; const QuicPacketCount kMaxPacketsReceivedBeforeAckSend = 20; // Maximum number of tracked packets. -const QuicPacketCount kMaxTrackedPackets = 5 * kMaxTcpCongestionWindow; +const QuicPacketCount kMaxTrackedPackets = 15 * kMaxTcpCongestionWindow; bool Near(QuicPacketSequenceNumber a, QuicPacketSequenceNumber b) { QuicPacketSequenceNumber delta = (a > b) ? a - b : b - a; diff --git a/chromium/net/quic/quic_connection_test.cc b/chromium/net/quic/quic_connection_test.cc index 92adfdb648a..fec998e1606 100644 --- a/chromium/net/quic/quic_connection_test.cc +++ b/chromium/net/quic/quic_connection_test.cc @@ -1319,7 +1319,7 @@ TEST_P(QuicConnectionTest, LeastUnackedLower) { TEST_P(QuicConnectionTest, TooManySentPackets) { EXPECT_CALL(visitor_, OnSuccessfulVersionNegotiation(_)); - for (int i = 0; i < 1100; ++i) { + for (int i = 0; i < 3100; ++i) { SendStreamDataToPeer(1, "foo", 3 * i, !kFin, nullptr); } @@ -1331,8 +1331,8 @@ TEST_P(QuicConnectionTest, TooManySentPackets) { EXPECT_CALL(visitor_, OnCanWrite()).Times(0); // Nack every packet except the last one, leaving a huge gap. - QuicAckFrame frame1 = InitAckFrame(1100); - for (QuicPacketSequenceNumber i = 1; i < 1100; ++i) { + QuicAckFrame frame1 = InitAckFrame(3100); + for (QuicPacketSequenceNumber i = 1; i < 3100; ++i) { NackPacket(i, &frame1); } ProcessAckPacket(&frame1); @@ -1343,8 +1343,8 @@ TEST_P(QuicConnectionTest, TooManyReceivedPackets) { EXPECT_CALL(visitor_, OnConnectionClosed( QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS, false)); - // Miss every other packet for 1000 packets. - for (QuicPacketSequenceNumber i = 1; i < 1000; ++i) { + // Miss every other packet for 3000 packets. + for (QuicPacketSequenceNumber i = 1; i < 3000; ++i) { ProcessPacket(i * 2); if (!connection_.connected()) { break; diff --git a/chromium/net/quic/quic_crypto_client_stream.cc b/chromium/net/quic/quic_crypto_client_stream.cc index f1f09092952..0895700912f 100644 --- a/chromium/net/quic/quic_crypto_client_stream.cc +++ b/chromium/net/quic/quic_crypto_client_stream.cc @@ -409,14 +409,9 @@ QuicAsyncStatus QuicCryptoClientStream::DoVerifyProof( verify_ok_ = false; QuicAsyncStatus status = verifier->VerifyProof( - server_id_.host(), - cached->server_config(), - cached->certs(), - cached->signature(), - verify_context_.get(), - &verify_error_details_, - &verify_details_, - proof_verify_callback); + server_id_.host(), cached->server_config(), cached->certs(), + cached->signature(), verify_context_.get(), &verify_error_details_, + &verify_details_, proof_verify_callback); switch (status) { case QUIC_PENDING: diff --git a/chromium/net/quic/quic_http_stream_test.cc b/chromium/net/quic/quic_http_stream_test.cc index 3e24ccb9c38..fb4d6ae95e2 100644 --- a/chromium/net/quic/quic_http_stream_test.cc +++ b/chromium/net/quic/quic_http_stream_test.cc @@ -208,7 +208,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam<QuicVersion> { session_.reset(new QuicClientSession( connection_, scoped_ptr<DatagramClientSocket>(socket), nullptr, &transport_security_state_, make_scoped_ptr((QuicServerInfo*)nullptr), - DefaultQuicConfig(), "CONNECTION_UNKNOWN", base::TimeTicks::Now(), + /*cert_verify_flags=*/0, DefaultQuicConfig(), "CONNECTION_UNKNOWN", + base::TimeTicks::Now(), base::MessageLoop::current()->message_loop_proxy().get(), nullptr)); session_->InitializeSession( QuicServerId(kDefaultServerHostName, kDefaultServerPort, diff --git a/chromium/net/quic/quic_stream_factory.cc b/chromium/net/quic/quic_stream_factory.cc index 7c24ecdaef4..76ab6563c68 100644 --- a/chromium/net/quic/quic_stream_factory.cc +++ b/chromium/net/quic/quic_stream_factory.cc @@ -141,6 +141,7 @@ class QuicStreamFactory::Job { bool is_https, bool was_alternate_protocol_recently_broken, PrivacyMode privacy_mode, + int cert_verify_flags, bool is_post, QuicServerInfo* server_info, const BoundNetLog& net_log); @@ -193,6 +194,7 @@ class QuicStreamFactory::Job { QuicStreamFactory* factory_; SingleRequestHostResolver host_resolver_; QuicServerId server_id_; + int cert_verify_flags_; bool is_post_; bool was_alternate_protocol_recently_broken_; scoped_ptr<QuicServerInfo> server_info_; @@ -213,6 +215,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, bool is_https, bool was_alternate_protocol_recently_broken, PrivacyMode privacy_mode, + int cert_verify_flags, bool is_post, QuicServerInfo* server_info, const BoundNetLog& net_log) @@ -220,6 +223,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, factory_(factory), host_resolver_(host_resolver), server_id_(host_port_pair, is_https, privacy_mode), + cert_verify_flags_(cert_verify_flags), is_post_(is_post), was_alternate_protocol_recently_broken_( was_alternate_protocol_recently_broken), @@ -238,6 +242,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, factory_(factory), host_resolver_(host_resolver), // unused server_id_(server_id), + cert_verify_flags_(0), // unused is_post_(false), // unused was_alternate_protocol_recently_broken_(false), // unused started_another_job_(false), // unused @@ -390,7 +395,8 @@ int QuicStreamFactory::Job::DoLoadServerInfo() { // If we are waiting to load server config from the disk cache, then start // another job. started_another_job_ = true; - factory_->CreateAuxilaryJob(server_id_, is_post_, net_log_); + factory_->CreateAuxilaryJob(server_id_, cert_verify_flags_, is_post_, + net_log_); } return rv; } @@ -419,9 +425,9 @@ int QuicStreamFactory::Job::DoLoadServerInfoComplete(int rv) { int QuicStreamFactory::Job::DoConnect() { io_state_ = STATE_CONNECT_COMPLETE; - int rv = - factory_->CreateSession(server_id_, server_info_.Pass(), address_list_, - dns_resolution_end_time_, net_log_, &session_); + int rv = factory_->CreateSession( + server_id_, cert_verify_flags_, server_info_.Pass(), address_list_, + dns_resolution_end_time_, net_log_, &session_); if (rv != OK) { DCHECK(rv != ERR_IO_PENDING); DCHECK(!session_); @@ -485,14 +491,15 @@ QuicStreamRequest::~QuicStreamRequest() { int QuicStreamRequest::Request(const HostPortPair& host_port_pair, bool is_https, PrivacyMode privacy_mode, + int cert_verify_flags, base::StringPiece method, const BoundNetLog& net_log, const CompletionCallback& callback) { DCHECK(!stream_); DCHECK(callback_.is_null()); DCHECK(factory_); - int rv = factory_->Create(host_port_pair, is_https, privacy_mode, method, - net_log, this); + int rv = factory_->Create(host_port_pair, is_https, privacy_mode, + cert_verify_flags, method, net_log, this); if (rv == ERR_IO_PENDING) { host_port_pair_ = host_port_pair; net_log_ = net_log; @@ -615,6 +622,7 @@ void QuicStreamFactory::set_require_confirmation(bool require_confirmation) { int QuicStreamFactory::Create(const HostPortPair& host_port_pair, bool is_https, PrivacyMode privacy_mode, + int cert_verify_flags, base::StringPiece method, const BoundNetLog& net_log, QuicStreamRequest* request) { @@ -657,8 +665,8 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair, scoped_ptr<Job> job(new Job(this, host_resolver_, host_port_pair, is_https, WasQuicRecentlyBroken(server_id), privacy_mode, - method == "POST" /* is_post */, quic_server_info, - net_log)); + cert_verify_flags, method == "POST" /* is_post */, + quic_server_info, net_log)); int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete, base::Unretained(this), job.get())); if (rv == ERR_IO_PENDING) { @@ -675,11 +683,13 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair, } void QuicStreamFactory::CreateAuxilaryJob(const QuicServerId server_id, + int cert_verify_flags, bool is_post, const BoundNetLog& net_log) { Job* aux_job = new Job(this, host_resolver_, server_id.host_port_pair(), server_id.is_https(), WasQuicRecentlyBroken(server_id), - server_id.privacy_mode(), is_post, nullptr, net_log); + server_id.privacy_mode(), cert_verify_flags, is_post, + nullptr, net_log); active_jobs_[server_id].insert(aux_job); task_runner_->PostTask(FROM_HERE, base::Bind(&QuicStreamFactory::Job::RunAuxilaryJob, @@ -954,6 +964,7 @@ bool QuicStreamFactory::HasActiveJob(const QuicServerId& key) const { } int QuicStreamFactory::CreateSession(const QuicServerId& server_id, + int cert_verify_flags, scoped_ptr<QuicServerInfo> server_info, const AddressList& address_list, base::TimeTicks dns_resolution_end_time, @@ -1063,8 +1074,8 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id, *session = new QuicClientSession( connection, socket.Pass(), this, transport_security_state_, - server_info.Pass(), config, network_connection_.GetDescription(), - dns_resolution_end_time, + server_info.Pass(), cert_verify_flags, config, + network_connection_.GetDescription(), dns_resolution_end_time, base::MessageLoop::current()->message_loop_proxy().get(), net_log.net_log()); diff --git a/chromium/net/quic/quic_stream_factory.h b/chromium/net/quic/quic_stream_factory.h index f3f7a71f335..f7400a3355b 100644 --- a/chromium/net/quic/quic_stream_factory.h +++ b/chromium/net/quic/quic_stream_factory.h @@ -55,9 +55,12 @@ class NET_EXPORT_PRIVATE QuicStreamRequest { ~QuicStreamRequest(); // For http, |is_https| is false. + // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is + // passed to CertVerifier::Verify. int Request(const HostPortPair& host_port_pair, bool is_https, PrivacyMode privacy_mode, + int cert_verify_flags, base::StringPiece method, const BoundNetLog& net_log, const CompletionCallback& callback); @@ -122,6 +125,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory int Create(const HostPortPair& host_port_pair, bool is_https, PrivacyMode privacy_mode, + int cert_verify_flags, base::StringPiece method, const BoundNetLog& net_log, QuicStreamRequest* request); @@ -231,6 +235,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // Creates a job which doesn't wait for server config to be loaded from the // disk cache. This job is started via a PostTask. void CreateAuxilaryJob(const QuicServerId server_id, + int cert_verify_flags, bool is_post, const BoundNetLog& net_log); @@ -245,6 +250,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool HasActiveSession(const QuicServerId& server_id) const; bool HasActiveJob(const QuicServerId& server_id) const; int CreateSession(const QuicServerId& server_id, + int cert_verify_flags, scoped_ptr<QuicServerInfo> quic_server_info, const AddressList& address_list, base::TimeTicks dns_resolution_end_time, diff --git a/chromium/net/quic/quic_stream_factory_test.cc b/chromium/net/quic/quic_stream_factory_test.cc index fc0717456f5..456a8da56d2 100644 --- a/chromium/net/quic/quic_stream_factory_test.cc +++ b/chromium/net/quic/quic_stream_factory_test.cc @@ -265,11 +265,8 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(destination, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(destination, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -345,11 +342,8 @@ TEST_P(QuicStreamFactoryTest, Create) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -363,13 +357,9 @@ TEST_P(QuicStreamFactoryTest, Create) { // TODO(rtenneti): We should probably have a tests that HTTP and HTTPS result // in streams on different sessions. QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); stream = request2.ReleaseStream(); // Will reset stream 5. stream.reset(); // Will reset stream 7. @@ -392,13 +382,9 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) { "192.168.0.1", ""); QuicStreamRequest request(&factory_); - EXPECT_EQ(OK, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); @@ -423,11 +409,8 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRttPost) { QuicStreamRequest request(&factory_); // Posts require handshake confirmation, so this will return asynchronously. EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "POST", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "POST", net_log_, callback_.callback())); // Confirm the handshake and verify that the stream is created. @@ -454,11 +437,8 @@ TEST_P(QuicStreamFactoryTest, CreateHttpVsHttps) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -467,11 +447,8 @@ TEST_P(QuicStreamFactoryTest, CreateHttpVsHttps) { QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - !is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, !is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); stream = request2.ReleaseStream(); @@ -505,25 +482,17 @@ TEST_P(QuicStreamFactoryTest, Pooling) { "mail.google.com", "192.168.0.1", ""); QuicStreamRequest request(&factory_); - EXPECT_EQ(OK, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -558,25 +527,17 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) { QuicStreamFactoryPeer::DisableConnectionPooling(&factory_); QuicStreamRequest request(&factory_); - EXPECT_EQ(OK, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -610,25 +571,17 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { "mail.google.com", "192.168.0.1", ""); QuicStreamRequest request(&factory_); - EXPECT_EQ(OK, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -641,13 +594,9 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { TestCompletionCallback callback3; QuicStreamRequest request3(&factory_); - EXPECT_EQ(OK, - request3.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback3.callback())); + EXPECT_EQ(OK, request3.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback3.callback())); scoped_ptr<QuicHttpStream> stream3 = request3.ReleaseStream(); EXPECT_TRUE(stream3.get()); @@ -690,25 +639,17 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -757,25 +698,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -823,25 +756,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithCertMismatch) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -891,25 +816,17 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -963,25 +880,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -1043,25 +952,17 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) { QuicStreamRequest request(&factory_); is_https_ = true; - EXPECT_EQ(OK, - request.Request(server1, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, - request2.Request(server2, - is_https_, - privacy_mode_, - "GET", - net_log_, - callback_.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); EXPECT_TRUE(stream2.get()); @@ -1089,11 +990,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1114,11 +1012,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) { // new session is created. QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream(); @@ -1162,11 +1057,8 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { // kDefaultMaxStreamsPerConnection / 2. for (size_t i = 0; i < kDefaultMaxStreamsPerConnection / 2; i++) { QuicStreamRequest request(&factory_); - int rv = request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + int rv = request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback()); if (i == 0) { EXPECT_EQ(ERR_IO_PENDING, rv); @@ -1182,13 +1074,9 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { } QuicStreamRequest request(&factory_); - EXPECT_EQ(OK, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, - CompletionCallback())); + EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + CompletionCallback())); scoped_ptr<QuicHttpStream> stream = request.ReleaseStream(); EXPECT_TRUE(stream); EXPECT_EQ(ERR_IO_PENDING, stream->InitializeStream( @@ -1214,11 +1102,8 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(ERR_NAME_NOT_RESOLVED, callback_.WaitForResult()); @@ -1236,11 +1121,8 @@ TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(ERR_ADDRESS_IN_USE, callback_.WaitForResult()); @@ -1258,11 +1140,8 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) { { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); } @@ -1325,11 +1204,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1349,11 +1225,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1388,11 +1261,8 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1413,11 +1283,8 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) { QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1452,11 +1319,8 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1477,11 +1341,8 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) { QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1516,11 +1377,8 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) { QuicStreamRequest request(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1541,11 +1399,8 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) { QuicStreamRequest request2(&factory_); EXPECT_EQ(ERR_IO_PENDING, - request2.Request(host_port_pair_, - is_https_, - privacy_mode_, - "GET", - net_log_, + request2.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -1655,8 +1510,9 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) { QuicStreamRequest request(&factory_); QuicServerId server_id(host_port_pair_, is_https_, privacy_mode_); EXPECT_EQ(ERR_IO_PENDING, - request.Request(host_port_pair_, is_https_, privacy_mode_, "GET", - net_log_, callback_.callback())); + request.Request(host_port_pair_, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); EXPECT_EQ(2u, QuicStreamFactoryPeer::GetNumberOfActiveJobs(&factory_, server_id)); @@ -1690,7 +1546,8 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) { QuicStreamRequest request(&factory_); EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, - "GET", net_log_, callback_.callback())); + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); // If we are waiting for disk cache, we would have posted a task. Verify that // the CancelWaitForDataReady task hasn't been posted. @@ -1740,7 +1597,8 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) { QuicStreamRequest request(&factory_); EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_, - "GET", net_log_, callback_.callback())); + /*cert_verify_flags=*/0, "GET", net_log_, + callback_.callback())); QuicClientSession* session = QuicStreamFactoryPeer::GetActiveSession( &factory_, host_port_pair_, is_https_); @@ -1776,8 +1634,9 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) { TestCompletionCallback callback2; QuicStreamRequest request2(&factory_); - EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, "GET", - net_log_, callback2.callback())); + EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback2.callback())); QuicClientSession* session2 = QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_); @@ -1809,8 +1668,9 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) { TestCompletionCallback callback3; QuicStreamRequest request3(&factory_); - EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_, "GET", - net_log_, callback3.callback())); + EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_, + /*cert_verify_flags=*/0, "GET", net_log_, + callback3.callback())); QuicClientSession* session3 = QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_); diff --git a/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc b/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc index ba06264af89..a1df6b9c750 100644 --- a/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc +++ b/chromium/net/quic/test_tools/crypto_test_utils_chromium.cc @@ -113,16 +113,15 @@ ProofSource* CryptoTestUtils::ProofSourceForTesting() { // static ProofVerifier* CryptoTestUtils::ProofVerifierForTesting() { - TestProofVerifierChromium* proof_verifier = - new TestProofVerifierChromium(CertVerifier::CreateDefault(), - new TransportSecurityState, - "quic_root.crt"); + TestProofVerifierChromium* proof_verifier = new TestProofVerifierChromium( + CertVerifier::CreateDefault(), new TransportSecurityState, + "quic_root.crt"); return proof_verifier; } // static ProofVerifyContext* CryptoTestUtils::ProofVerifyContextForTesting() { - return new ProofVerifyContextChromium(BoundNetLog()); + return new ProofVerifyContextChromium(/*cert_verify_flags=*/0, BoundNetLog()); } // static diff --git a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc index 335a2bdac76..0018e91eb9c 100644 --- a/chromium/net/quic/test_tools/mock_crypto_client_stream.cc +++ b/chromium/net/quic/test_tools/mock_crypto_client_stream.cc @@ -20,8 +20,7 @@ MockCryptoClientStream::MockCryptoClientStream( QuicCryptoClientConfig* crypto_config, HandshakeMode handshake_mode, const ProofVerifyDetails* proof_verify_details) - : QuicCryptoClientStream(server_id, session, verify_context, - crypto_config), + : QuicCryptoClientStream(server_id, session, verify_context, crypto_config), handshake_mode_(handshake_mode), proof_verify_details_(proof_verify_details) { } diff --git a/chromium/net/third_party/nss/README.chromium b/chromium/net/third_party/nss/README.chromium index 65a3e2a77aa..42239a0a919 100644 --- a/chromium/net/third_party/nss/README.chromium +++ b/chromium/net/third_party/nss/README.chromium @@ -1,6 +1,6 @@ Name: Network Security Services (NSS) URL: http://www.mozilla.org/projects/security/pki/nss/ -Version: 3.18 RTM +Version: 3.19 RTM Security Critical: Yes License: MPL 2 License File: NOT_SHIPPED @@ -11,7 +11,7 @@ This directory includes a copy of NSS's libssl from the hg repo at: The same module appears in crypto/third_party/nss (and third_party/nss on some platforms), so we don't repeat the license file here. -The snapshot was updated to the hg tag: NSS_3_18_RTM +The snapshot was updated to the hg tag: NSS_3_19_RTM Patches: diff --git a/chromium/net/third_party/nss/patches/aesgcmchromium.patch b/chromium/net/third_party/nss/patches/aesgcmchromium.patch index e735837ca61..6172a0928a4 100644 --- a/chromium/net/third_party/nss/patches/aesgcmchromium.patch +++ b/chromium/net/third_party/nss/patches/aesgcmchromium.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index da0abfb..375ed6a 100644 +index 1167d6d..dabe333 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -8,6 +8,7 @@ @@ -97,7 +97,7 @@ index da0abfb..375ed6a 100644 maxout, in, inlen); } *outlen += (int) uOutLen; -@@ -5147,6 +5208,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5162,6 +5223,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) ssl3_DisableNonDTLSSuites(ss); } @@ -108,7 +108,7 @@ index da0abfb..375ed6a 100644 /* how many suites are permitted by policy and user preference? */ num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); if (!num_suites) { -@@ -8159,6 +8224,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -8172,6 +8237,10 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ssl3_DisableNonDTLSSuites(ss); } diff --git a/chromium/net/third_party/nss/patches/cachecerts.patch b/chromium/net/third_party/nss/patches/cachecerts.patch index adb7e3e9510..18fcc242962 100644 --- a/chromium/net/third_party/nss/patches/cachecerts.patch +++ b/chromium/net/third_party/nss/patches/cachecerts.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 529eb42..ebaee61 100644 +index 163572c..60af5b0 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -43,6 +43,7 @@ @@ -10,7 +10,7 @@ index 529eb42..ebaee61 100644 static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec, PK11SlotInfo * serverKeySlot); static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms); -@@ -6534,6 +6535,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6549,6 +6550,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* copy the peer cert from the SID */ if (sid->peerCert != NULL) { ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); @@ -18,7 +18,7 @@ index 529eb42..ebaee61 100644 } /* NULL value for PMS signifies re-use of the old MS */ -@@ -8127,6 +8129,7 @@ compression_found: +@@ -8140,6 +8142,7 @@ compression_found: ss->sec.ci.sid = sid; if (sid->peerCert != NULL) { ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); @@ -26,7 +26,7 @@ index 529eb42..ebaee61 100644 } /* -@@ -9750,6 +9753,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) +@@ -9763,6 +9766,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss) ss->ssl3.peerCertChain = NULL; } @@ -71,7 +71,7 @@ index 529eb42..ebaee61 100644 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 CertificateStatus message. * Caller must hold Handshake and RecvBuf locks. -@@ -10028,6 +10069,7 @@ ssl3_AuthCertificate(sslSocket *ss) +@@ -10041,6 +10082,7 @@ ssl3_AuthCertificate(sslSocket *ss) } ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert); @@ -80,7 +80,7 @@ index 529eb42..ebaee61 100644 if (!ss->sec.isServer) { CERTCertificate *cert = ss->sec.peerCert; diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 858ae0c..88a7039 100644 +index 1b38a52..086f6d2 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -597,6 +597,8 @@ typedef enum { never_cached, diff --git a/chromium/net/third_party/nss/patches/cachelocks.patch b/chromium/net/third_party/nss/patches/cachelocks.patch index a019b6d8154..66a539b3476 100644 --- a/chromium/net/third_party/nss/patches/cachelocks.patch +++ b/chromium/net/third_party/nss/patches/cachelocks.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index adaa9a4..708a4c7 100644 +index 6819b03..6a4a443 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5733,7 +5733,6 @@ SSL3_ShutdownServerCache(void) +@@ -5748,7 +5748,6 @@ SSL3_ShutdownServerCache(void) } PZ_Unlock(symWrapKeysLock); @@ -10,7 +10,7 @@ index adaa9a4..708a4c7 100644 return SECSuccess; } -@@ -5785,7 +5784,7 @@ getWrappingKey( sslSocket * ss, +@@ -5800,7 +5799,7 @@ getWrappingKey( sslSocket * ss, pSymWrapKey = &symWrapKeys[symWrapMechIndex].symWrapKey[exchKeyType]; @@ -20,10 +20,10 @@ index adaa9a4..708a4c7 100644 PZ_Lock(symWrapKeysLock); diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 643570f..62f822a 100644 +index 88b2eba..c4c87b4 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1917,9 +1917,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void); +@@ -1924,9 +1924,7 @@ extern SECStatus ssl_InitSymWrapKeysLock(void); extern SECStatus ssl_FreeSymWrapKeysLock(void); diff --git a/chromium/net/third_party/nss/patches/chacha20poly1305.patch b/chromium/net/third_party/nss/patches/chacha20poly1305.patch index 2a4c56405c0..a9017f12504 100644 --- a/chromium/net/third_party/nss/patches/chacha20poly1305.patch +++ b/chromium/net/third_party/nss/patches/chacha20poly1305.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 375ed6a..adaa9a4 100644 +index dabe333..6819b03 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -41,6 +41,21 @@ @@ -135,10 +135,10 @@ index 375ed6a..adaa9a4 100644 } diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 003ed78..d5d6c9c 100644 +index 9b91270..31e0774 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -920,6 +920,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { +@@ -921,6 +921,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, @@ -146,7 +146,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -931,6 +932,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { +@@ -932,6 +933,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, @@ -154,7 +154,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0 /* end of list marker */ -@@ -943,6 +945,7 @@ static const ssl3CipherSuite ecSuites[] = { +@@ -944,6 +946,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, @@ -162,7 +162,7 @@ index 003ed78..d5d6c9c 100644 TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -@@ -950,6 +953,7 @@ static const ssl3CipherSuite ecSuites[] = { +@@ -951,6 +954,7 @@ static const ssl3CipherSuite ecSuites[] = { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, @@ -200,7 +200,7 @@ index 09ce43f..a036627 100644 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 88f559a..643570f 100644 +index ea71975..88b2eba 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -65,6 +65,7 @@ typedef SSLSignType SSL3SignType; diff --git a/chromium/net/third_party/nss/patches/channelid.patch b/chromium/net/third_party/nss/patches/channelid.patch index 9fc6012b84b..e2b985470cf 100644 --- a/chromium/net/third_party/nss/patches/channelid.patch +++ b/chromium/net/third_party/nss/patches/channelid.patch @@ -55,7 +55,7 @@ index 593dd00..716537d 100644 ** How long should we wait before retransmitting the next flight of ** the DTLS handshake? Returns SECFailure if not DTLS or not in a diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 1852806..45c3454 100644 +index 29e8f1c..c0e8e79 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -55,6 +55,7 @@ static SECStatus ssl3_SendCertificateStatus( sslSocket *ss); @@ -66,7 +66,7 @@ index 1852806..45c3454 100644 static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags); static SECStatus ssl3_SendServerHello( sslSocket *ss); static SECStatus ssl3_SendServerHelloDone( sslSocket *ss); -@@ -6281,6 +6282,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6296,6 +6297,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } #endif /* NSS_PLATFORM_CLIENT_AUTH */ @@ -82,7 +82,7 @@ index 1852806..45c3454 100644 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { goto loser; /* alert has been sent */ -@@ -6563,7 +6573,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6578,7 +6588,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto alert_loser; /* err code was set */ } @@ -91,10 +91,10 @@ index 1852806..45c3454 100644 } while (0); if (sid_match) -@@ -6589,6 +6599,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) - - ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; +@@ -6613,6 +6623,27 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + } else { + ss->ssl3.hs.ws = wait_cert_request; + } + +winner: + /* If we will need a ChannelID key then we make the callback now. This @@ -119,7 +119,7 @@ index 1852806..45c3454 100644 return SECSuccess; alert_loser: -@@ -7550,7 +7581,14 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7565,7 +7596,14 @@ ssl3_SendClientSecondRound(sslSocket *ss) if (rv != SECSuccess) { goto loser; /* err code was set. */ } @@ -134,7 +134,7 @@ index 1852806..45c3454 100644 if (ss->opt.enableFalseStart) { if (!ss->ssl3.hs.authCertificatePending) { /* When we fix bug 589047, we will need to know whether we are -@@ -7587,6 +7625,33 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7602,6 +7640,33 @@ ssl3_SendClientSecondRound(sslSocket *ss) ssl_ReleaseXmitBufLock(ss); /*******************************/ @@ -168,7 +168,7 @@ index 1852806..45c3454 100644 if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) ss->ssl3.hs.ws = wait_new_session_ticket; else -@@ -10582,6 +10647,184 @@ ssl3_RecordKeyLog(sslSocket *ss) +@@ -10590,6 +10655,184 @@ ssl3_RecordKeyLog(sslSocket *ss) } /* called from ssl3_SendClientSecondRound @@ -353,7 +353,7 @@ index 1852806..45c3454 100644 * ssl3_HandleClientHello * ssl3_HandleFinished */ -@@ -10841,11 +11084,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, +@@ -10849,11 +11092,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER; } @@ -374,7 +374,7 @@ index 1852806..45c3454 100644 } if (IS_DTLS(ss)) { -@@ -12325,6 +12573,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) +@@ -12333,6 +12581,11 @@ ssl3_DestroySSL3Info(sslSocket *ss) ssl_FreePlatformKey(ss->ssl3.platformClientKey); #endif /* NSS_PLATFORM_CLIENT_AUTH */ @@ -387,13 +387,13 @@ index 1852806..45c3454 100644 ssl3_CleanupPeerCerts(ss); diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 9345be8..b6ed17d 100644 +index 0a2288a..4d17587 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -68,6 +68,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); - static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +@@ -73,6 +73,10 @@ static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); + static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, + PRUint16 ex_type, SECItem *data); +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, @@ -401,23 +401,23 @@ index 9345be8..b6ed17d 100644 static PRInt32 ssl3_ServerSendStatusRequestXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, -@@ -264,6 +268,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { +@@ -269,6 +273,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { -1, NULL } }; -@@ -291,6 +296,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { +@@ -296,6 +301,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, + { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, -@@ -910,6 +916,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +@@ -930,6 +936,61 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } static SECStatus @@ -538,7 +538,7 @@ index 12dbb1d..24bf893 100644 } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index c6ac398..57346cb 100644 +index 2cf0b3a..e11860e 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -711,6 +711,14 @@ struct sslSessionIDStr { @@ -556,7 +556,7 @@ index c6ac398..57346cb 100644 /* This lock is lazily initialized by CacheSID when a sid is first * cached. Before then, there is no need to lock anything because * the sid isn't being shared by anything. -@@ -980,6 +988,9 @@ struct ssl3StateStr { +@@ -986,6 +994,9 @@ struct ssl3StateStr { CERTCertificateList *clientCertChain; /* used by client */ PRBool sendEmptyCert; /* used by client */ @@ -566,7 +566,7 @@ index c6ac398..57346cb 100644 int policy; /* This says what cipher suites we can do, and should * be either SSL_ALLOWED or SSL_RESTRICTED -@@ -1257,6 +1268,8 @@ const unsigned char * preferredCipher; +@@ -1264,6 +1275,8 @@ const unsigned char * preferredCipher; void *pkcs11PinArg; SSLNextProtoCallback nextProtoCallback; void *nextProtoArg; @@ -575,7 +575,7 @@ index c6ac398..57346cb 100644 PRIntervalTime rTimeout; /* timeout for NSPR I/O */ PRIntervalTime wTimeout; /* timeout for NSPR I/O */ -@@ -1603,6 +1616,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, +@@ -1610,6 +1623,11 @@ extern SECStatus ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, SECKEYPrivateKey * key, CERTCertificateList *certChain); @@ -649,7 +649,7 @@ index d44336e..5c6751a 100644 * this implementation exists to maintain link-time compatibility. */ diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index a939781..d3f3bf4 100644 +index 9431fe4..042f24f 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -288,6 +288,8 @@ ssl_DupSocket(sslSocket *os) diff --git a/chromium/net/third_party/nss/patches/cipherorder.patch b/chromium/net/third_party/nss/patches/cipherorder.patch index 894399096ce..2cbf2f79f19 100644 --- a/chromium/net/third_party/nss/patches/cipherorder.patch +++ b/chromium/net/third_party/nss/patches/cipherorder.patch @@ -17,10 +17,10 @@ index e9f5fb0..be6d88e 100644 * values. See RFC 5929. */ typedef enum SSLChannelBindingType { diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 3421e0b..c1f30a3 100644 +index 54c5b80..26b87c6 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -12623,6 +12623,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) +@@ -12631,6 +12631,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) return rv; } @@ -68,10 +68,10 @@ index 3421e0b..c1f30a3 100644 void ssl3_InitSocketPolicy(sslSocket *ss) diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 2f61a46..f796a14 100644 +index 0fd0a89..d12228e 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1747,6 +1747,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool +@@ -1754,6 +1754,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on); extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled); extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled); @@ -81,7 +81,7 @@ index 2f61a46..f796a14 100644 extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy); extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 80f4e67..13634c6 100644 +index 72058f5..09a0fb5 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1316,6 +1316,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled) diff --git a/chromium/net/third_party/nss/patches/clientauth.patch b/chromium/net/third_party/nss/patches/clientauth.patch index 18e3b88993a..83206b064e0 100644 --- a/chromium/net/third_party/nss/patches/clientauth.patch +++ b/chromium/net/third_party/nss/patches/clientauth.patch @@ -52,7 +52,7 @@ index 91a47a6..4e7d52e 100644 /* ** SNI extension processing callback function. diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index ebaee61..40ae885 100644 +index 60af5b0..b9014ef 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -2503,6 +2503,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) { @@ -65,7 +65,7 @@ index ebaee61..40ae885 100644 if (!sid || !sid->u.ssl3.clAuthValid) { return PR_TRUE; } -@@ -6163,25 +6166,36 @@ ssl3_SendCertificateVerify(sslSocket *ss) +@@ -6178,25 +6181,36 @@ ssl3_SendCertificateVerify(sslSocket *ss) isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); @@ -119,7 +119,7 @@ index ebaee61..40ae885 100644 if (rv != SECSuccess) { goto done; /* err code was set by ssl3_SignHashes */ } -@@ -6260,6 +6274,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6275,6 +6289,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); ss->ssl3.clientPrivateKey = NULL; } @@ -132,7 +132,7 @@ index ebaee61..40ae885 100644 temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length); if (temp < 0) { -@@ -6887,6 +6907,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, +@@ -6904,6 +6924,18 @@ ssl3_ExtractClientKeyInfo(sslSocket *ss, goto done; } @@ -151,7 +151,7 @@ index ebaee61..40ae885 100644 /* If the key is a 1024-bit RSA or DSA key, assume conservatively that * it may be unable to sign SHA-256 hashes. This is the case for older * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and -@@ -6985,6 +7017,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7002,6 +7034,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem cert_types = {siBuffer, NULL, 0}; SECItem algorithms = {siBuffer, NULL, 0}; CERTDistNames ca_list; @@ -162,7 +162,7 @@ index ebaee61..40ae885 100644 SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake", SSL_GETPID(), ss->fd)); -@@ -7001,6 +7037,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7017,6 +7053,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert(ss->ssl3.clientCertChain == NULL); PORT_Assert(ss->ssl3.clientCertificate == NULL); PORT_Assert(ss->ssl3.clientPrivateKey == NULL); @@ -170,7 +170,7 @@ index ebaee61..40ae885 100644 isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); -@@ -7080,6 +7117,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7096,6 +7133,18 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) desc = no_certificate; ss->ssl3.hs.ws = wait_hello_done; @@ -189,7 +189,7 @@ index ebaee61..40ae885 100644 if (ss->getClientAuthData != NULL) { /* XXX Should pass cert_types and algorithms in this call!! */ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, -@@ -7089,12 +7138,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7105,12 +7154,55 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } else { rv = SECFailure; /* force it to send a no_certificate alert */ } @@ -245,7 +245,7 @@ index ebaee61..40ae885 100644 /* check what the callback function returned */ if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) { /* we are missing either the key or cert */ -@@ -7156,6 +7248,10 @@ loser: +@@ -7172,6 +7264,10 @@ loser: done: if (arena != NULL) PORT_FreeArena(arena, PR_FALSE); @@ -256,7 +256,7 @@ index ebaee61..40ae885 100644 return rv; } -@@ -7273,7 +7369,8 @@ ssl3_SendClientSecondRound(sslSocket *ss) +@@ -7288,7 +7384,8 @@ ssl3_SendClientSecondRound(sslSocket *ss) sendClientCert = !ss->ssl3.sendEmptyCert && ss->ssl3.clientCertChain != NULL && @@ -266,7 +266,7 @@ index ebaee61..40ae885 100644 if (!sendClientCert && ss->ssl3.hs.hashType == handshake_hash_single && -@@ -12140,6 +12237,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) +@@ -12148,6 +12245,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) if (ss->ssl3.clientPrivateKey != NULL) SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey); @@ -278,10 +278,10 @@ index ebaee61..40ae885 100644 if (ss->ssl3.peerCertArena != NULL) ssl3_CleanupPeerCerts(ss); diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 3660866..9345be8 100644 +index 28d21c4..0a2288a 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -10,8 +10,8 @@ +@@ -11,8 +11,8 @@ #include "nssrenam.h" #include "nss.h" #include "ssl.h" @@ -325,7 +325,7 @@ index ed74d94..7f9c43b 100644 SECStatus SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg) diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 88a7039..cda1869 100644 +index 086f6d2..bbc9bd2 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -20,6 +20,7 @@ @@ -367,7 +367,7 @@ index 88a7039..cda1869 100644 /* -@@ -955,6 +973,10 @@ struct ssl3StateStr { +@@ -961,6 +979,10 @@ struct ssl3StateStr { CERTCertificate * clientCertificate; /* used by client */ SECKEYPrivateKey * clientPrivateKey; /* used by client */ @@ -378,7 +378,7 @@ index 88a7039..cda1869 100644 CERTCertificateList *clientCertChain; /* used by client */ PRBool sendEmptyCert; /* used by client */ -@@ -1216,6 +1238,10 @@ const unsigned char * preferredCipher; +@@ -1223,6 +1245,10 @@ const unsigned char * preferredCipher; void *authCertificateArg; SSLGetClientAuthData getClientAuthData; void *getClientAuthDataArg; @@ -389,7 +389,7 @@ index 88a7039..cda1869 100644 SSLSNISocketConfig sniSocketConfig; void *sniSocketConfigArg; SSLBadCertHandler handleBadCert; -@@ -1856,6 +1882,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); +@@ -1863,6 +1889,26 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit); extern SECStatus ssl_FreeSessionCacheLocks(void); @@ -417,7 +417,7 @@ index 88a7039..cda1869 100644 /**************** DTLS-specific functions **************/ extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 90bc457..fccc664 100644 +index 282bb85..6c09992 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -275,6 +275,10 @@ ssl_DupSocket(sslSocket *os) diff --git a/chromium/net/third_party/nss/patches/didhandshakeresume.patch b/chromium/net/third_party/nss/patches/didhandshakeresume.patch index f4b04be64c5..06f024ce2df 100644 --- a/chromium/net/third_party/nss/patches/didhandshakeresume.patch +++ b/chromium/net/third_party/nss/patches/didhandshakeresume.patch @@ -13,7 +13,7 @@ index 4e7d52e..34142fc 100644 ** How long should we wait before retransmitting the next flight of ** the DTLS handshake? Returns SECFailure if not DTLS or not in a diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index fccc664..688f399 100644 +index 6c09992..1a9c584 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1897,6 +1897,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc *fd) diff --git a/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch index db1464c118b..dbd6a15e414 100644 --- a/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch +++ b/chromium/net/third_party/nss/patches/getrequestedclientcerttypes.patch @@ -20,10 +20,10 @@ index 34142fc..e2d1b09 100644 #ifdef SSL_DEPRECATED_FUNCTION /* deprecated! diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 40ae885..cb59cc1 100644 +index b9014ef..800c28e 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -7045,6 +7045,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -7061,6 +7061,9 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) goto loser; /* malformed, alert has been sent */ @@ -33,7 +33,7 @@ index 40ae885..cb59cc1 100644 if (isTLS12) { rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &b, &length); if (rv != SECSuccess) -@@ -7246,6 +7249,7 @@ loser: +@@ -7262,6 +7265,7 @@ loser: PORT_SetError(errCode); rv = SECFailure; done: @@ -42,10 +42,10 @@ index 40ae885..cb59cc1 100644 PORT_FreeArena(arena, PR_FALSE); #ifdef NSS_PLATFORM_CLIENT_AUTH diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index cda1869..9f59f5a 100644 +index bbc9bd2..46e618a 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1231,6 +1231,10 @@ struct sslSocketStr { +@@ -1238,6 +1238,10 @@ struct sslSocketStr { unsigned int sizeCipherSpecs; const unsigned char * preferredCipher; @@ -57,7 +57,7 @@ index cda1869..9f59f5a 100644 /* Callbacks */ diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 688f399..a939781 100644 +index 1a9c584..9431fe4 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1911,6 +1911,20 @@ SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) { diff --git a/chromium/net/third_party/nss/patches/norenegotiatelock.patch b/chromium/net/third_party/nss/patches/norenegotiatelock.patch index 9ffde05e3d6..4d512e4f719 100644 --- a/chromium/net/third_party/nss/patches/norenegotiatelock.patch +++ b/chromium/net/third_party/nss/patches/norenegotiatelock.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 424c1fb..89c98ea 100644 +index f5afab7..a67a9d1 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5532,9 +5532,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) +@@ -5547,9 +5547,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) return SECFailure; } if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { diff --git a/chromium/net/third_party/nss/patches/nssrwlock.patch b/chromium/net/third_party/nss/patches/nssrwlock.patch index c5e2b57cb25..d56dbfbf757 100644 --- a/chromium/net/third_party/nss/patches/nssrwlock.patch +++ b/chromium/net/third_party/nss/patches/nssrwlock.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 17c368e..424c1fb 100644 +index 0ac85da..f5afab7 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -5246,7 +5246,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5261,7 +5261,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) * the lock across the calls to ssl3_CallHelloExtensionSenders. */ if (sid->u.ssl3.lock) { @@ -11,7 +11,7 @@ index 17c368e..424c1fb 100644 } if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) { -@@ -5255,7 +5255,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5270,7 +5270,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL); if (extLen < 0) { @@ -20,7 +20,7 @@ index 17c368e..424c1fb 100644 return SECFailure; } total_exten_len += extLen; -@@ -5282,7 +5282,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5297,7 +5297,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) /* how many suites are permitted by policy and user preference? */ num_suites = count_cipher_suites(ss, ss->ssl3.policy, PR_TRUE); if (!num_suites) { @@ -29,7 +29,7 @@ index 17c368e..424c1fb 100644 return SECFailure; /* count_cipher_suites has set error code. */ } -@@ -5327,7 +5327,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5342,7 +5342,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeHeader(ss, client_hello, length); if (rv != SECSuccess) { @@ -38,7 +38,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5346,21 +5346,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5361,21 +5361,21 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2); } if (rv != SECSuccess) { @@ -63,7 +63,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5370,7 +5370,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5385,7 +5385,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) else rv = ssl3_AppendHandshakeNumber(ss, 0, 1); if (rv != SECSuccess) { @@ -72,7 +72,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5378,14 +5378,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5393,14 +5393,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeVariable( ss, ss->ssl3.hs.cookie, ss->ssl3.hs.cookieLen, 1); if (rv != SECSuccess) { @@ -89,7 +89,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } -@@ -5394,7 +5394,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5409,7 +5409,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -98,7 +98,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } actual_count++; -@@ -5403,7 +5403,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5418,7 +5418,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -107,7 +107,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } actual_count++; -@@ -5413,7 +5413,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5428,7 +5428,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { actual_count++; if (actual_count > num_suites) { @@ -116,7 +116,7 @@ index 17c368e..424c1fb 100644 /* set error card removal/insertion error */ PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL); return SECFailure; -@@ -5421,7 +5421,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5436,7 +5436,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite, sizeof(ssl3CipherSuite)); if (rv != SECSuccess) { @@ -125,7 +125,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } } -@@ -5432,14 +5432,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5447,14 +5447,14 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) * the server.. */ if (actual_count != num_suites) { /* Card removal/insertion error */ @@ -142,7 +142,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } for (i = 0; i < compressionMethodsCount; i++) { -@@ -5447,7 +5447,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5462,7 +5462,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) continue; rv = ssl3_AppendHandshakeNumber(ss, compressions[i], 1); if (rv != SECSuccess) { @@ -151,7 +151,7 @@ index 17c368e..424c1fb 100644 return rv; /* err set by ssl3_AppendHandshake* */ } } -@@ -5458,20 +5458,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5473,20 +5473,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2); if (rv != SECSuccess) { @@ -175,7 +175,7 @@ index 17c368e..424c1fb 100644 return SECFailure; } maxBytes -= extLen; -@@ -5480,7 +5480,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) +@@ -5495,7 +5495,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } if (sid->u.ssl3.lock) { @@ -185,7 +185,7 @@ index 17c368e..424c1fb 100644 if (ss->xtnData.sentSessionTicketInClientHello) { diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index f796a14..a809616 100644 +index d12228e..efcbf9f 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -731,7 +731,7 @@ struct sslSessionIDStr { diff --git a/chromium/net/third_party/nss/patches/reorderextensions.patch b/chromium/net/third_party/nss/patches/reorderextensions.patch index 7bbf559ee37..66e9a67aba8 100644 --- a/chromium/net/third_party/nss/patches/reorderextensions.patch +++ b/chromium/net/third_party/nss/patches/reorderextensions.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index 6c120ff..697a313 100644 +index c18d6f6..9214a2e 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -308,6 +308,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { +@@ -313,6 +313,10 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }, @@ -13,7 +13,7 @@ index 6c120ff..697a313 100644 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, /* any extra entries will appear as { 0, NULL } */ -@@ -2464,9 +2468,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) +@@ -2507,9 +2511,11 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) } extensionLength = 512 - recordLength; diff --git a/chromium/net/third_party/nss/patches/restartclientauth.patch b/chromium/net/third_party/nss/patches/restartclientauth.patch index c977ad6b506..d4ca3f7534e 100644 --- a/chromium/net/third_party/nss/patches/restartclientauth.patch +++ b/chromium/net/third_party/nss/patches/restartclientauth.patch @@ -15,10 +15,10 @@ index e2d1b09..593dd00 100644 ** Query security status of socket. *on is set to one if security is ** enabled. *keySize will contain the stream key size used. *issuer will diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index cb59cc1..1852806 100644 +index 800c28e..29e8f1c 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -7259,6 +7259,85 @@ done: +@@ -7275,6 +7275,85 @@ done: return rv; } @@ -105,10 +105,10 @@ index cb59cc1..1852806 100644 ssl3_CheckFalseStart(sslSocket *ss) { diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 9f59f5a..c6ac398 100644 +index 46e618a..2cf0b3a 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1592,16 +1592,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, +@@ -1599,16 +1599,17 @@ extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, /* These functions are called from secnav, even though they're "private". */ extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error); diff --git a/chromium/net/third_party/nss/patches/secitemarray.patch b/chromium/net/third_party/nss/patches/secitemarray.patch index 159d32bf1a7..136f3e44563 100644 --- a/chromium/net/third_party/nss/patches/secitemarray.patch +++ b/chromium/net/third_party/nss/patches/secitemarray.patch @@ -1,8 +1,8 @@ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 2d21e90..88f559a 100644 +index 0ece0ed..ea71975 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1366,6 +1366,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache; +@@ -1373,6 +1373,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache; SEC_BEGIN_PROTOS diff --git a/chromium/net/third_party/nss/patches/sessioncache.patch b/chromium/net/third_party/nss/patches/sessioncache.patch index 98a1e106787..e8180e1ecc3 100644 --- a/chromium/net/third_party/nss/patches/sessioncache.patch +++ b/chromium/net/third_party/nss/patches/sessioncache.patch @@ -22,10 +22,10 @@ index be6d88e..57771cd 100644 */ SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd); diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index c1f30a3..17c368e 100644 +index 26b87c6..0ac85da 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -11367,7 +11367,7 @@ ssl3_FinishHandshake(sslSocket * ss) +@@ -11375,7 +11375,7 @@ ssl3_FinishHandshake(sslSocket * ss) ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE; } diff --git a/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch b/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch index ce9efee0942..a0c5d2c21a9 100644 --- a/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch +++ b/chromium/net/third_party/nss/patches/signedcertificatetimestamps.patch @@ -37,10 +37,10 @@ index 80717db..e9f5fb0 100644 * in the fd's data, which may be sent as part of a server side cert_status * handshake message. Parameter |responses| is for the server certificate of diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 708a4c7..3421e0b 100644 +index 6a4a443..54c5b80 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -6737,10 +6737,22 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) +@@ -6752,6 +6752,14 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.sessionIDLength = sidBytes.len; PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); @@ -53,7 +53,10 @@ index 708a4c7..3421e0b 100644 + } + ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., +@@ -6765,6 +6773,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) + } winner: + /* Clean up the temporary pointer to the handshake buffer. */ @@ -63,7 +66,7 @@ index 708a4c7..3421e0b 100644 /* If we will need a ChannelID key then we make the callback now. This * allows the handshake to be restarted cleanly if the callback returns * SECWouldBlock. */ -@@ -6766,6 +6778,9 @@ alert_loser: +@@ -6790,6 +6802,9 @@ alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: @@ -74,10 +77,10 @@ index 708a4c7..3421e0b 100644 return SECFailure; } diff --git a/ssl/ssl3ext.c b/ssl/ssl3ext.c -index b6ed17d..6c120ff 100644 +index 4d17587..c18d6f6 100644 --- a/ssl/ssl3ext.c +++ b/ssl/ssl3ext.c -@@ -85,6 +85,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, +@@ -90,6 +90,12 @@ static PRInt32 ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleSigAlgsXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); @@ -90,8 +93,8 @@ index b6ed17d..6c120ff 100644 static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -@@ -270,6 +276,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, +@@ -275,6 +281,8 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, + { ssl_signed_certificate_timestamp_xtn, @@ -99,8 +102,8 @@ index b6ed17d..6c120ff 100644 { -1, NULL } }; -@@ -298,6 +306,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, +@@ -303,6 +311,8 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, + { ssl_signed_certificate_timestamp_xtn, @@ -108,10 +111,11 @@ index b6ed17d..6c120ff 100644 { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, /* any extra entries will appear as { 0, NULL } */ -@@ -2582,3 +2592,64 @@ loser: +@@ -2616,3 +2626,65 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, + return SECSuccess; } - ++ +/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp + * extension for TLS ClientHellos. */ +static PRInt32 @@ -174,7 +178,7 @@ index b6ed17d..6c120ff 100644 + return SECSuccess; +} diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 62f822a..2f61a46 100644 +index c4c87b4..0fd0a89 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h @@ -339,6 +339,7 @@ typedef struct sslOptionsStr { @@ -197,7 +201,7 @@ index 62f822a..2f61a46 100644 /* This lock is lazily initialized by CacheSID when a sid is first * cached. Before then, there is no need to lock anything because * the sid isn't being shared by anything. -@@ -829,6 +835,18 @@ struct TLSExtensionDataStr { +@@ -835,6 +841,18 @@ struct TLSExtensionDataStr { * is beyond ssl3_HandleClientHello function. */ SECItem *sniNameArr; PRUint32 sniNameArrSize; @@ -231,7 +235,7 @@ index c45849d..cefdda6 100644 if (sid->u.ssl3.lock) { PR_DestroyRWLock(sid->u.ssl3.lock); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 0d12273..80f4e67 100644 +index 6a6c8d1..72058f5 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -89,7 +89,8 @@ static sslOptions ssl_defaults = { diff --git a/chromium/net/third_party/nss/patches/suitebonly.patch b/chromium/net/third_party/nss/patches/suitebonly.patch index 9776d7d4854..24df8145093 100644 --- a/chromium/net/third_party/nss/patches/suitebonly.patch +++ b/chromium/net/third_party/nss/patches/suitebonly.patch @@ -1,8 +1,8 @@ diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 555c89d..0f805ec 100644 +index aca2b74..dac7a9e 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -1089,6 +1089,7 @@ static const PRUint8 ecPtFmt[6] = { +@@ -1090,6 +1090,7 @@ static const PRUint8 ecPtFmt[6] = { static PRBool ssl3_SuiteBOnly(sslSocket *ss) { @@ -10,7 +10,7 @@ index 555c89d..0f805ec 100644 /* See if we can support small curves (like 163). If not, assume we can * only support Suite-B curves (P-256, P-384, P-521). */ PK11SlotInfo *slot = -@@ -1102,6 +1103,9 @@ ssl3_SuiteBOnly(sslSocket *ss) +@@ -1103,6 +1104,9 @@ ssl3_SuiteBOnly(sslSocket *ss) /* we can, presume we can do all curves */ PK11_FreeSlot(slot); return PR_FALSE; diff --git a/chromium/net/third_party/nss/patches/tls12chromium.patch b/chromium/net/third_party/nss/patches/tls12chromium.patch index 81d1c5284b6..14e8bd317ee 100644 --- a/chromium/net/third_party/nss/patches/tls12chromium.patch +++ b/chromium/net/third_party/nss/patches/tls12chromium.patch @@ -1,5 +1,5 @@ diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 67c8f6d..da0abfb 100644 +index 7c06815..1167d6d 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c @@ -31,6 +31,15 @@ @@ -19,10 +19,10 @@ index 67c8f6d..da0abfb 100644 #ifdef NSS_ENABLE_ZLIB #include "zlib.h" diff --git a/ssl/ssl3ecc.c b/ssl/ssl3ecc.c -index 0f805ec..003ed78 100644 +index dac7a9e..9b91270 100644 --- a/ssl/ssl3ecc.c +++ b/ssl/ssl3ecc.c -@@ -30,6 +30,12 @@ +@@ -31,6 +31,12 @@ #include <stdio.h> @@ -36,7 +36,7 @@ index 0f805ec..003ed78 100644 #ifndef PK11_SETATTRS diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index 47906e0..0d12273 100644 +index 14ff328..6a6c8d1 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -17,8 +17,15 @@ diff --git a/chromium/net/third_party/nss/patches/tlsunique.patch b/chromium/net/third_party/nss/patches/tlsunique.patch index ad4f09f332e..f2b2c50c05a 100644 --- a/chromium/net/third_party/nss/patches/tlsunique.patch +++ b/chromium/net/third_party/nss/patches/tlsunique.patch @@ -31,10 +31,10 @@ index 716537d..80717db 100644 ** ** This API should be used to control SSL 3.0 & TLS support instead of the diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c -index 45c3454..67c8f6d 100644 +index c0e8e79..7c06815 100644 --- a/ssl/ssl3con.c +++ b/ssl/ssl3con.c -@@ -12471,6 +12471,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) +@@ -12479,6 +12479,68 @@ ssl3_InitSocketPolicy(sslSocket *ss) PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); } @@ -104,10 +104,10 @@ index 45c3454..67c8f6d 100644 * the caller of this function. */ diff --git a/ssl/sslimpl.h b/ssl/sslimpl.h -index 57346cb..2d21e90 100644 +index e11860e..0ece0ed 100644 --- a/ssl/sslimpl.h +++ b/ssl/sslimpl.h -@@ -1857,6 +1857,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, +@@ -1864,6 +1864,11 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length); @@ -120,7 +120,7 @@ index 57346cb..2d21e90 100644 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd); extern void ssl_FreePRSocket(PRFileDesc *fd); diff --git a/ssl/sslsock.c b/ssl/sslsock.c -index d3f3bf4..47906e0 100644 +index 042f24f..14ff328 100644 --- a/ssl/sslsock.c +++ b/ssl/sslsock.c @@ -1345,6 +1345,27 @@ NSS_SetFrancePolicy(void) diff --git a/chromium/net/third_party/nss/ssl/ssl3con.c b/chromium/net/third_party/nss/ssl/ssl3con.c index 89c98eace87..a67a9d1ccdc 100644 --- a/chromium/net/third_party/nss/ssl/ssl3con.c +++ b/chromium/net/third_party/nss/ssl/ssl3con.c @@ -317,30 +317,30 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; -static const ssl3KEADef kea_defs[] = +static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */ - /* kea exchKeyType signKeyType is_limited limit tls_keygen */ - {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE}, - {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, + /* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */ + {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_TRUE}, + {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE, PR_FALSE}, #ifndef NSS_DISABLE_ECC - {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, + {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, #endif /* NSS_DISABLE_ECC */ }; @@ -2930,6 +2930,12 @@ ssl3_SendRecord( sslSocket * ss, PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); + if (ss->ssl3.fatalAlertSent) { + SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent", + SSL_GETPID(), ss->fd)); + return SECFailure; + } + capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0); if (capRecordVersion) { @@ -3375,6 +3381,9 @@ SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc) ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0); rv = (sent >= 0) ? SECSuccess : (SECStatus)sent; } + if (level == alert_fatal) { + ss->ssl3.fatalAlertSent = PR_TRUE; + } ssl_ReleaseXmitBufLock(ss); ssl_ReleaseSSL3HandshakeLock(ss); return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */ @@ -5120,23 +5129,17 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } - /* TLS 1.0 (RFC 2246) Appendix E says: - * Whenever a client already knows the highest protocol known to - * a server (for example, when resuming a session), it should - * initiate the connection in that native protocol. - * So we pass sid->version to ssl3_NegotiateVersion() here, except - * when renegotiating. - * - * Windows SChannel compares the client_version inside the RSA - * EncryptedPreMasterSecret of a renegotiation with the - * client_version of the initial ClientHello rather than the - * ClientHello in the renegotiation. To work around this bug, we - * continue to use the client_version used in the initial - * ClientHello when renegotiating. - */ if (sidOK) { + /* Set ss->version based on the session cache */ if (ss->firstHsDone) { /* + * Windows SChannel compares the client_version inside the RSA + * EncryptedPreMasterSecret of a renegotiation with the + * client_version of the initial ClientHello rather than the + * ClientHello in the renegotiation. To work around this bug, we + * continue to use the client_version used in the initial + * ClientHello when renegotiating. + * * The client_version of the initial ClientHello is still * available in ss->clientHelloVersion. Ensure that * sid->version is bounded within @@ -5150,10 +5153,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) sidOK = PR_FALSE; } } else { - if (ssl3_NegotiateVersion(ss, sid->version, - PR_FALSE) != SECSuccess) { + /* + * Check sid->version is OK first. + * Previously, we would cap the version based on sid->version, + * but that prevents negotiation of a higher version if the + * previous session was reduced (e.g., with version fallback) + */ + if (sid->version < ss->vrange.min || + sid->version > ss->vrange.max) { sidOK = PR_FALSE; - } + } else { + rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, + PR_TRUE); + if (rv != SECSuccess) { + return rv; /* error code was set */ + } + } } } @@ -6744,7 +6759,16 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., + * DH_anon_* suites) require a certificate, so use that signal. */ + ss->ssl3.hs.ws = wait_server_cert; + } else if (ss->ssl3.hs.kea_def->ephemeral) { + /* Only ephemeral cipher suites use ServerKeyExchange. */ + ss->ssl3.hs.ws = wait_server_key; + } else { + ss->ssl3.hs.ws = wait_cert_request; + } winner: /* Clean up the temporary pointer to the handshake buffer. */ @@ -6831,16 +6855,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_server_key && - ss->ssl3.hs.ws != wait_server_cert) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; - } - if (ss->sec.peerCert == NULL) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_server_key) { + errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; + desc = unexpected_message; + goto alert_loser; } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); @@ -7067,7 +7085,6 @@ no_memory: /* no-memory error has already been set. */ return SECFailure; } - /* * Returns the TLS signature algorithm for the client authentication key and * whether it is an RSA or DSA key that may be able to sign only SHA-1 hashes. @@ -7211,11 +7228,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_cert_request && - ss->ssl3.hs.ws != wait_server_key) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_cert_request) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; + goto alert_loser; } PORT_Assert(ss->ssl3.clientCertChain == NULL); @@ -7607,9 +7623,8 @@ ssl3_HandleServerHelloDone(sslSocket *ss) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + /* Skipping CertificateRequest is always permitted. */ if (ws != wait_hello_done && - ws != wait_server_cert && - ws != wait_server_key && ws != wait_cert_request) { SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); @@ -7980,14 +7995,11 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifndef NSS_DISABLE_ECC - } else if ((kea_def->kea == kea_ecdhe_rsa) || - (kea_def->kea == kea_ecdhe_ecdsa)) { - rv = ssl3_SendServerKeyExchange(ss); - if (rv != SECSuccess) { - return rv; /* err code was set. */ - } -#endif /* NSS_DISABLE_ECC */ + } else if (kea_def->ephemeral) { + rv = ssl3_SendServerKeyExchange(ss); + if (rv != SECSuccess) { + return rv; /* err code was set. */ + } } if (ss->opt.requestCertificate) { @@ -8039,6 +8051,21 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->ssl3.initialized ); + if (!ss->sec.isServer || + (ss->ssl3.hs.ws != wait_client_hello && + ss->ssl3.hs.ws != idle_handshake)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; + goto alert_loser; + } + if (ss->ssl3.hs.ws == idle_handshake && + ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { + desc = no_renegotiation; + level = alert_warning; + errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; + goto alert_loser; + } + /* Get peer name of client */ rv = ssl_GetPeerInfo(ss); if (rv != SECSuccess) { @@ -8065,20 +8092,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); ss->statelessResume = PR_FALSE; - if ((ss->ssl3.hs.ws != wait_client_hello) && - (ss->ssl3.hs.ws != idle_handshake)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; - goto alert_loser; - } - if (ss->ssl3.hs.ws == idle_handshake && - ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - desc = no_renegotiation; - level = alert_warning; - errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; - goto alert_loser; - } - if (IS_DTLS(ss)) { dtls_RehandshakeCleanup(ss); } @@ -9449,7 +9462,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - if (ss->ssl3.hs.ws != wait_cert_verify || ss->sec.peerCert == NULL) { + if (ss->ssl3.hs.ws != wait_cert_verify) { desc = unexpected_message; errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY; goto alert_loser; @@ -10273,11 +10286,11 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if ((ss->ssl3.hs.ws != wait_server_cert) && - (ss->ssl3.hs.ws != wait_client_cert)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; - goto alert_loser; + if ((isServer && ss->ssl3.hs.ws != wait_client_cert) || + (!isServer && ss->ssl3.hs.ws != wait_server_cert)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; + goto alert_loser; } if (ss->sec.peerCert != NULL) { @@ -10517,16 +10530,11 @@ ssl3_AuthCertificate(sslSocket *ss) pubKey = NULL; } - ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ - if (ss->ssl3.hs.kea_def->is_limited || - /* XXX OR server cert is signing only. */ -#ifndef NSS_DISABLE_ECC - ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || - ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_DISABLE_ECC */ - ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { - ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ - } + if (ss->ssl3.hs.kea_def->ephemeral) { + ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */ + } else { + ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ + } } else { ss->ssl3.hs.ws = wait_client_key; } diff --git a/chromium/net/third_party/nss/ssl/ssl3ecc.c b/chromium/net/third_party/nss/ssl/ssl3ecc.c index d5d6c9c6bc6..31e07744bb9 100644 --- a/chromium/net/third_party/nss/ssl/ssl3ecc.c +++ b/chromium/net/third_party/nss/ssl/ssl3ecc.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -1198,8 +1199,7 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, if (data->len < 2 || data->len > 255 || !data->data || data->len != (unsigned int)data->data[0] + 1) { - /* malformed */ - goto loser; + return ssl3_DecodeError(ss); } for (i = data->len; --i > 0; ) { if (data->data[i] == 0) { @@ -1210,10 +1210,10 @@ ssl3_HandleSupportedPointFormatsXtn(sslSocket *ss, PRUint16 ex_type, return rv; } } -loser: + /* evil client doesn't support uncompressed */ ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } @@ -1234,7 +1234,7 @@ ECName ssl3_GetSvrCertCurveName(sslSocket *ss) return ec_curve; } -/* Ensure that the curve in our server cert is one of the ones suppored +/* Ensure that the curve in our server cert is one of the ones supported * by the remote client, and disable all ECC cipher suites if not. */ SECStatus @@ -1245,26 +1245,34 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) PRUint32 mutualCurves = 0; PRUint16 svrCertCurveName; - if (!data->data || data->len < 4 || data->len > 65535) - goto loser; + if (!data->data || data->len < 4) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + /* get the length of elliptic_curve_list */ list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (list_len < 0 || data->len != list_len || (data->len % 2) != 0) { - /* malformed */ - goto loser; + (void)ssl3_DecodeError(ss); + return SECFailure; } /* build bit vector of peer's supported curve names */ while (data->len) { - PRInt32 curve_name = - ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + PRInt32 curve_name = + ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + if (curve_name < 0) { + return SECFailure; /* fatal alert already sent */ + } if (curve_name > ec_noName && curve_name < ec_pastLastName) { peerCurves |= (1U << curve_name); } } /* What curves do we support in common? */ mutualCurves = ss->ssl3.hs.negotiatedECCurves &= peerCurves; - if (!mutualCurves) { /* no mutually supported EC Curves */ - goto loser; + if (!mutualCurves) { + /* no mutually supported EC Curves, disable ECC */ + ssl3_DisableECCSuites(ss, ecSuites); + return SECSuccess; } /* if our ECC cert doesn't use one of these supported curves, @@ -1280,12 +1288,7 @@ ssl3_HandleSupportedCurvesXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) */ ssl3_DisableECCSuites(ss, ecdh_ecdsa_suites); ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites); - return SECFailure; - -loser: - /* no common curve supported */ - ssl3_DisableECCSuites(ss, ecSuites); - return SECFailure; + return SECSuccess; } #endif /* NSS_DISABLE_ECC */ diff --git a/chromium/net/third_party/nss/ssl/ssl3ext.c b/chromium/net/third_party/nss/ssl/ssl3ext.c index 697a313fac8..9214a2e6b3b 100644 --- a/chromium/net/third_party/nss/ssl/ssl3ext.c +++ b/chromium/net/third_party/nss/ssl/ssl3ext.c @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * SSL3 Protocol * @@ -64,10 +65,14 @@ static PRInt32 ssl3_ClientSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static PRInt32 ssl3_ServerSendAppProtoXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); -static PRInt32 ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); -static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data); +static PRInt32 ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static PRInt32 ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, + PRUint32 maxBytes); +static SECStatus ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); +static SECStatus ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, + SECItem *data); static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append, @@ -257,7 +262,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, @@ -273,7 +278,7 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientHandleChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, @@ -303,7 +308,7 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn }, { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn }, { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, - { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }, + { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_channel_id_xtn, &ssl3_ClientSendChannelIDXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signed_certificate_timestamp_xtn, @@ -418,13 +423,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) PRInt32 listLenBytes = 0; if (!ss->sec.isServer) { - /* Verify extension_data is empty. */ - if (data->data || data->len || - !ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { - /* malformed or was not initiated by the client.*/ - return SECFailure; - } - return SECSuccess; + return SECSuccess; /* ignore extension */ } /* Server side - consume client data and register server sender. */ @@ -434,33 +433,38 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* length of server_name_list */ listLenBytes = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (listLenBytes == 0 || listLenBytes != data->len) { + if (listLenBytes < 0 || listLenBytes != data->len) { + (void)ssl3_DecodeError(ss); return SECFailure; } + if (listLenBytes == 0) { + return SECSuccess; /* ignore an empty extension */ + } ldata = *data; /* Calculate the size of the array.*/ while (listLenBytes > 0) { SECItem litem; SECStatus rv; - PRInt32 type; - /* Name Type (sni_host_name) */ + PRInt32 type; + /* Skip Name Type (sni_host_name); checks are on the second pass */ type = ssl3_ConsumeHandshakeNumber(ss, 1, &ldata.data, &ldata.len); - if (!ldata.len) { + if (type < 0) { /* i.e., SECFailure cast to PRint32 */ return SECFailure; } rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 2, &ldata.data, &ldata.len); if (rv != SECSuccess) { - return SECFailure; + return rv; } - /* Adjust total length for cunsumed item, item len and type.*/ + /* Adjust total length for consumed item, item len and type.*/ listLenBytes -= litem.len + 3; if (listLenBytes > 0 && !ldata.len) { + (void)ssl3_DecodeError(ss); return SECFailure; } listCount += 1; } if (!listCount) { - return SECFailure; + return SECFailure; /* nothing we can act on */ } names = PORT_ZNewArray(SECItem, listCount); if (!names) { @@ -475,6 +479,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) type = ssl3_ConsumeHandshakeNumber(ss, 1, &data->data, &data->len); /* Check if we have such type in the list */ for (j = 0;j < listCount && names[j].data;j++) { + /* TODO bug 998524: .type is not assigned a value */ if (names[j].type == type) { nametypePresent = PR_TRUE; break; @@ -484,7 +489,10 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &names[namesPos], 2, &data->data, &data->len); if (rv != SECSuccess) { - goto loser; + PORT_Assert(0); + PORT_Free(names); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return rv; } if (nametypePresent == PR_FALSE) { namesPos += 1; @@ -499,10 +507,6 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn; return SECSuccess; - -loser: - PORT_Free(names); - return SECFailure; } /* Called by both clients and servers. @@ -623,17 +627,11 @@ ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length) * store protocol identifiers in null-terminated strings. */ if (newOffset > length || data[offset] == 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } offset = newOffset; } - if (offset > length) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); - return SECFailure; - } - return SECSuccess; } @@ -646,34 +644,41 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) SECItem result = { siBuffer, resultBuffer, 0 }; rv = ssl3_ValidateNextProtoNego(data->data, data->len); - if (rv != SECSuccess) + if (rv != SECSuccess) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return rv; + } PORT_Assert(ss->nextProtoCallback); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, - result.data, &result.len, sizeof resultBuffer); - if (rv != SECSuccess) - return rv; + result.data, &result.len, sizeof(resultBuffer)); + if (rv != SECSuccess) { + /* Expect callback to call PORT_SetError() */ + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return SECFailure; + } + /* If the callback wrote more than allowed to |result| it has corrupted our * stack. */ - if (result.len > sizeof resultBuffer) { + if (result.len > sizeof(resultBuffer)) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); + /* TODO: crash */ return SECFailure; } + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + if (ex_type == ssl_app_layer_protocol_xtn && ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { - /* The callback might say OK, but then it's picked a default. - * That's OK for NPN, but not ALPN. */ - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); + /* The callback might say OK, but then it picks a default value - one + * that was not listed. That's OK for NPN, but not ALPN. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); return SECFailure; } ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - - SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } @@ -689,17 +694,16 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } - /* unlike NPN, ALPN has extra redundant length information so that - * the extension is the same in both ClientHello and ServerHello */ + /* Unlike NPN, ALPN has extra redundant length information so that + * the extension is the same in both ClientHello and ServerHello. */ count = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); - if (count < 0) { - return SECFailure; /* fatal alert was sent */ - } if (count != data->len) { - return ssl3_DecodeError(ss); + (void)ssl3_DecodeError(ss); + return SECFailure; } if (!ss->nextProtoCallback) { @@ -714,8 +718,13 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* prepare to send back a response, if we negotiated */ if (ss->ssl3.nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) { - return ssl3_RegisterServerHelloExtensionSender( + rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + return rv; + } } return SECSuccess; } @@ -733,7 +742,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_SetError(SSL_ERROR_BAD_SERVER); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; } @@ -742,7 +752,9 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * that an application erroneously cleared the callback between the time * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { + PORT_Assert(0); PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } @@ -752,8 +764,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, static SECStatus ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) { - const unsigned char* d = data->data; - PRUint16 name_list_len; + SECStatus rv; + PRInt32 list_len; SECItem protocol_name; if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) { @@ -763,22 +775,30 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) /* The extension data from the server has the following format: * uint16 name_list_len; - * uint8 len; + * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - name_list_len = ((PRUint16) d[0]) << 8 | - ((PRUint16) d[1]); - if (name_list_len != data->len - 2 || d[2] != data->len - 3) { + list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); + /* The list has to be the entire extension. */ + if (list_len != data->len) { PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } - protocol_name.data = data->data + 3; - protocol_name.len = data->len - 3; + rv = ssl3_ConsumeHandshakeVariable(ss, &protocol_name, 1, + &data->data, &data->len); + /* The list must have exactly one value. */ + if (rv != SECSuccess || data->len != 0) { + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + return SECFailure; + } SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); ss->ssl3.nextProtoState = SSL_NEXT_PROTO_SELECTED; @@ -1461,8 +1481,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, SSL3Statistics *ssl3stats; /* Ignore the SessionTicket extension if processing is disabled. */ - if (!ss->opt.enableSessionTickets) + if (!ss->opt.enableSessionTickets) { return SECSuccess; + } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; @@ -1520,8 +1541,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, extension_data.len = data->len; if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) - != SECSuccess) - return SECFailure; + != SECSuccess) { + return SECSuccess; /* Pretend it isn't there */ + } /* Get session ticket keys. */ #ifndef NO_PKCS11_BYPASS @@ -1949,18 +1971,22 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) /* get the data for this extension, so we can pass it or skip it. */ rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length); if (rv != SECSuccess) - return rv; + return rv; /* alert already sent */ /* Check whether the server sent an extension which was not advertised * in the ClientHello. */ if (!ss->sec.isServer && - !ssl3_ClientExtensionAdvertised(ss, extension_type)) - return SECFailure; /* TODO: send unsupported_extension alert */ + !ssl3_ClientExtensionAdvertised(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension); + return SECFailure; + } /* Check whether an extension has been sent multiple times. */ - if (ssl3_ExtensionNegotiated(ss, extension_type)) + if (ssl3_ExtensionNegotiated(ss, extension_type)) { + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); return SECFailure; + } /* find extension_type in table of Hello Extension Handlers */ for (handler = handlers; handler->ex_type >= 0; handler++) { @@ -1968,9 +1994,13 @@ ssl3_HandleHelloExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length) if (handler->ex_type == extension_type) { rv = (*handler->ex_handler)(ss, (PRUint16)extension_type, &extension_data); - /* Ignore this result */ - /* Treat all bad extensions as unrecognized types. */ - break; + if (rv != SECSuccess) { + if (!ss->ssl3.fatalAlertSent) { + /* send a generic alert if the handler didn't already */ + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + } + return SECFailure; + } } } } @@ -2102,13 +2132,14 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes : ss->ssl3.hs.finishedBytes * 2; } - if (data->len != 1 + len || - data->data[0] != len || (len && - NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, - data->data + 1, len))) { - /* Can we do this here? Or, must we arrange for the caller to do it? */ - (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + if (data->len != 1 + len || data->data[0] != len ) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } + if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, + data->data + 1, len)) { PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); + (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2117,13 +2148,13 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) if (ss->sec.isServer) { /* prepare to send back the appropriate response */ rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type, - ssl3_SendRenegotiationInfoXtn); + ssl3_SendRenegotiationInfoXtn); } return rv; } static PRInt32 -ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRUint32 ext_data_len; PRInt16 i; @@ -2132,142 +2163,148 @@ ssl3_SendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) if (!ss) return 0; - if (!ss->sec.isServer) { - /* Client side */ + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) + return 0; /* Not relevant */ - if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) - return 0; /* Not relevant */ + ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1; - - if (append && maxBytes >= 4 + ext_data_len) { - /* Extension type */ - rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); - if (rv != SECSuccess) return -1; - /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); - if (rv != SECSuccess) return -1; - /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, - 2 * ss->ssl3.dtlsSRTPCipherCount, - 2); - if (rv != SECSuccess) return -1; - /* The SRTP ciphers */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - rv = ssl3_AppendHandshakeNumber(ss, - ss->ssl3.dtlsSRTPCiphers[i], - 2); - } - /* Empty MKI value */ - ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_use_srtp_xtn; - } - - return 4 + ext_data_len; - } - - /* Server side */ - if (append && maxBytes >= 9) { + if (append && maxBytes >= 4 + ext_data_len) { /* Extension type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); if (rv != SECSuccess) return -1; /* Length of extension data */ - rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + rv = ssl3_AppendHandshakeNumber(ss, ext_data_len, 2); if (rv != SECSuccess) return -1; /* Length of the SRTP cipher list */ - rv = ssl3_AppendHandshakeNumber(ss, 2, 2); - if (rv != SECSuccess) return -1; - /* The selected cipher */ - rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + rv = ssl3_AppendHandshakeNumber(ss, + 2 * ss->ssl3.dtlsSRTPCipherCount, + 2); if (rv != SECSuccess) return -1; + /* The SRTP ciphers */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + rv = ssl3_AppendHandshakeNumber(ss, + ss->ssl3.dtlsSRTPCiphers[i], + 2); + } /* Empty MKI value */ ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_use_srtp_xtn; } + return 4 + ext_data_len; +} + +static PRInt32 +ssl3_ServerSendUseSRTPXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +{ + SECStatus rv; + + /* Server side */ + if (!append || maxBytes < 9) { + return 9; + } + + /* Extension type */ + rv = ssl3_AppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2); + if (rv != SECSuccess) return -1; + /* Length of extension data */ + rv = ssl3_AppendHandshakeNumber(ss, 5, 2); + if (rv != SECSuccess) return -1; + /* Length of the SRTP cipher list */ + rv = ssl3_AppendHandshakeNumber(ss, 2, 2); + if (rv != SECSuccess) return -1; + /* The selected cipher */ + rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.dtlsSRTPCipherSuite, 2); + if (rv != SECSuccess) return -1; + /* Empty MKI value */ + ssl3_AppendHandshakeVariable(ss, NULL, 0, 1); + return 9; } static SECStatus -ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) { SECStatus rv; SECItem ciphers = {siBuffer, NULL, 0}; PRUint16 i; - unsigned int j; PRUint16 cipher = 0; PRBool found = PR_FALSE; SECItem litem; - if (!ss->sec.isServer) { - /* Client side */ - if (!data->data || !data->len) { - /* malformed */ - return SECFailure; - } - - /* Get the cipher list */ - rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } - /* Now check that the number of ciphers listed is 1 (len = 2) */ - if (ciphers.len != 2) { - return SECFailure; - } + if (!data->data || !data->len) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } - /* Get the selected cipher */ - cipher = (ciphers.data[0] << 8) | ciphers.data[1]; + /* Get the cipher list */ + rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* fatal alert already sent */ + } + /* Now check that the server has picked just 1 (i.e., len = 2) */ + if (ciphers.len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } - /* Now check that this is one of the ciphers we offered */ - for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { - if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { - found = PR_TRUE; - break; - } - } + /* Get the selected cipher */ + cipher = (ciphers.data[0] << 8) | ciphers.data[1]; - if (!found) { - return SECFailure; + /* Now check that this is one of the ciphers we offered */ + for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) { + if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) { + found = PR_TRUE; + break; } + } - /* Get the srtp_mki value */ - rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, - &data->data, &data->len); - if (rv != SECSuccess) { - return SECFailure; - } + if (!found) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } - /* We didn't offer an MKI, so this must be 0 length */ - /* XXX RFC 5764 Section 4.1.3 says: - * If the client detects a nonzero-length MKI in the server's - * response that is different than the one the client offered, - * then the client MUST abort the handshake and SHOULD send an - * invalid_parameter alert. - * - * Due to a limitation of the ssl3_HandleHelloExtensions function, - * returning SECFailure here won't abort the handshake. It will - * merely cause the use_srtp extension to be not negotiated. We - * should fix this. See NSS bug 753136. - */ - if (litem.len != 0) { - return SECFailure; - } + /* Get the srtp_mki value */ + rv = ssl3_ConsumeHandshakeVariable(ss, &litem, 1, + &data->data, &data->len); + if (rv != SECSuccess) { + return SECFailure; /* alert already sent */ + } - if (data->len != 0) { - /* malformed */ - return SECFailure; - } + /* We didn't offer an MKI, so this must be 0 length */ + if (litem.len != 0) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + return SECFailure; + } - /* OK, this looks fine. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; - ss->ssl3.dtlsSRTPCipherSuite = cipher; - return SECSuccess; + /* extra trailing bytes */ + if (data->len != 0) { + (void)ssl3_DecodeError(ss); + return SECFailure; } - /* Server side */ + /* OK, this looks fine. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; + ss->ssl3.dtlsSRTPCipherSuite = cipher; + return SECSuccess; +} + +static SECStatus +ssl3_ServerHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) +{ + SECStatus rv; + SECItem ciphers = {siBuffer, NULL, 0}; + PRUint16 i; + unsigned int j; + PRUint16 cipher = 0; + PRBool found = PR_FALSE; + SECItem litem; + if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) { /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP * preferences have been set. */ @@ -2275,7 +2312,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!data->data || data->len < 5) { - /* malformed */ + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2283,10 +2320,11 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ConsumeHandshakeVariable(ss, &ciphers, 2, &data->data, &data->len); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; /* alert already sent */ } /* Check that the list is even length */ if (ciphers.len % 2) { + (void)ssl3_DecodeError(ss); return SECFailure; } @@ -2309,12 +2347,13 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (data->len != 0) { - return SECFailure; /* Malformed */ + (void)ssl3_DecodeError(ss); /* trailing bytes */ + return SECFailure; } /* Now figure out what to do */ if (!found) { - /* No matching ciphers */ + /* No matching ciphers, pretend we don't support use_srtp */ return SECSuccess; } @@ -2323,7 +2362,7 @@ ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ssl_use_srtp_xtn; return ssl3_RegisterServerHelloExtensionSender(ss, ssl_use_srtp_xtn, - ssl3_SendUseSRTPXtn); + ssl3_ServerSendUseSRTPXtn); } /* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension @@ -2342,9 +2381,6 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECSuccess; } - /* Keep track of negotiated extensions. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - rv = ssl3_ConsumeHandshakeVariable(ss, &algorithms, 2, &data->data, &data->len); if (rv != SECSuccess) { @@ -2353,6 +2389,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, decode_error); return SECFailure; } @@ -2366,6 +2403,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); + (void)SSL3_SendAlert(ss, alert_fatal, internal_error); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; @@ -2395,6 +2434,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.clientSigAndHash = NULL; } + /* Keep track of negotiated extensions. */ + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; return SECSuccess; } @@ -2409,10 +2450,12 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ tls_hash_sha256, tls_sig_rsa, tls_hash_sha384, tls_sig_rsa, + tls_hash_sha512, tls_sig_rsa, tls_hash_sha1, tls_sig_rsa, #ifndef NSS_DISABLE_ECC tls_hash_sha256, tls_sig_ecdsa, tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha512, tls_sig_ecdsa, tls_hash_sha1, tls_sig_ecdsa, #endif tls_hash_sha256, tls_sig_dsa, @@ -2560,42 +2603,34 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } - if (data->len != 2) - goto loser; + if (data->len != 2) { + (void)ssl3_DecodeError(ss); + return SECFailure; + } /* Get the draft version out of the handshake */ draft_version = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); if (draft_version < 0) { - goto loser; + return SECFailure; } /* Keep track of negotiated extensions. */ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - /* Compare the version */ if (draft_version != TLS_1_3_DRAFT_VERSION) { + /* + * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. + * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back + * here. Need to double-check. + */ SSL_TRC(30, ("%d: SSL3[%d]: Incompatible version of TLS 1.3 (%d), " "expected %d", SSL_GETPID(), ss->fd, draft_version, TLS_1_3_DRAFT_VERSION)); - goto loser; + ss->version = SSL_LIBRARY_VERSION_TLS_1_2; } return SECSuccess; - -loser: - /* - * Incompatible/broken TLS 1.3 implementation. Fall back to TLS 1.2. - * TODO(ekr@rtfm.com): It's not entirely clear it's safe to roll back - * here. Need to double-check. - * TODO(ekr@rtfm.com): Currently we fall back even on broken extensions. - * because SECFailure does not cause handshake failures. See bug - * 753136. - */ - SSL_TRC(30, ("%d: SSL3[%d]: Rolling back to TLS 1.2", SSL_GETPID(), ss->fd)); - ss->version = SSL_LIBRARY_VERSION_TLS_1_2; - - return SECSuccess; } /* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp diff --git a/chromium/net/third_party/nss/ssl/sslimpl.h b/chromium/net/third_party/nss/ssl/sslimpl.h index a809616d639..efcbf9faddc 100644 --- a/chromium/net/third_party/nss/ssl/sslimpl.h +++ b/chromium/net/third_party/nss/ssl/sslimpl.h @@ -762,9 +762,15 @@ typedef struct { SSL3KeyExchangeAlgorithm kea; SSL3KEAType exchKeyType; SSL3SignType signKeyType; + /* For export cipher suites: + * is_limited identifies a suite as having a limit on the key size. + * key_size_limit provides the corresponding limit. */ PRBool is_limited; int key_size_limit; PRBool tls_keygen; + /* True if the key exchange for the suite can be ephemeral. Or to be more + * precise: true if the ServerKeyExchange message is required. */ + PRBool ephemeral; } ssl3KEADef; /* @@ -1037,6 +1043,7 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES]; PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ + PRBool fatalAlertSent; }; #define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the diff --git a/chromium/net/third_party/nss/ssl/sslsock.c b/chromium/net/third_party/nss/ssl/sslsock.c index 13634c60a5f..09a0fb514b2 100644 --- a/chromium/net/third_party/nss/ssl/sslsock.c +++ b/chromium/net/third_party/nss/ssl/sslsock.c @@ -97,7 +97,7 @@ static sslOptions ssl_defaults = { * default range of enabled SSL/TLS protocols */ static SSLVersionRange versions_defaults_stream = { - SSL_LIBRARY_VERSION_3_0, + SSL_LIBRARY_VERSION_TLS_1_0, SSL_LIBRARY_VERSION_TLS_1_2 }; |