Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(228)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/patches/cbcrandomiv.patch

Issue 8137027: net: disable 1/n-1 record splitting when False Start is disabled. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 From 03c5c660f3668ed1e9c9b6277d64c96d2ab3d890 Mon Sep 17 00:00:00 2001 1 From 0c2a0a73b65f94caf681dd884fbdedf9bb7f3b5d Mon Sep 17 00:00:00 2001
2 From: Adam Langley <agl@chromium.org> 2 From: Adam Langley <agl@chromium.org>
3 Date: Mon, 3 Oct 2011 12:23:29 -0400 3 Date: Mon, 3 Oct 2011 12:23:29 -0400
4 Subject: [PATCH] cbcrandomiv.patch 4 Subject: [PATCH] cbcrandomiv.patch
5 5
6 --- 6 ---
7 mozilla/security/nss/lib/ssl/ssl3con.c | 96 +++++++++++++++++++++++--------- 7 mozilla/security/nss/lib/ssl/ssl3con.c | 97 +++++++++++++++++++++++---------
8 1 files changed, 69 insertions(+), 27 deletions(-) 8 1 files changed, 70 insertions(+), 27 deletions(-)
9 9
10 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s sl/ssl3con.c 10 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s sl/ssl3con.c
11 index dd99962..2648cbe 100644 11 index dd99962..32f53ce 100644
12 --- a/mozilla/security/nss/lib/ssl/ssl3con.c 12 --- a/mozilla/security/nss/lib/ssl/ssl3con.c
13 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c 13 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c
14 @@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) { 14 @@ -2039,24 +2039,24 @@ ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
15 return isPresent; 15 return isPresent;
16 } 16 }
17 17
18 +/* Caller must hold the spec read lock. wrBuf is sometimes, but not always, 18 +/* Caller must hold the spec read lock. wrBuf is sometimes, but not always,
19 + * ss->sec.writeBuf. 19 + * ss->sec.writeBuf.
20 + */ 20 + */
21 static SECStatus 21 static SECStatus
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
83 - ssl_ReleaseSpecReadLock(ss); /************************************/ 83 - ssl_ReleaseSpecReadLock(ss); /************************************/
84 - 84 -
85 return SECSuccess; 85 return SECSuccess;
86 - 86 -
87 -spec_locked_loser: 87 -spec_locked_loser:
88 - ssl_ReleaseSpecReadLock(ss); 88 - ssl_ReleaseSpecReadLock(ss);
89 - return SECFailure; 89 - return SECFailure;
90 } 90 }
91 91
92 /* Process the plain text before sending it. 92 /* Process the plain text before sending it.
93 @@ -2227,20 +2221,70 @@ ssl3_SendRecord( sslSocket * ss, 93 @@ -2227,20 +2221,71 @@ ssl3_SendRecord( sslSocket * ss,
94 94
95 while (nIn > 0) { 95 while (nIn > 0) {
96 PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH); 96 PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
97 + unsigned int spaceNeeded; 97 + unsigned int spaceNeeded;
98 + unsigned int numRecords; 98 + unsigned int numRecords;
99 + 99 +
100 + ssl_GetSpecReadLock(ss); /********************************/ 100 + ssl_GetSpecReadLock(ss); /********************************/
101 + 101 +
102 + if (nIn > 1 && 102 + if (nIn > 1 &&
103 + ss->opt.enableFalseStart == PR_TRUE &&
103 + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS && 104 + ss->ssl3.cwSpec->version <= SSL_LIBRARY_VERSION_3_1_TLS &&
104 + type == content_application_data && 105 + type == content_application_data &&
105 + ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) { 106 + ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
106 + /* We will split the first byte of the record into its own record, 107 + /* We will split the first byte of the record into its own record,
107 + * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h 108 + * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
108 + */ 109 + */
109 + numRecords = 2; 110 + numRecords = 2;
110 + } else { 111 + } else {
111 + numRecords = 1; 112 + numRecords = 1;
112 + } 113 + }
113 114
114 - if (wrBuf->space < contentLen + SSL3_BUFFER_FUDGE) { 115 - if (wrBuf->space < contentLen + SSL3_BUFFER_FUDGE) {
115 - PRInt32 newSpace = PR_MAX(wrBuf->space * 2, contentLen); 116 - PRInt32 newSpace = PR_MAX(wrBuf->space * 2, contentLen);
116 - newSpace = PR_MIN(newSpace, MAX_FRAGMENT_LENGTH); 117 - newSpace = PR_MIN(newSpace, MAX_FRAGMENT_LENGTH);
117 - newSpace += SSL3_BUFFER_FUDGE; 118 - newSpace += SSL3_BUFFER_FUDGE;
118 - rv = sslBuffer_Grow(wrBuf, newSpace); 119 - rv = sslBuffer_Grow(wrBuf, newSpace);
119 + spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE); 120 + spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
120 + if (spaceNeeded > wrBuf->space) { 121 + if (spaceNeeded > wrBuf->space) {
121 + rv = sslBuffer_Grow(wrBuf, spaceNeeded); 122 + rv = sslBuffer_Grow(wrBuf, spaceNeeded);
122 if (rv != SECSuccess) { 123 if (rv != SECSuccess) {
123 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes", 124 SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
124 - SSL_GETPID(), ss->fd, newSpace)); 125 - SSL_GETPID(), ss->fd, newSpace));
125 - return SECFailure; /* sslBuffer_Grow set a memory error code. */ 126 - return SECFailure; /* sslBuffer_Grow set a memory error code. */
126 + SSL_GETPID(), ss->fd, spaceNeeded)); 127 + SSL_GETPID(), ss->fd, spaceNeeded));
127 + goto spec_locked_loser; /* sslBuffer_Grow set a memory error cod e. */ 128 + goto spec_locked_loser; /* sslBuffer_Grow set a memory error cod e. */
128 » } 129 +» }
129 » } 130 +» }
130 131 +
131 -» rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
132 + if (numRecords == 2) { 132 + if (numRecords == 2) {
133 + sslBuffer secondRecord; 133 + sslBuffer secondRecord;
134 + 134 +
135 + rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, 135 + rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
136 + ss->sec.isServer, type, pIn, 1, 136 + ss->sec.isServer, type, pIn, 1,
137 + wrBuf); 137 + wrBuf);
138 + if (rv != SECSuccess) 138 + if (rv != SECSuccess)
139 + goto spec_locked_loser; 139 + goto spec_locked_loser;
140 + 140 +
141 + PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:", 141 + PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:",
(...skipping 11 matching lines...) Expand all
153 + secondRecord.buf, secondRecord.len)); 153 + secondRecord.buf, secondRecord.len));
154 + wrBuf->len += secondRecord.len; 154 + wrBuf->len += secondRecord.len;
155 + } 155 + }
156 + } else { 156 + } else {
157 + rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec, 157 + rv = ssl3_CompressMACEncryptRecord(ss->ssl3.cwSpec,
158 + ss->sec.isServer, type, pIn, 158 + ss->sec.isServer, type, pIn,
159 + contentLen, wrBuf); 159 + contentLen, wrBuf);
160 + if (rv == SECSuccess) { 160 + if (rv == SECSuccess) {
161 + PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:", 161 + PRINT_BUF(50, (ss, "send (encrypted) record data [1/1]:",
162 + wrBuf->buf, wrBuf->len)); 162 + wrBuf->buf, wrBuf->len));
163 +» } 163 » }
164 +» } 164 » }
165 + 165
166 -» rv = ssl3_CompressMACEncryptRecord( ss, type, pIn, contentLen);
166 +spec_locked_loser: 167 +spec_locked_loser:
167 + ssl_ReleaseSpecReadLock(ss); /************************************/ 168 + ssl_ReleaseSpecReadLock(ss); /************************************/
168 + 169 +
169 if (rv != SECSuccess) 170 if (rv != SECSuccess)
170 return SECFailure; 171 return SECFailure;
171 172
172 @@ -2248,8 +2292,6 @@ ssl3_SendRecord( sslSocket * ss, 173 @@ -2248,8 +2293,6 @@ ssl3_SendRecord( sslSocket * ss,
173 nIn -= contentLen; 174 nIn -= contentLen;
174 PORT_Assert( nIn >= 0 ); 175 PORT_Assert( nIn >= 0 );
175 176
176 - PRINT_BUF(50, (ss, "send (encrypted) record data:", wrBuf->buf, wrBuf->l en)); 177 - PRINT_BUF(50, (ss, "send (encrypted) record data:", wrBuf->buf, wrBuf->l en));
177 - 178 -
178 /* If there's still some previously saved ciphertext, 179 /* If there's still some previously saved ciphertext,
179 * or the caller doesn't want us to send the data yet, 180 * or the caller doesn't want us to send the data yet,
180 * then add all our new ciphertext to the amount previously saved. 181 * then add all our new ciphertext to the amount previously saved.
OLDNEW
« no previous file with comments | « no previous file | net/third_party/nss/ssl/ssl3con.c » ('j') | net/third_party/nss/ssl/ssl3con.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698