Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1497)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 7239002: net: Precede each CBC encrypted application data record with an empty one. (Closed)

Created:
9 years, 6 months ago by agl
Modified:
9 years, 6 months ago
Reviewers:
wtc
Visibility:
Public.

Description

net: Precede each CBC encrypted application data record with an empty one. Precede each CBC encrypted application data record with an empty application data record in order to randomize the IV in a backwards compatible manner. BUG=87159 TEST=HTTPS sites continue to work. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=90632

Patch Set 1 #

Total comments: 12

Patch Set 2 : ... #

Patch Set 3 : ... #

Total comments: 4

Patch Set 4 : ... #

Unified diffs Side-by-side diffs Delta from patch set Stats (+106 lines, -2 lines) Patch
M net/third_party/nss/README.chromium View 1 2 3 1 chunk +5 lines, -0 lines 0 comments Download
M net/third_party/nss/patches/applypatches.sh View 1 2 1 chunk +2 lines, -0 lines 0 comments Download
A net/third_party/nss/patches/cbcrandomiv.patch View 1 2 3 1 chunk +73 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/ssl3con.c View 1 2 3 5 chunks +26 lines, -2 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
agl
9 years, 6 months ago (2011-06-22 21:31:46 UTC) #1
wtc
LGTM. Please note my comments below. http://codereview.chromium.org/7239002/diff/1/net/third_party/nss/README.chromium File net/third_party/nss/README.chromium (right): http://codereview.chromium.org/7239002/diff/1/net/third_party/nss/README.chromium#newcode46 net/third_party/nss/README.chromium:46: * Preceed each ...
9 years, 6 months ago (2011-06-23 23:58:33 UTC) #2
agl
I'd like you to confirm that you're ok with the "if (ss->pendingBuf.len)" stuff before landing. ...
9 years, 6 months ago (2011-06-24 18:50:18 UTC) #3
agl
(appengine's email sending didn't appear to work last time.)
9 years, 6 months ago (2011-06-24 19:04:44 UTC) #4
wtc
LGTM. http://codereview.chromium.org/7239002/diff/5001/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): http://codereview.chromium.org/7239002/diff/5001/net/third_party/nss/ssl/ssl3con.c#newcode2368 net/third_party/nss/ssl/ssl3con.c:2368: } I suspect what you described will indeed ...
9 years, 6 months ago (2011-06-27 18:11:55 UTC) #5
agl
9 years, 6 months ago (2011-06-27 19:05:30 UTC) #6 
http://codereview.chromium.org/7239002/diff/5001/net/third_party/nss/ssl/ssl3...
File net/third_party/nss/ssl/ssl3con.c (right):

http://codereview.chromium.org/7239002/diff/5001/net/third_party/nss/ssl/ssl3...
net/third_party/nss/ssl/ssl3con.c:2368: }
On 2011/06/27 18:11:55, wtc wrote:
> I suspect what you described will indeed happen if we
> simply fall into the while loop below.  But I think it's
> better to deal with the if (ss->pendingBuf.len) condition
> explicitly; at least it would help me convince myself the
> new code is correct.
> 
> Because of your comment, I found that given totalSent = 0,
> we can simplify it to avoid the goto statement:
> 
>         if (ss->pendingBuf.len) {
>             /* must be a non-blocking socket */
>             PORT_Assert(!ssl_SocketIsBlocking(ss));
>             PORT_Assert(ss->lastWriteBlocked);
>             PORT_SetError(PR_WOULD_BLOCK_ERROR);
>             return SECFailure;
>         }

Done.

http://codereview.chromium.org/7239002/diff/5001/net/third_party/nss/ssl/ssl3...
net/third_party/nss/ssl/ssl3con.c:2404: writeBlocked:
On 2011/06/27 18:11:55, wtc wrote:
> Nit: labels are not indented in the NSS source code.

(mooted: line removed.)

Powered by Google App Engine
This is Rietveld 408576698