diff options
author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-29 18:07:47 +0000 |
---|---|---|
committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-29 18:07:47 +0000 |
commit | a304cfbfaf1b4a941f20e479006ca806049c1f11 (patch) | |
tree | fe38418b4610f2b984be82e1ce2763e6b3da28a4 | |
parent | 1713fee11cd2ac6d863dfa7bb7f742c301f1a042 (diff) | |
download | chromium_src-a304cfbfaf1b4a941f20e479006ca806049c1f11.zip chromium_src-a304cfbfaf1b4a941f20e479006ca806049c1f11.tar.gz chromium_src-a304cfbfaf1b4a941f20e479006ca806049c1f11.tar.bz2 |
Update the TLS False Start patch. Replace TABs by spaces
in ssl.h. Add comments to ssl3con.c to make it clear that
we call the handshakeCallback only once. Fix incorrect -h
option in new test cases in sslstress.txt.
R=agl
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2808075
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54146 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | net/third_party/nss/patches/falsestart.patch | 62 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl.h | 6 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 4 |
3 files changed, 37 insertions, 35 deletions
diff --git a/net/third_party/nss/patches/falsestart.patch b/net/third_party/nss/patches/falsestart.patch index 6a71159..a1975c6 100644 --- a/net/third_party/nss/patches/falsestart.patch +++ b/net/third_party/nss/patches/falsestart.patch @@ -1,10 +1,10 @@ Index: mozilla/security/nss/cmd/strsclnt/strsclnt.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v -retrieving revision 1.66 -diff -u -p -r1.66 strsclnt.c ---- mozilla/security/nss/cmd/strsclnt/strsclnt.c 10 Feb 2010 18:07:20 -0000 1.66 -+++ mozilla/security/nss/cmd/strsclnt/strsclnt.c 16 Mar 2010 01:25:41 -0000 +retrieving revision 1.67 +diff -u -p -r1.67 strsclnt.c +--- mozilla/security/nss/cmd/strsclnt/strsclnt.c 3 Apr 2010 18:27:28 -0000 1.67 ++++ mozilla/security/nss/cmd/strsclnt/strsclnt.c 29 Jul 2010 01:49:04 -0000 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE static PRBool ignoreErrors = PR_FALSE; static PRBool enableSessionTickets = PR_FALSE; @@ -60,7 +60,7 @@ RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v retrieving revision 1.62 diff -u -p -r1.62 tstclnt.c --- mozilla/security/nss/cmd/tstclnt/tstclnt.c 10 Feb 2010 18:07:21 -0000 1.62 -+++ mozilla/security/nss/cmd/tstclnt/tstclnt.c 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/cmd/tstclnt/tstclnt.c 29 Jul 2010 01:49:04 -0000 @@ -225,6 +225,7 @@ static void Usage(const char *progName) fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N"); fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); @@ -117,14 +117,14 @@ RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v retrieving revision 1.38 diff -u -p -r1.38 ssl.h --- mozilla/security/nss/lib/ssl/ssl.h 17 Feb 2010 02:29:07 -0000 1.38 -+++ mozilla/security/nss/lib/ssl/ssl.h 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/lib/ssl/ssl.h 29 Jul 2010 01:49:04 -0000 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi /* Renegotiation Info (RI) */ /* extension in ALL handshakes. */ /* default: off */ -+#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ -+ /* default, applies only to */ -+ /* clients). False start is a */ ++#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ ++ /* default, applies only to */ ++ /* clients). False start is a */ +/* mode where an SSL client will start sending application data before */ +/* verifying the server's Finished message. This means that we could end up */ +/* sending data to an imposter. However, the data will be encrypted and */ @@ -139,11 +139,11 @@ diff -u -p -r1.38 ssl.h Index: mozilla/security/nss/lib/ssl/ssl3con.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v -retrieving revision 1.136 -diff -u -p -r1.136 ssl3con.c ---- mozilla/security/nss/lib/ssl/ssl3con.c 17 Feb 2010 02:29:07 -0000 1.136 -+++ mozilla/security/nss/lib/ssl/ssl3con.c 16 Mar 2010 01:25:41 -0000 -@@ -5656,7 +5656,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc +retrieving revision 1.142 +diff -u -p -r1.142 ssl3con.c +--- mozilla/security/nss/lib/ssl/ssl3con.c 24 Jun 2010 19:53:20 -0000 1.142 ++++ mozilla/security/nss/lib/ssl/ssl3con.c 29 Jul 2010 01:49:04 -0000 +@@ -5665,7 +5665,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc return rv; } @@ -162,12 +162,12 @@ diff -u -p -r1.136 ssl3con.c /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 Server Hello Done message. -@@ -5728,6 +5738,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss +@@ -5737,6 +5747,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss ss->ssl3.hs.ws = wait_new_session_ticket; else ss->ssl3.hs.ws = wait_change_cipher; + -+ /* Do the handshake callback for sslv3 here. */ ++ /* Do the handshake callback for sslv3 here, if we can false start. */ + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); + } @@ -175,11 +175,13 @@ diff -u -p -r1.136 ssl3con.c return SECSuccess; loser: -@@ -8468,7 +8484,7 @@ xmit_loser: +@@ -8476,8 +8492,8 @@ xmit_loser: + } ss->ssl3.hs.ws = idle_handshake; - /* Do the handshake callback for sslv3 here. */ +- /* Do the handshake callback for sslv3 here. */ - if (ss->handshakeCallback != NULL) { ++ /* Do the handshake callback for sslv3 here, if we cannot false start. */ + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } @@ -190,7 +192,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3gthr.c,v retrieving revision 1.9 diff -u -p -r1.9 ssl3gthr.c --- mozilla/security/nss/lib/ssl/ssl3gthr.c 20 Nov 2008 07:37:25 -0000 1.9 -+++ mozilla/security/nss/lib/ssl/ssl3gthr.c 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/lib/ssl/ssl3gthr.c 29 Jul 2010 01:49:04 -0000 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket * { SSL3Ciphertext cText; @@ -227,7 +229,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v retrieving revision 1.77 diff -u -p -r1.77 sslimpl.h --- mozilla/security/nss/lib/ssl/sslimpl.h 10 Feb 2010 00:33:50 -0000 1.77 -+++ mozilla/security/nss/lib/ssl/sslimpl.h 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/lib/ssl/sslimpl.h 29 Jul 2010 01:49:04 -0000 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { unsigned int enableDeflate : 1; /* 19 */ unsigned int enableRenegotiation : 2; /* 20-21 */ @@ -251,7 +253,7 @@ RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v retrieving revision 1.43 diff -u -p -r1.43 sslsecur.c --- mozilla/security/nss/lib/ssl/sslsecur.c 14 Jan 2010 22:15:25 -0000 1.43 -+++ mozilla/security/nss/lib/ssl/sslsecur.c 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/lib/ssl/sslsecur.c 29 Jul 2010 01:49:04 -0000 @@ -1199,8 +1199,17 @@ ssl_SecureSend(sslSocket *ss, const unsi ss->writerThread = PR_GetCurrentThread(); /* If any of these is non-zero, the initial handshake is not done. */ @@ -274,10 +276,10 @@ diff -u -p -r1.43 sslsecur.c Index: mozilla/security/nss/lib/ssl/sslsock.c =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v -retrieving revision 1.66 -diff -u -p -r1.66 sslsock.c ---- mozilla/security/nss/lib/ssl/sslsock.c 26 Feb 2010 20:44:54 -0000 1.66 -+++ mozilla/security/nss/lib/ssl/sslsock.c 16 Mar 2010 01:25:41 -0000 +retrieving revision 1.67 +diff -u -p -r1.67 sslsock.c +--- mozilla/security/nss/lib/ssl/sslsock.c 25 Apr 2010 23:37:38 -0000 1.67 ++++ mozilla/security/nss/lib/ssl/sslsock.c 29 Jul 2010 01:49:04 -0000 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* enableDeflate */ 2, /* enableRenegotiation (default: requires extension) */ @@ -330,16 +332,16 @@ RCS file: /cvsroot/mozilla/security/nss/tests/ssl/sslstress.txt,v retrieving revision 1.18 diff -u -p -r1.18 sslstress.txt --- mozilla/security/nss/tests/ssl/sslstress.txt 3 Feb 2010 02:25:36 -0000 1.18 -+++ mozilla/security/nss/tests/ssl/sslstress.txt 16 Mar 2010 01:25:41 -0000 ++++ mozilla/security/nss/tests/ssl/sslstress.txt 29 Jul 2010 01:49:04 -0000 @@ -42,9 +42,11 @@ noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128 with MD5 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128 with MD5 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128 with MD5 -+ noECC 0 _ -c_1000_-C_c_-h Stress TLS RC4 128 with MD5 (false start) ++ noECC 0 _ -c_1000_-C_c_-g Stress TLS RC4 128 with MD5 (false start) noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket) noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128 with MD5 (compression) noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression) -+ noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-h Stress TLS RC4 128 with MD5 (session ticket, compression, false start) ++ noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, false start) SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI) # @@ -347,9 +349,9 @@ diff -u -p -r1.18 sslstress.txt noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 with MD5 (no reuse, client auth) noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth) noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth) -+ noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-h Stress TLS RC4 128 with MD5 (compression, client auth, false start) ++ noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start) noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression, client auth) -+ noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-h Stress TLS RC4 128 with MD5 (session ticket, compression, client auth, false start) ++ noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, client auth, false start) SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, default virt host) SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, change virt host) diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h index 0bc02f8..a2e3984 100644 --- a/net/third_party/nss/ssl/ssl.h +++ b/net/third_party/nss/ssl/ssl.h @@ -128,9 +128,9 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* Renegotiation Info (RI) */ /* extension in ALL handshakes. */ /* default: off */ -#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ - /* default, applies only to */ - /* clients). False start is a */ +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ + /* default, applies only to */ + /* clients). False start is a */ /* mode where an SSL client will start sending application data before */ /* verifying the server's Finished message. This means that we could end up */ /* sending data to an imposter. However, the data will be encrypted and */ diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index 9b671e7..c99a38f 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -5748,7 +5748,7 @@ ssl3_HandleServerHelloDone(sslSocket *ss) else ss->ssl3.hs.ws = wait_change_cipher; - /* Do the handshake callback for sslv3 here. */ + /* Do the handshake callback for sslv3 here, if we can false start. */ if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } @@ -8570,7 +8570,7 @@ xmit_loser: } ss->ssl3.hs.ws = idle_handshake; - /* Do the handshake callback for sslv3 here. */ + /* Do the handshake callback for sslv3 here, if we cannot false start. */ if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } |