net/third_party/nss/patches/falsestart2.patch - Issue 6487026: Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and...

Side by Side Diff: net/third_party/nss/patches/falsestart2.patch

Issue 6487026: Update to NSS 3.12.9. falsestart.patch, falsestart2.patch, and... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 9 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 Index: mozilla/security/nss/lib/ssl/sslauth.c

2 ===================================================================

3 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslauth.c,v

4 retrieving revision 1.16

5 diff -p -u -8 -r1.16 sslauth.c

6 --- mozilla/security/nss/lib/ssl/sslauth.c 20 Apr 2006 00:20:45 -0000 1.16

7 +++ mozilla/security/nss/lib/ssl/sslauth.c 27 Aug 2010 02:01:44 -0000

8 @@ -87,16 +87,17 @@ SSL_LocalCertificate(PRFileDesc *fd)

9 /* NEED LOCKS IN HERE. */

10 SECStatus

11 SSL_SecurityStatus(PRFileDesc fd, int op, char *cp, int kp0, int *kp1,

12 char ip, char sp)

13 {

14 sslSocket *ss;

15 const char *cipherName;

16 PRBool isDes = PR_FALSE;

17 + PRBool enoughFirstHsDone = PR_FALSE;

18

19 ss = ssl_FindSocket(fd);

20 if (!ss) {

21 SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",

22 SSL_GETPID(), fd));

23 return SECFailure;

24 }

25

26 @@ -104,18 +105,24 @@ SSL_SecurityStatus(PRFileDesc fd, int

27 if (kp0) *kp0 = 0;

28 if (kp1) *kp1 = 0;

29 if (ip) *ip = 0;

30 if (sp) *sp = 0;

31 if (op) {

32 *op = SSL_SECURITY_STATUS_OFF;

33 }

34

35 - if (ss->opt.useSecurity && ss->firstHsDone) {

36 + if (ss->firstHsDone) {

37 + enoughFirstHsDone = PR_TRUE;

38 + } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&

39 + ssl3_CanFalseStart(ss)) {

40 + enoughFirstHsDone = PR_TRUE;

41 + }

42

43 + if (ss->opt.useSecurity && enoughFirstHsDone) {

44 if (ss->version < SSL_LIBRARY_VERSION_3_0) {

45 cipherName = ssl_cipherName[ss->sec.cipherType];

46 } else {

47 cipherName = ssl3_cipherName[ss->sec.cipherType];

48 }

49 PORT_Assert(cipherName);

50 if (cipherName) {

51 if (PORT_Strstr(cipherName, "DES")) isDes = PR_TRUE;

52 Index: mozilla/security/nss/lib/ssl/sslinfo.c

53 ===================================================================

54 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v

55 retrieving revision 1.23

56 diff -p -u -8 -r1.23 sslinfo.c

57 --- mozilla/security/nss/lib/ssl/sslinfo.c 15 Jan 2010 01:49:33 -0000 1.23

58 +++ mozilla/security/nss/lib/ssl/sslinfo.c 27 Aug 2010 02:01:44 -0000

59 @@ -55,33 +55,41 @@ ssl_GetCompressionMethodName(SSLCompress

60 }

61

62 SECStatus

63 SSL_GetChannelInfo(PRFileDesc fd, SSLChannelInfo info, PRUintn len)

64 {

65 sslSocket * ss;

66 SSLChannelInfo inf;

67 sslSessionID * sid;

68 + PRBool enoughFirstHsDone = PR_FALSE;

69

70 if (!info \|\| len < sizeof inf.length) {

71 PORT_SetError(SEC_ERROR_INVALID_ARGS);

72 return SECFailure;

73 }

74

75 ss = ssl_FindSocket(fd);

76 if (!ss) {

77 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",

78 SSL_GETPID(), fd));

79 return SECFailure;

80 }

81

82 memset(&inf, 0, sizeof inf);

83 inf.length = PR_MIN(sizeof inf, len);

84

85 - if (ss->opt.useSecurity && ss->firstHsDone) {

86 + if (ss->firstHsDone) {

87 + enoughFirstHsDone = PR_TRUE;

88 + } else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&

89 + ssl3_CanFalseStart(ss)) {

90 + enoughFirstHsDone = PR_TRUE;

91 + }

92 +

93 + if (ss->opt.useSecurity && enoughFirstHsDone) {

94 sid = ss->sec.ci.sid;

95 inf.protocolVersion = ss->version;

96 inf.authKeyBits = ss->sec.authKeyBits;

97 inf.keaKeyBits = ss->sec.keaKeyBits;

98 if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */

99 inf.cipherSuite = ss->sec.cipherType \| 0xff00;

100 inf.compressionMethod = ssl_compression_null;

101 inf.compressionMethodName = "N/A";

102 Index: mozilla/security/nss/lib/ssl/sslreveal.c

103 ===================================================================

104 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslreveal.c,v

105 retrieving revision 1.7

106 diff -p -u -8 -r1.7 sslreveal.c

107 --- mozilla/security/nss/lib/ssl/sslreveal.c 4 Feb 2010 03:21:11 -0000 1.7

108 +++ mozilla/security/nss/lib/ssl/sslreveal.c 27 Aug 2010 02:01:44 -0000

109 @@ -106,24 +106,36 @@ SSL_RevealURL(PRFileDesc * fd)

110 SECStatus

111 SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,

112 SSLExtensionType extId,

113 PRBool *pYes)

114 {

115 /* some decisions derived from SSL_GetChannelInfo */

116 sslSocket * sslsocket = NULL;

117 SECStatus rv = SECFailure;

118 + PRBool enoughFirstHsDone = PR_FALSE;

119

120 if (!pYes)

121 return rv;

122

123 sslsocket = ssl_FindSocket(socket);

124 + if (!sslsocket) {

125 + SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",

126 + SSL_GETPID(), socket));

127 + return rv;

128 + }

129 +

130 + if (sslsocket->firstHsDone) {

131 + enoughFirstHsDone = PR_TRUE;

132 + } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {

133 + enoughFirstHsDone = PR_TRUE;

134 + }

135

136 /* according to public API SSL_GetChannelInfo, this doesn't need a lock */

137 - if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) {

138 + if (sslsocket->opt.useSecurity && enoughFirstHsDone) {

139 if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */

140 /* now we know this socket went through ssl3_InitState() and

141 * ss->xtnData got initialized, which is the only member accessed by

142 * ssl3_ExtensionNegotiated();

143 * Member xtnData appears to get accessed in functions that handle

144 * the handshake (hello messages and extension sending),

145 * therefore the handshake lock should be sufficient.

146 */

OLD	NEW

« no previous file with comments | « net/third_party/nss/patches/falsestart.patch ('k') | net/third_party/nss/patches/ocspstapling.patch » ('j') | no next file with comments »