summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss/patches/cbcrandomiv.patch
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-10-05 17:03:26 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-10-05 17:03:26 +0000
commitffa9030e06ad1a53141ef51493833b8019291217 (patch)
treedd5190b4f85dba6410133868777c23031e8f1d98 /net/third_party/nss/patches/cbcrandomiv.patch
parent3fd71b5b1d5e20c58bcf9be023ba021bab29b95b (diff)
downloadchromium_src-ffa9030e06ad1a53141ef51493833b8019291217.zip
chromium_src-ffa9030e06ad1a53141ef51493833b8019291217.tar.gz
chromium_src-ffa9030e06ad1a53141ef51493833b8019291217.tar.bz2
net: disable 1/n-1 record splitting when False Start is disabled.
Brocade SSL terminators are intolerant to 1/n-1 record splitting as well. For the sake of getting M15 out the door, this patch uses the False Start blacklist in order to switch off 1/n-1 record splitting too. This is deeply unfortunate but will be reverted on trunk as soon as it can be merged to M15. BUG=98908 TEST=none Review URL: http://codereview.chromium.org/8137027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104119 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party/nss/patches/cbcrandomiv.patch')
-rw-r--r--net/third_party/nss/patches/cbcrandomiv.patch27
1 files changed, 14 insertions, 13 deletions
diff --git a/net/third_party/nss/patches/cbcrandomiv.patch b/net/third_party/nss/patches/cbcrandomiv.patch
index 806e0b2..a55e808 100644
--- a/net/third_party/nss/patches/cbcrandomiv.patch
+++ b/net/third_party/nss/patches/cbcrandomiv.patch
@@ -1,14 +1,14 @@
-From 03c5c660f3668ed1e9c9b6277d64c96d2ab3d890 Mon Sep 17 00:00:00 2001
+From fb2d182ed92f38bd9c1134bb929f095ea6d3e752 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Mon, 3 Oct 2011 12:23:29 -0400
Subject: [PATCH] cbcrandomiv.patch
---
- mozilla/security/nss/lib/ssl/ssl3con.c | 96 +++++++++++++++++++++++---------
- 1 files changed, 69 insertions(+), 27 deletions(-)
+ mozilla/security/nss/lib/ssl/ssl3con.c | 97 +++++++++++++++++++++++---------
+ 1 files changed, 70 insertions(+), 27 deletions(-)
diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index dd99962..2648cbe 100644
+index dd99962..d561307 100644
--- a/mozilla/security/nss/lib/ssl/ssl3con.c
+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
@@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
@@ -90,7 +90,7 @@ index dd99962..2648cbe 100644
}
/* Process the plain text before sending it.
-@@ -2227,20 +2221,70 @@ ssl3_SendRecord( sslSocket * ss,
+@@ -2227,20 +2221,71 @@ ssl3_SendRecord( sslSocket * ss,
while (nIn > 0) {
PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
@@ -100,6 +100,7 @@ index dd99962..2648cbe 100644
+ ssl_GetSpecReadLock(ss); /********************************/
+
+ if (nIn > 1 &&
++ ss->opt.enableFalseStart &&
+ ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS &&
+ type == content_application_data &&
+ ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
@@ -125,10 +126,9 @@ index dd99962..2648cbe 100644
- return SECFailure; /* sslBuffer_Grow set a memory error code. */
+ SSL_GETPID(), ss->fd, spaceNeeded));
+ goto spec_locked_loser; /* sslBuffer_Grow set a memory error code. */
- }
- }
-
-- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
++ }
++ }
++
+ if (numRecords == 2) {
+ sslBuffer secondRecord;
+
@@ -160,16 +160,17 @@ index dd99962..2648cbe 100644
+ if (rv == SECSuccess) {
+ PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:",
+ wrBuf->buf, wrBuf->len));
-+ }
-+ }
-+
+ }
+ }
+
+- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
+spec_locked_loser:
+ ssl_ReleaseSpecReadLock(ss); /************************************/
+
if (rv != SECSuccess)
return SECFailure;
-@@ -2248,8 +2292,6 @@ ssl3_SendRecord( sslSocket * ss,
+@@ -2248,8 +2293,6 @@ ssl3_SendRecord( sslSocket * ss,
nIn -= contentLen;
PORT_Assert( nIn >= 0 );