| Index: net/third_party/nss/patches/recordlayerversion.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/recordlayerversion.patch (revision 152010)
|
| +++ net/third_party/nss/patches/recordlayerversion.patch (working copy)
|
| @@ -1,8 +1,11 @@
|
| -Index: net/third_party/nss/ssl/sslimpl.h
|
| +Index: mozilla/security/nss/lib/ssl/sslimpl.h
|
| ===================================================================
|
| ---- net/third_party/nss/ssl/sslimpl.h (revision 146623)
|
| -+++ net/third_party/nss/ssl/sslimpl.h (working copy)
|
| -@@ -294,6 +294,8 @@
|
| +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v
|
| +retrieving revision 1.106
|
| +diff -u -p -r1.106 sslimpl.h
|
| +--- mozilla/security/nss/lib/ssl/sslimpl.h 14 Jun 2012 19:03:29 -0000 1.106
|
| ++++ mozilla/security/nss/lib/ssl/sslimpl.h 17 Aug 2012 02:10:02 -0000
|
| +@@ -251,6 +251,8 @@ struct sslSocketOpsStr {
|
| #define ssl_SEND_FLAG_NO_BUFFER 0x20000000
|
| #define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */
|
| #define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */
|
| @@ -11,7 +14,7 @@
|
| #define ssl_SEND_FLAG_MASK 0x7f000000
|
|
|
| /*
|
| -@@ -1414,6 +1416,7 @@
|
| +@@ -1327,6 +1329,7 @@ extern SECStatus
|
| ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
|
| PRBool isServer,
|
| PRBool isDTLS,
|
| @@ -19,11 +22,14 @@
|
| SSL3ContentType type,
|
| const SSL3Opaque * pIn,
|
| PRUint32 contentLen,
|
| -Index: net/third_party/nss/ssl/ssl3con.c
|
| +Index: mozilla/security/nss/lib/ssl/ssl3con.c
|
| ===================================================================
|
| ---- net/third_party/nss/ssl/ssl3con.c (revision 146623)
|
| -+++ net/third_party/nss/ssl/ssl3con.c (working copy)
|
| -@@ -2057,6 +2057,7 @@
|
| +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
|
| +retrieving revision 1.186
|
| +diff -u -p -r1.186 ssl3con.c
|
| +--- mozilla/security/nss/lib/ssl/ssl3con.c 30 Jul 2012 00:47:36 -0000 1.186
|
| ++++ mozilla/security/nss/lib/ssl/ssl3con.c 17 Aug 2012 02:10:02 -0000
|
| +@@ -2060,6 +2060,7 @@ SECStatus
|
| ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
|
| PRBool isServer,
|
| PRBool isDTLS,
|
| @@ -31,7 +37,7 @@
|
| SSL3ContentType type,
|
| const SSL3Opaque * pIn,
|
| PRUint32 contentLen,
|
| -@@ -2216,8 +2217,13 @@
|
| +@@ -2219,8 +2220,13 @@ ssl3_CompressMACEncryptRecord(ssl3Cipher
|
| wrBuf->buf[11] = MSB(cipherBytes);
|
| wrBuf->buf[12] = LSB(cipherBytes);
|
| } else {
|
| @@ -47,7 +53,7 @@
|
| wrBuf->buf[3] = MSB(cipherBytes);
|
| wrBuf->buf[4] = LSB(cipherBytes);
|
| }
|
| -@@ -2247,7 +2253,14 @@
|
| +@@ -2250,7 +2256,14 @@ ssl3_CompressMACEncryptRecord(ssl3Cipher
|
| * all ciphertext into the pending ciphertext buffer.
|
| * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
|
| * Forces the use of the provided epoch
|
| @@ -63,7 +69,7 @@
|
| */
|
| PRInt32
|
| ssl3_SendRecord( sslSocket * ss,
|
| -@@ -2260,6 +2273,7 @@
|
| +@@ -2263,6 +2276,7 @@ ssl3_SendRecord( sslSocket * ss
|
| sslBuffer * wrBuf = &ss->sec.writeBuf;
|
| SECStatus rv;
|
| PRInt32 totalSent = 0;
|
| @@ -71,16 +77,17 @@
|
|
|
| SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d",
|
| SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type),
|
| -@@ -2268,6 +2282,16 @@
|
| +@@ -2271,6 +2285,17 @@ ssl3_SendRecord( sslSocket * ss
|
|
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
|
|
|
| + capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0);
|
| +
|
| + if (capRecordVersion) {
|
| -+ /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with
|
| -+ * TLS ClientHello. */
|
| ++ /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the
|
| ++ * TLS initial ClientHello. */
|
| + PORT_Assert(!IS_DTLS(ss));
|
| ++ PORT_Assert(!ss->firstHsDone);
|
| + PORT_Assert(type == content_handshake);
|
| + PORT_Assert(ss->ssl3.hs.ws == wait_server_hello);
|
| + }
|
| @@ -88,7 +95,7 @@
|
| if (ss->ssl3.initialized == PR_FALSE) {
|
| /* This can happen on a server if the very first incoming record
|
| ** looks like a defective ssl3 record (e.g. too long), and we're
|
| -@@ -2324,7 +2348,8 @@
|
| +@@ -2327,7 +2352,8 @@ ssl3_SendRecord( sslSocket * ss
|
|
|
| rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
|
| ss->sec.isServer, IS_DTLS(ss),
|
| @@ -98,7 +105,7 @@
|
| if (rv != SECSuccess)
|
| goto spec_locked_loser;
|
|
|
| -@@ -2337,7 +2362,8 @@
|
| +@@ -2340,7 +2366,8 @@ ssl3_SendRecord( sslSocket * ss
|
|
|
| rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
|
| ss->sec.isServer, IS_DTLS(ss),
|
| @@ -108,7 +115,7 @@
|
| &secondRecord);
|
| if (rv == SECSuccess) {
|
| PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:",
|
| -@@ -2349,6 +2375,7 @@
|
| +@@ -2352,6 +2379,7 @@ ssl3_SendRecord( sslSocket * ss
|
| rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
|
| ss->sec.isServer,
|
| IS_DTLS(ss),
|
| @@ -116,7 +123,7 @@
|
| type, pIn,
|
| contentLen, wrBuf);
|
| } else {
|
| -@@ -2560,6 +2587,8 @@
|
| +@@ -2563,6 +2591,8 @@ ssl3_FlushHandshake(sslSocket *ss, PRInt
|
| static SECStatus
|
| ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
|
| {
|
| @@ -125,7 +132,7 @@
|
| PRInt32 rv = SECSuccess;
|
|
|
| PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
|
| -@@ -2568,9 +2597,9 @@
|
| +@@ -2571,9 +2601,9 @@ ssl3_FlushHandshakeMessages(sslSocket *s
|
| if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
|
| return rv;
|
|
|
| @@ -138,43 +145,46 @@
|
| PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
| rv = SECFailure;
|
| } else {
|
| -@@ -3981,8 +4010,10 @@
|
| +@@ -4000,8 +4030,10 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| int num_suites;
|
| int actual_count = 0;
|
| PRBool isTLS = PR_FALSE;
|
| -+ PRBool serverVersionKnown = PR_FALSE;
|
| ++ PRBool requestingResume = PR_FALSE;
|
| PRInt32 total_exten_len = 0;
|
| unsigned numCompressionMethods;
|
| + PRInt32 flags;
|
|
|
| SSL_TRC(3, ("%d: SSL3[%d]: send client_hello handshake", SSL_GETPID(),
|
| ss->fd));
|
| -@@ -4070,6 +4101,7 @@
|
| +@@ -4090,6 +4122,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| }
|
|
|
| if (sid) {
|
| -+ serverVersionKnown = PR_TRUE;
|
| ++ requestingResume = PR_TRUE;
|
| SSL_AtomicIncrementLong(& ssl3stats.sch_sid_cache_hits );
|
|
|
| /* Are we attempting a stateless session resume? */
|
| -@@ -4305,7 +4337,11 @@
|
| +@@ -4325,7 +4358,11 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
|
| ssl_renegotiation_info_xtn;
|
| }
|
|
|
| - rv = ssl3_FlushHandshake(ss, 0);
|
| + flags = 0;
|
| -+ if (!serverVersionKnown && !IS_DTLS(ss)) {
|
| ++ if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) {
|
| + flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
|
| + }
|
| + rv = ssl3_FlushHandshake(ss, flags);
|
| if (rv != SECSuccess) {
|
| return rv; /* error code set by ssl3_FlushHandshake */
|
| }
|
| -Index: net/third_party/nss/ssl/dtls1con.c
|
| +Index: mozilla/security/nss/lib/ssl/dtlscon.c
|
| ===================================================================
|
| ---- net/third_party/nss/ssl/dtls1con.c (revision 146623)
|
| -+++ net/third_party/nss/ssl/dtls1con.c (working copy)
|
| -@@ -834,7 +834,8 @@
|
| +RCS file: /cvsroot/mozilla/security/nss/lib/ssl/dtlscon.c,v
|
| +retrieving revision 1.3
|
| +diff -u -p -r1.3 dtlscon.c
|
| +--- mozilla/security/nss/lib/ssl/dtlscon.c 4 Jul 2012 15:21:47 -0000 1.3
|
| ++++ mozilla/security/nss/lib/ssl/dtlscon.c 17 Aug 2012 02:10:02 -0000
|
| +@@ -802,7 +802,8 @@ dtls_CompressMACEncryptRecord(sslSocket
|
|
|
| if (cwSpec) {
|
| rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer, PR_TRUE,
|
|
|
Chromium Code Reviews
Issue 10828269:
When renegotiating, continue to use the client_version used in the initial ClientHello (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/