summaryrefslogtreecommitdiff
path: root/chromium/net/third_party/nss/patches/cipherorder.patch
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/third_party/nss/patches/cipherorder.patch')
-rw-r--r--chromium/net/third_party/nss/patches/cipherorder.patch106
1 files changed, 106 insertions, 0 deletions
diff --git a/chromium/net/third_party/nss/patches/cipherorder.patch b/chromium/net/third_party/nss/patches/cipherorder.patch
new file mode 100644
index 00000000000..16d4745dcd8
--- /dev/null
+++ b/chromium/net/third_party/nss/patches/cipherorder.patch
@@ -0,0 +1,106 @@
+diff --git a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+index 4cf02aa..24627ed 100644
+--- a/nss/lib/ssl/ssl.h
++++ b/nss/lib/ssl/ssl.h
+@@ -265,6 +265,13 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+ SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+ SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+
++/* SSL_CipherOrderSet sets the cipher suite preference order from |ciphers|,
++ * which must be an array of cipher suite ids of length |len|. All the given
++ * cipher suite ids must appear in the array that is returned by
++ * |SSL_GetImplementedCiphers| and may only appear once, at most. */
++SSL_IMPORT SECStatus SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers,
++ unsigned int len);
++
+ /* SSLChannelBindingType enumerates the types of supported channel binding
+ * values. See RFC 5929. */
+ typedef enum SSLChannelBindingType {
+diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+index c2d9eeb..350d09c 100644
+--- a/nss/lib/ssl/ssl3con.c
++++ b/nss/lib/ssl/ssl3con.c
+@@ -12423,6 +12423,46 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
+ return rv;
+ }
+
++SECStatus
++ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *ciphers, unsigned int len)
++{
++ /* |i| iterates over |ciphers| while |done| and |j| iterate over
++ * |ss->cipherSuites|. */
++ unsigned int i, done;
++
++ for (i = done = 0; i < len; i++) {
++ PRUint16 id = ciphers[i];
++ unsigned int existingIndex, j;
++ PRBool found = PR_FALSE;
++
++ for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
++ if (ss->cipherSuites[j].cipher_suite == id) {
++ existingIndex = j;
++ found = PR_TRUE;
++ break;
++ }
++ }
++
++ if (!found) {
++ continue;
++ }
++
++ if (existingIndex != done) {
++ const ssl3CipherSuiteCfg temp = ss->cipherSuites[done];
++ ss->cipherSuites[done] = ss->cipherSuites[existingIndex];
++ ss->cipherSuites[existingIndex] = temp;
++ }
++ done++;
++ }
++
++ /* Disable all cipher suites that weren't included. */
++ for (; done < ssl_V3_SUITES_IMPLEMENTED; done++) {
++ ss->cipherSuites[done].enabled = 0;
++ }
++
++ return SECSuccess;
++}
++
+ /* copy global default policy into socket. */
+ void
+ ssl3_InitSocketPolicy(sslSocket *ss)
+diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+index 1e4655f..7521dba 100644
+--- a/nss/lib/ssl/sslimpl.h
++++ b/nss/lib/ssl/sslimpl.h
+@@ -1711,6 +1711,8 @@ extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool
+ extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
+ extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
+ extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
++extern SECStatus ssl3_CipherOrderSet(sslSocket *ss, const ssl3CipherSuite *cipher,
++ unsigned int len);
+
+ extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
+ extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
+diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+index 965215d..9f8286c 100644
+--- a/nss/lib/ssl/sslsock.c
++++ b/nss/lib/ssl/sslsock.c
+@@ -1344,6 +1344,19 @@ SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
+ return rv;
+ }
+
++SECStatus
++SSL_CipherOrderSet(PRFileDesc *fd, const PRUint16 *ciphers, unsigned int len)
++{
++ sslSocket *ss = ssl_FindSocket(fd);
++
++ if (!ss) {
++ SSL_DBG(("%d: SSL[%d]: bad socket in CipherOrderSet", SSL_GETPID(),
++ fd));
++ return SECFailure;
++ }
++ return ssl3_CipherOrderSet(ss, ciphers, len);
++}
++
+ SECStatus
+ SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
+ {
View Lorry Controller Status