Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1524)

Unified Diff: net/third_party/nss/patches/channelid.patch

Issue 10540014: nss: support SECWouldBlock from ChannelID callback. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl.h » ('j') | net/third_party/nss/ssl/ssl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/patches/channelid.patch
diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch
index d700f119cb32245bfc10424bb39160de5f2842b7..2fb4fffed6b004f57730be0fe221ed855a8b5e3a 100644
--- a/net/third_party/nss/patches/channelid.patch
+++ b/net/third_party/nss/patches/channelid.patch
@@ -16,27 +16,36 @@ index e3f9a1c..2d92514 100644
+ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 126),
+"The application could not get a TLS Channel ID.")
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
-index 1368e2f..3d8fdcb 100644
+index 1368e2f..9aa307b 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
-@@ -945,6 +945,25 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
+@@ -945,6 +945,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
PRBool *last_handshake_resumed);
-+/* See SSL_SetClientChannelIDCallback for usage. The callback must return
-+ * SECFailure or SECSuccess (not SECWouldBlock). On SECSuccess, the callback
-+ * must have written a P-256, EC key pair to |*out_public_key| and
-+ * |*out_private_key|. */
++/* See SSL_SetClientChannelIDCallback for usage. If the callback returns
++ * SECWouldBlock then SSL_RestartHandshakeAfterChannelIDReq should be called in
++ * the future to restart the handshake. On SECSuccess, the callback must have
++ * written a P-256, EC key pair to |*out_public_key| and |*out_private_key|. */
+typedef SECStatus (PR_CALLBACK *SSLClientChannelIDCallback)(
+ void *arg,
+ PRFileDesc *fd,
+ SECKEYPublicKey **out_public_key,
+ SECKEYPrivateKey **out_private_key);
+
++/* SSL_RestartHandshakeAfterChannelIDReq attempts to restart the handshake
++ * after a ChannelID callback returned SECWouldBlock.
++ *
++ * This function takes ownership of |channelIDPub| and |channelID|. */
++SSL_IMPORT SECStatus SSL_RestartHandshakeAfterChannelIDReq(
++ PRFileDesc * fd,
++ SECKEYPublicKey * channelIDPub,
++ SECKEYPrivateKey *channelID);
++
+/* SSL_SetClientChannelIDCallback sets a callback function that will be called
-+ * just before a Channel ID is sent. This is only applicable to a client socket
-+ * and setting this callback causes the TLS Channel ID extension to be
-+ * advertised. */
++ * once the server's ServerHello has been processed. This is only applicable to
++ * a client socket and setting this callback causes the TLS Channel ID
++ * extension to be advertised. */
+SSL_IMPORT SECStatus SSL_SetClientChannelIDCallback(
+ PRFileDesc *fd,
+ SSLClientChannelIDCallback callback,
@@ -46,7 +55,7 @@ index 1368e2f..3d8fdcb 100644
** How long should we wait before retransmitting the next flight of
** the DTLS handshake? Returns SECFailure if not DTLS or not in a
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
-index db9fad3..f714a98 100644
+index db9fad3..2505d65 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -86,6 +86,7 @@ static SECStatus ssl3_SendCertificate( sslSocket *ss);
@@ -57,7 +66,64 @@ index db9fad3..f714a98 100644
static SECStatus ssl3_SendFinished( sslSocket *ss, PRInt32 flags);
static SECStatus ssl3_SendServerHello( sslSocket *ss);
static SECStatus ssl3_SendServerHelloDone( sslSocket *ss);
-@@ -6239,6 +6240,10 @@ ssl3_SendClientSecondRound(sslSocket *ss)
+@@ -5200,6 +5201,15 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ }
+ #endif /* NSS_PLATFORM_CLIENT_AUTH */
+
++ if (ss->ssl3.channelID != NULL) {
++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
++ ss->ssl3.channelID = NULL;
++ }
++ if (ss->ssl3.channelIDPub != NULL) {
++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
++ ss->ssl3.channelIDPub = NULL;
++ }
++
+ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
+ if (temp < 0) {
+ goto loser; /* alert has been sent */
+@@ -5452,13 +5462,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+ ssl3_CopyPeerCertsFromSID(ss, sid);
+ }
+
+-
+ /* NULL value for PMS signifies re-use of the old MS */
+ rv = ssl3_InitPendingCipherSpec(ss, NULL);
+ if (rv != SECSuccess) {
+ goto alert_loser; /* err code was set */
+ }
+- return SECSuccess;
++ goto winner;
+ } while (0);
+
+ if (sid_match)
+@@ -5483,6 +5492,25 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+
+ ss->ssl3.hs.isResuming = PR_FALSE;
+ ss->ssl3.hs.ws = wait_server_cert;
++
++winner:
++ /* If we will need a ChannelID key then we make the callback now. This
++ * allows the handshake to be restarted cleanly if the callback returns
++ * SECWouldBlock. */
++ if (ss->getChannelID &&
++ ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
++ rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
++ &ss->ssl3.channelIDPub, &ss->ssl3.channelID);
++ if (rv == SECWouldBlock) {
++ ssl3_SetAlwaysBlock(ss);
++ return rv;
++ }
++ if (rv != SECSuccess) {
++ PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
++ goto loser;
++ }
++ }
++
+ return SECSuccess;
+
+ alert_loser:
+@@ -6239,6 +6267,10 @@ ssl3_SendClientSecondRound(sslSocket *ss)
goto loser; /* err code was set. */
}
}
@@ -68,7 +134,7 @@ index db9fad3..f714a98 100644
rv = ssl3_SendFinished(ss, 0);
if (rv != SECSuccess) {
-@@ -8855,6 +8860,130 @@ ssl3_SendNextProto(sslSocket *ss)
+@@ -8855,6 +8887,154 @@ ssl3_SendNextProto(sslSocket *ss)
return rv;
}
@@ -109,26 +175,17 @@ index db9fad3..f714a98 100644
+ SECItem digest_item;
+ unsigned char signature[64];
+ SECItem signature_item;
-+ SECKEYPrivateKey *channelID = NULL;
-+ SECKEYPublicKey *channelIDPub = NULL;
+
+ PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+ PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
-+ if (ss->getChannelID == NULL ||
-+ !ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn)) {
++ if (ss->ssl3.channelID == NULL)
+ return SECSuccess;
-+ }
+
-+ rv = ss->getChannelID(ss->getChannelIDArg, ss->fd,
-+ &channelIDPub, &channelID);
-+ if (rv != SECSuccess) {
-+ PORT_SetError(SSL_ERROR_GET_CHANNEL_ID_FAILED);
-+ goto loser;
-+ }
++ PORT_Assert(ssl3_ExtensionNegotiated(ss, ssl_channel_id_xtn));
+
-+ if (SECKEY_GetPrivateKeyType(channelID) != ecKey ||
-+ PK11_SignatureLen(channelID) != sizeof(signature)) {
++ if (SECKEY_GetPrivateKeyType(ss->ssl3.channelID) != ecKey ||
++ PK11_SignatureLen(ss->ssl3.channelID) != sizeof(signature)) {
+ PORT_SetError(SSL_ERROR_INVALID_CHANNEL_ID_KEY);
+ rv = SECFailure;
+ goto loser;
@@ -152,7 +209,7 @@ index db9fad3..f714a98 100644
+ if (rv != SECSuccess)
+ goto loser; /* error code set by AppendHandshake */
+
-+ spki = SECKEY_EncodeDERSubjectPublicKeyInfo(channelIDPub);
++ spki = SECKEY_EncodeDERSubjectPublicKeyInfo(ss->ssl3.channelIDPub);
+
+ if (spki->len != sizeof(P256_SPKI_PREFIX) + CHANNEL_ID_PUBLIC_KEY_LENGTH ||
+ memcmp(spki->data, P256_SPKI_PREFIX, sizeof(P256_SPKI_PREFIX) != 0)) {
@@ -176,7 +233,7 @@ index db9fad3..f714a98 100644
+ signature_item.data = signature;
+ signature_item.len = sizeof(signature);
+
-+ rv = PK11_Sign(channelID, &signature_item, &digest_item);
++ rv = PK11_Sign(ss->ssl3.channelID, &signature_item, &digest_item);
+ if (rv != SECSuccess)
+ goto loser;
+
@@ -188,18 +245,51 @@ index db9fad3..f714a98 100644
+loser:
+ if (spki)
+ SECITEM_FreeItem(spki, PR_TRUE);
-+ if (channelID)
-+ SECKEY_DestroyPrivateKey(channelID);
-+ if (channelIDPub)
-+ SECKEY_DestroyPublicKey(channelIDPub);
++ if (ss->ssl3.channelID) {
++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
++ ss->ssl3.channelID = NULL;
++ }
++ if (ss->ssl3.channelIDPub) {
++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
++ ss->ssl3.channelIDPub = NULL;
++ }
+
+ return rv;
+}
+
++/* ssl3_RestartHandshakeAfterChannelIDReq is called to restart a handshake
++ * after a ChannelID callback returned SECWouldBlock. At this point we have
++ * processed the server's ServerHello but not yet any further messages. We will
++ * always get a message from the server after a ServerHello so either they are
++ * waiting in the buffer or we'll get network I/O. */
++SECStatus
++ssl3_RestartHandshakeAfterChannelIDReq(sslSocket *ss,
++ SECKEYPublicKey *channelIDPub,
++ SECKEYPrivateKey *channelID)
++{
++ if (ss->handshake == 0) {
++ SECKEY_DestroyPublicKey(channelIDPub);
++ SECKEY_DestroyPrivateKey(channelID);
++ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
++ return SECFailure;
++ }
++
++ if (ss->ssl3.channelID)
++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
++ if (ss->ssl3.channelIDPub)
++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
++
++ ss->handshake = ssl_GatherRecord1stHandshake;
++ ss->ssl3.channelID = channelID;
++ ss->ssl3.channelIDPub = channelIDPub;
++
++ return SECSuccess;
++}
++
/* called from ssl3_HandleServerHelloDone
* ssl3_HandleClientHello
* ssl3_HandleFinished
-@@ -9105,11 +9234,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+@@ -9105,11 +9285,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
}
@@ -220,6 +310,18 @@ index db9fad3..f714a98 100644
}
if (IS_DTLS(ss)) {
+@@ -10376,6 +10561,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+ ssl_FreePlatformKey(ss->ssl3.platformClientKey);
+ #endif /* NSS_PLATFORM_CLIENT_AUTH */
+
++ if (ss->ssl3.channelID)
++ SECKEY_DestroyPrivateKey(ss->ssl3.channelID);
++ if (ss->ssl3.channelIDPub)
++ SECKEY_DestroyPublicKey(ss->ssl3.channelIDPub);
++
+ if (ss->ssl3.peerCertArena != NULL)
+ ssl3_CleanupPeerCerts(ss);
+
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index b9fd6e7..029487e 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
@@ -367,10 +469,20 @@ index 9d3bebc..53c897c 100644
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
-index 8ab865a..7cd2298 100644
+index 8ab865a..dd3d90b 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
-@@ -1198,6 +1198,8 @@ const unsigned char * preferredCipher;
+@@ -930,6 +930,9 @@ struct ssl3StateStr {
+ CERTCertificateList *clientCertChain; /* used by client */
+ PRBool sendEmptyCert; /* used by client */
+
++ SECKEYPrivateKey *channelID; /* used by client */
++ SECKEYPublicKey *channelIDPub; /* used by client */
++
+ int policy;
+ /* This says what cipher suites we can do, and should
+ * be either SSL_ALLOWED or SSL_RESTRICTED
+@@ -1198,6 +1201,8 @@ const unsigned char * preferredCipher;
void *pkcs11PinArg;
SSLNextProtoCallback nextProtoCallback;
void *nextProtoArg;
@@ -379,6 +491,50 @@ index 8ab865a..7cd2298 100644
PRIntervalTime rTimeout; /* timeout for NSPR I/O */
PRIntervalTime wTimeout; /* timeout for NSPR I/O */
+diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
+index e4804d0..cc8588b 100644
+--- a/net/third_party/nss/ssl/sslsecur.c
++++ b/net/third_party/nss/ssl/sslsecur.c
+@@ -1535,6 +1535,39 @@ SSL_RestartHandshakeAfterCertReq(PRFileDesc * fd,
+ return ret;
+ }
+
++SECStatus
++SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd,
++ SECKEYPublicKey * channelIDPub,
++ SECKEYPrivateKey *channelID)
++{
++ sslSocket * ss = ssl_FindSocket(fd);
++ SECStatus ret;
++
++ if (!ss) {
++ SSL_DBG(("%d: SSL[%d]: bad socket in"
++ " SSL_RestartHandshakeAfterChannelIDReq",
++ SSL_GETPID(), fd));
++ goto loser;
++ }
++
++ if (ss->version < SSL_LIBRARY_VERSION_3_0) {
++ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
++ goto loser;
++ }
++
++ ssl_Get1stHandshakeLock(ss);
++ ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub,
++ channelID);
++ ssl_Release1stHandshakeLock(ss);
++
++ return ret;
++
++loser:
++ SECKEY_DestroyPublicKey(channelIDPub);
++ SECKEY_DestroyPrivateKey(channelID);
++ return SECFailure;
++}
++
+ /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
+ * this implementation exists to maintain link-time compatibility.
+ */
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index ebc245a..9498828 100644
--- a/net/third_party/nss/ssl/sslsock.c
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl.h » ('j') | net/third_party/nss/ssl/ssl.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698