diff options
author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-05 17:03:26 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-05 17:03:26 +0000 |
commit | ffa9030e06ad1a53141ef51493833b8019291217 (patch) | |
tree | dd5190b4f85dba6410133868777c23031e8f1d98 /net/third_party | |
parent | 3fd71b5b1d5e20c58bcf9be023ba021bab29b95b (diff) | |
download | chromium_src-ffa9030e06ad1a53141ef51493833b8019291217.zip chromium_src-ffa9030e06ad1a53141ef51493833b8019291217.tar.gz chromium_src-ffa9030e06ad1a53141ef51493833b8019291217.tar.bz2 |
net: disable 1/n-1 record splitting when False Start is disabled.
Brocade SSL terminators are intolerant to 1/n-1 record splitting as well. For
the sake of getting M15 out the door, this patch uses the False Start blacklist
in order to switch off 1/n-1 record splitting too. This is deeply unfortunate
but will be reverted on trunk as soon as it can be merged to M15.
BUG=98908
TEST=none
Review URL: http://codereview.chromium.org/8137027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104119 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r-- | net/third_party/nss/patches/cbcrandomiv.patch | 27 | ||||
-rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 1 |
2 files changed, 15 insertions, 13 deletions
diff --git a/net/third_party/nss/patches/cbcrandomiv.patch b/net/third_party/nss/patches/cbcrandomiv.patch index 806e0b2..a55e808 100644 --- a/net/third_party/nss/patches/cbcrandomiv.patch +++ b/net/third_party/nss/patches/cbcrandomiv.patch @@ -1,14 +1,14 @@ -From 03c5c660f3668ed1e9c9b6277d64c96d2ab3d890 Mon Sep 17 00:00:00 2001 +From fb2d182ed92f38bd9c1134bb929f095ea6d3e752 Mon Sep 17 00:00:00 2001 From: Adam Langley <agl@chromium.org> Date: Mon, 3 Oct 2011 12:23:29 -0400 Subject: [PATCH] cbcrandomiv.patch --- - mozilla/security/nss/lib/ssl/ssl3con.c | 96 +++++++++++++++++++++++--------- - 1 files changed, 69 insertions(+), 27 deletions(-) + mozilla/security/nss/lib/ssl/ssl3con.c | 97 +++++++++++++++++++++++--------- + 1 files changed, 70 insertions(+), 27 deletions(-) diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c -index dd99962..2648cbe 100644 +index dd99962..d561307 100644 --- a/mozilla/security/nss/lib/ssl/ssl3con.c +++ b/mozilla/security/nss/lib/ssl/ssl3con.c @@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) { @@ -90,7 +90,7 @@ index dd99962..2648cbe 100644 } /* Process the plain text before sending it. -@@ -2227,20 +2221,70 @@ ssl3_SendRecord( sslSocket * ss, +@@ -2227,20 +2221,71 @@ ssl3_SendRecord( sslSocket * ss, while (nIn > 0) { PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH); @@ -100,6 +100,7 @@ index dd99962..2648cbe 100644 + ssl_GetSpecReadLock(ss); /********************************/ + + if (nIn > 1 && ++ ss->opt.enableFalseStart && + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS && + type == content_application_data && + ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) { @@ -125,10 +126,9 @@ index dd99962..2648cbe 100644 - return SECFailure; /* sslBuffer_Grow set a memory error code. */ + SSL_GETPID(), ss->fd, spaceNeeded)); + goto spec_locked_loser; /* sslBuffer_Grow set a memory error code. */ - } - } - -- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen); ++ } ++ } ++ + if (numRecords == 2) { + sslBuffer secondRecord; + @@ -160,16 +160,17 @@ index dd99962..2648cbe 100644 + if (rv == SECSuccess) { + PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:", + wrBuf->buf, wrBuf->len)); -+ } -+ } -+ + } + } + +- rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen); +spec_locked_loser: + ssl_ReleaseSpecReadLock(ss); /************************************/ + if (rv != SECSuccess) return SECFailure; -@@ -2248,8 +2292,6 @@ ssl3_SendRecord( sslSocket * ss, +@@ -2248,8 +2293,6 @@ ssl3_SendRecord( sslSocket * ss, nIn -= contentLen; PORT_Assert( nIn >= 0 ); diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index ad8f4cd..577086d 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -2230,6 +2230,7 @@ ssl3_SendRecord( sslSocket * ss, ssl_GetSpecReadLock(ss); /********************************/ if (nIn > 1 && + ss->opt.enableFalseStart && ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS && type == content_application_data && ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) { |