| OLD | NEW |
|---|
| 1 diff --git a/mozilla/security/nss/cmd/strsclnt/strsclnt.c b/mozilla/security/nss
/cmd/strsclnt/strsclnt.c | 1 Index: mozilla/security/nss/cmd/strsclnt/strsclnt.c |
| 2 index c266644..1f71434 100644 | 2 =================================================================== |
| 3 --- a/mozilla/security/nss/cmd/strsclnt/strsclnt.c | 3 RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v |
| 4 +++ b/mozilla/security/nss/cmd/strsclnt/strsclnt.c | 4 retrieving revision 1.66 |
| 5 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE; | 5 diff -u -p -r1.66 strsclnt.c |
| 6 --- mozilla/security/nss/cmd/strsclnt/strsclnt.c» 10 Feb 2010 18:07:20 -00
00» 1.66 |
| 7 +++ mozilla/security/nss/cmd/strsclnt/strsclnt.c» 16 Mar 2010 01:25:41 -00
00 |
| 8 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE |
| 6 static PRBool ignoreErrors = PR_FALSE; | 9 static PRBool ignoreErrors = PR_FALSE; |
| 7 static PRBool enableSessionTickets = PR_FALSE; | 10 static PRBool enableSessionTickets = PR_FALSE; |
| 8 static PRBool enableCompression = PR_FALSE; | 11 static PRBool enableCompression = PR_FALSE; |
| 9 +static PRBool enableFalseStart = PR_FALSE; | 12 +static PRBool enableFalseStart = PR_FALSE; |
| 10 | 13 |
| 11 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; | 14 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; |
| 12 | 15 |
| 13 @@ -197,7 +198,8 @@ Usage(const char *progName) | 16 @@ -197,7 +198,8 @@ Usage(const char *progName) |
| 14 " -U means enable throttling up threads\n" | 17 " -U means enable throttling up threads\n" |
| 15 " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" | 18 " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 44 | 47 |
| 45 @@ -1384,6 +1392,8 @@ main(int argc, char **argv) | 48 @@ -1384,6 +1392,8 @@ main(int argc, char **argv) |
| 46 | 49 |
| 47 case 'f': fileName = optstate->value; break; | 50 case 'f': fileName = optstate->value; break; |
| 48 | 51 |
| 49 + case 'g': enableFalseStart = PR_TRUE; break; | 52 + case 'g': enableFalseStart = PR_TRUE; break; |
| 50 + | 53 + |
| 51 case 'i': ignoreErrors = PR_TRUE; break; | 54 case 'i': ignoreErrors = PR_TRUE; break; |
| 52 | 55 |
| 53 case 'n': nickName = PL_strdup(optstate->value); break; | 56 case 'n': nickName = PL_strdup(optstate->value); break; |
| 54 diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/c
md/tstclnt/tstclnt.c | 57 Index: mozilla/security/nss/cmd/tstclnt/tstclnt.c |
| 55 index c15a0ad..55684e6 100644 | 58 =================================================================== |
| 56 --- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c | 59 RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v |
| 57 +++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c | 60 retrieving revision 1.62 |
| 61 diff -u -p -r1.62 tstclnt.c |
| 62 --- mozilla/security/nss/cmd/tstclnt/tstclnt.c» 10 Feb 2010 18:07:21 -0000»
1.62 |
| 63 +++ mozilla/security/nss/cmd/tstclnt/tstclnt.c» 16 Mar 2010 01:25:41 -0000 |
| 58 @@ -225,6 +225,7 @@ static void Usage(const char *progName) | 64 @@ -225,6 +225,7 @@ static void Usage(const char *progName) |
| 59 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "
-r N"); | 65 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "
-r N"); |
| 60 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); | 66 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); |
| 61 fprintf(stderr, "%-20s Enable compression.\n", "-z"); | 67 fprintf(stderr, "%-20s Enable compression.\n", "-z"); |
| 62 + fprintf(stderr, "%-20s Enable false start.\n", "-g"); | 68 + fprintf(stderr, "%-20s Enable false start.\n", "-g"); |
| 63 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", | 69 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", |
| 64 "-c ciphers"); | 70 "-c ciphers"); |
| 65 fprintf(stderr, | 71 fprintf(stderr, |
| 66 @@ -521,6 +522,7 @@ int main(int argc, char **argv) | 72 @@ -521,6 +522,7 @@ int main(int argc, char **argv) |
| 67 int useExportPolicy = 0; | 73 int useExportPolicy = 0; |
| (...skipping 30 matching lines...) Expand all Loading... |
| 98 + /* enable false start. */ | 104 + /* enable false start. */ |
| 99 + rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); | 105 + rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); |
| 100 + if (rv != SECSuccess) { | 106 + if (rv != SECSuccess) { |
| 101 + SECU_PrintError(progName, "error enabling false start"); | 107 + SECU_PrintError(progName, "error enabling false start"); |
| 102 + return 1; | 108 + return 1; |
| 103 + } | 109 + } |
| 104 + | 110 + |
| 105 SSL_SetPKCS11PinArg(s, &pwdata); | 111 SSL_SetPKCS11PinArg(s, &pwdata); |
| 106 | 112 |
| 107 SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); | 113 SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); |
| 108 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s
sl.h | 114 Index: mozilla/security/nss/lib/ssl/ssl.h |
| 109 index e285ab4..bd1bfd3 100644 | 115 =================================================================== |
| 110 --- a/mozilla/security/nss/lib/ssl/ssl.h | 116 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v |
| 111 +++ b/mozilla/security/nss/lib/ssl/ssl.h | 117 retrieving revision 1.38 |
| 112 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFi
leDesc *fd); | 118 diff -u -p -r1.38 ssl.h |
| 119 --- mozilla/security/nss/lib/ssl/ssl.h» 17 Feb 2010 02:29:07 -0000» 1.38 |
| 120 +++ mozilla/security/nss/lib/ssl/ssl.h» 16 Mar 2010 01:25:41 -0000 |
| 121 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi |
| 113 /* Renegotiation Info (RI) */ | 122 /* Renegotiation Info (RI) */ |
| 114 /* extension in ALL handshakes. */ | 123 /* extension in ALL handshakes. */ |
| 115 /* default: off */ | 124 /* default: off */ |
| 116 +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | 125 +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
| 117 + /* default, applies only to */ | 126 + /* default, applies only to */ |
| 118 + /* clients). False start is a */ | 127 + /* clients). False start is a */ |
| 119 +/* mode where an SSL client will start sending application data before */ | 128 +/* mode where an SSL client will start sending application data before */ |
| 120 +/* verifying the server's Finished message. This means that we could end up */ | 129 +/* verifying the server's Finished message. This means that we could end up */ |
| 121 +/* sending data to an imposter. However, the data will be encrypted and */ | 130 +/* sending data to an imposter. However, the data will be encrypted and */ |
| 122 +/* only the true server can derive the session key. Thus, so long as the */ | 131 +/* only the true server can derive the session key. Thus, so long as the */ |
| 123 +/* cipher isn't broken this is safe. Because of this, False Start will only */ | 132 +/* cipher isn't broken this is safe. Because of this, False Start will only */ |
| 124 +/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | 133 +/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ |
| 125 +/* bits. The advantage of False Start is that it saves a round trip for */ | 134 +/* bits. The advantage of False Start is that it saves a round trip for */ |
| 126 +/* client-speaks-first protocols when performing a full handshake. */ | 135 +/* client-speaks-first protocols when performing a full handshake. */ |
| 127 | 136 |
| 128 #ifdef SSL_DEPRECATED_FUNCTION | 137 #ifdef SSL_DEPRECATED_FUNCTION |
| 129 /* Old deprecated function names */ | 138 /* Old deprecated function names */ |
| 130 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s
sl/ssl3con.c | 139 Index: mozilla/security/nss/lib/ssl/ssl3con.c |
| 131 index 6b37c4f..f073431 100644 | 140 =================================================================== |
| 132 --- a/mozilla/security/nss/lib/ssl/ssl3con.c | 141 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v |
| 133 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c | 142 retrieving revision 1.136 |
| 134 @@ -5656,7 +5656,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, | 143 diff -u -p -r1.136 ssl3con.c |
| 144 --- mozilla/security/nss/lib/ssl/ssl3con.c» 17 Feb 2010 02:29:07 -0000»
1.136 |
| 145 +++ mozilla/security/nss/lib/ssl/ssl3con.c» 16 Mar 2010 01:25:41 -0000 |
| 146 @@ -5656,7 +5656,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc |
| 135 return rv; | 147 return rv; |
| 136 } | 148 } |
| 137 | 149 |
| 138 - | 150 - |
| 139 +PRBool | 151 +PRBool |
| 140 +ssl3_CanFalseStart(sslSocket *ss) { | 152 +ssl3_CanFalseStart(sslSocket *ss) { |
| 141 + return ss->opt.enableFalseStart && | 153 + return ss->opt.enableFalseStart && |
| 142 + !ss->sec.isServer && | 154 + !ss->sec.isServer && |
| 143 + !ss->ssl3.hs.isResuming && | 155 + !ss->ssl3.hs.isResuming && |
| 144 + ss->ssl3.cwSpec && | 156 + ss->ssl3.cwSpec && |
| 145 + ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | 157 + ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && |
| 146 + (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || | 158 + (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || |
| 147 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || | 159 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || |
| 148 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); | 160 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); |
| 149 +} | 161 +} |
| 150 | 162 |
| 151 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 163 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
| 152 * ssl3 Server Hello Done message. | 164 * ssl3 Server Hello Done message. |
| 153 @@ -5728,6 +5738,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss) | 165 @@ -5728,6 +5738,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss |
| 154 ss->ssl3.hs.ws = wait_new_session_ticket; | 166 ss->ssl3.hs.ws = wait_new_session_ticket; |
| 155 else | 167 else |
| 156 ss->ssl3.hs.ws = wait_change_cipher; | 168 ss->ssl3.hs.ws = wait_change_cipher; |
| 157 + | 169 + |
| 158 + /* Do the handshake callback for sslv3 here. */ | 170 + /* Do the handshake callback for sslv3 here. */ |
| 159 + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | 171 + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { |
| 160 + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 172 + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
| 161 + } | 173 + } |
| 162 + | 174 + |
| 163 return SECSuccess; | 175 return SECSuccess; |
| 164 | 176 |
| 165 loser: | 177 loser: |
| 166 @@ -8468,7 +8484,7 @@ xmit_loser: | 178 @@ -8468,7 +8484,7 @@ xmit_loser: |
| 167 ss->ssl3.hs.ws = idle_handshake; | 179 ss->ssl3.hs.ws = idle_handshake; |
| 168 | 180 |
| 169 /* Do the handshake callback for sslv3 here. */ | 181 /* Do the handshake callback for sslv3 here. */ |
| 170 - if (ss->handshakeCallback != NULL) { | 182 - if (ss->handshakeCallback != NULL) { |
| 171 + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | 183 + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { |
| 172 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 184 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
| 173 } | 185 } |
| 174 | 186 |
| 175 diff --git a/mozilla/security/nss/lib/ssl/ssl3gthr.c b/mozilla/security/nss/lib/
ssl/ssl3gthr.c | 187 Index: mozilla/security/nss/lib/ssl/ssl3gthr.c |
| 176 index bdd2958..28fe154 100644 | 188 =================================================================== |
| 177 --- a/mozilla/security/nss/lib/ssl/ssl3gthr.c | 189 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3gthr.c,v |
| 178 +++ b/mozilla/security/nss/lib/ssl/ssl3gthr.c | 190 retrieving revision 1.9 |
| 179 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | 191 diff -u -p -r1.9 ssl3gthr.c |
| 192 --- mozilla/security/nss/lib/ssl/ssl3gthr.c» 20 Nov 2008 07:37:25 -0000»
1.9 |
| 193 +++ mozilla/security/nss/lib/ssl/ssl3gthr.c» 16 Mar 2010 01:25:41 -0000 |
| 194 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket * |
| 180 { | 195 { |
| 181 SSL3Ciphertext cText; | 196 SSL3Ciphertext cText; |
| 182 int rv; | 197 int rv; |
| 183 + PRBool canFalseStart = PR_FALSE; | 198 + PRBool canFalseStart = PR_FALSE; |
| 184 | 199 |
| 185 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 200 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 186 do { | 201 do { |
| 187 @@ -207,7 +208,17 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | 202 @@ -207,7 +208,20 @@ ssl3_GatherCompleteHandshake(sslSocket * |
| 188 if (rv < 0) { | 203 if (rv < 0) { |
| 189 return ss->recvdCloseNotify ? 0 : rv; | 204 return ss->recvdCloseNotify ? 0 : rv; |
| 190 } | 205 } |
| 191 - } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); | 206 - } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); |
| 192 + | 207 + |
| 208 + /* If we kicked off a false start in ssl3_HandleServerHelloDone, break |
| 209 + * out of this loop early without finishing the handshake. |
| 210 + */ |
| 193 + if (ss->opt.enableFalseStart) { | 211 + if (ss->opt.enableFalseStart) { |
| 194 + ssl_GetSSL3HandshakeLock(ss); | 212 + ssl_GetSSL3HandshakeLock(ss); |
| 195 + canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || | 213 + canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || |
| 196 + ss->ssl3.hs.ws == wait_new_session_ticket) && | 214 + ss->ssl3.hs.ws == wait_new_session_ticket) && |
| 197 + ssl3_CanFalseStart(ss); | 215 + ssl3_CanFalseStart(ss); |
| 198 + ssl_ReleaseSSL3HandshakeLock(ss); | 216 + ssl_ReleaseSSL3HandshakeLock(ss); |
| 199 + } | 217 + } |
| 200 + } while (ss->ssl3.hs.ws != idle_handshake && | 218 + } while (ss->ssl3.hs.ws != idle_handshake && |
| 201 + !canFalseStart && | 219 + !canFalseStart && |
| 202 + ss->gs.buf.len == 0); | 220 + ss->gs.buf.len == 0); |
| 203 | 221 |
| 204 ss->gs.readOffset = 0; | 222 ss->gs.readOffset = 0; |
| 205 ss->gs.writeOffset = ss->gs.buf.len; | 223 ss->gs.writeOffset = ss->gs.buf.len; |
| 206 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/s
sl/sslimpl.h | 224 Index: mozilla/security/nss/lib/ssl/sslimpl.h |
| 207 index 7581b98..00f0ce2 100644 | 225 =================================================================== |
| 208 --- a/mozilla/security/nss/lib/ssl/sslimpl.h | 226 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v |
| 209 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h | 227 retrieving revision 1.77 |
| 228 diff -u -p -r1.77 sslimpl.h |
| 229 --- mozilla/security/nss/lib/ssl/sslimpl.h» 10 Feb 2010 00:33:50 -0000»
1.77 |
| 230 +++ mozilla/security/nss/lib/ssl/sslimpl.h» 16 Mar 2010 01:25:41 -0000 |
| 210 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { | 231 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { |
| 211 unsigned int enableDeflate : 1; /* 19 */ | 232 unsigned int enableDeflate : 1; /* 19 */ |
| 212 unsigned int enableRenegotiation : 2; /* 20-21 */ | 233 unsigned int enableRenegotiation : 2; /* 20-21 */ |
| 213 unsigned int requireSafeNegotiation : 1; /* 22 */ | 234 unsigned int requireSafeNegotiation : 1; /* 22 */ |
| 214 + unsigned int enableFalseStart : 1; /* 23 */ | 235 + unsigned int enableFalseStart : 1; /* 23 */ |
| 215 } sslOptions; | 236 } sslOptions; |
| 216 | 237 |
| 217 typedef enum { sslHandshakingUndetermined = 0, | 238 typedef enum { sslHandshakingUndetermined = 0, |
| 218 @@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslSocket *ss); | 239 @@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslS |
| 219 | 240 |
| 220 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 241 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
| 221 | 242 |
| 222 +extern PRBool ssl3_CanFalseStart(sslSocket *ss); | 243 +extern PRBool ssl3_CanFalseStart(sslSocket *ss); |
| 223 + | 244 + |
| 224 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) | 245 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) |
| 225 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock
) | 246 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock
) |
| 226 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) | 247 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) |
| 227 diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/
ssl/sslsecur.c | 248 Index: mozilla/security/nss/lib/ssl/sslsecur.c |
| 228 index 8f79135..4dc0475 100644 | 249 =================================================================== |
| 229 --- a/mozilla/security/nss/lib/ssl/sslsecur.c | 250 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v |
| 230 +++ b/mozilla/security/nss/lib/ssl/sslsecur.c | 251 retrieving revision 1.43 |
| 231 @@ -148,6 +148,12 @@ ssl_Do1stHandshake(sslSocket *ss) | 252 diff -u -p -r1.43 sslsecur.c |
| 232 » ss->gs.readOffset = 0; | 253 --- mozilla/security/nss/lib/ssl/sslsecur.c» 14 Jan 2010 22:15:25 -0000»
1.43 |
| 233 » break; | 254 +++ mozilla/security/nss/lib/ssl/sslsecur.c» 16 Mar 2010 01:25:41 -0000 |
| 234 » } | 255 @@ -1199,8 +1199,17 @@ ssl_SecureSend(sslSocket *ss, const unsi |
| 256 » ss->writerThread = PR_GetCurrentThread(); |
| 257 /* If any of these is non-zero, the initial handshake is not done. */ |
| 258 if (!ss->firstHsDone) { |
| 259 +» PRBool canFalseStart = PR_FALSE; |
| 260 » ssl_Get1stHandshakeLock(ss); |
| 261 -» if (ss->handshake || ss->nextHandshake || ss->securityHandshake) { |
| 235 + if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | 262 + if (ss->version >= SSL_LIBRARY_VERSION_3_0 && |
| 236 + (ss->ssl3.hs.ws == wait_change_cipher || | 263 + (ss->ssl3.hs.ws == wait_change_cipher || |
| 264 + ss->ssl3.hs.ws == wait_finished || |
| 237 + ss->ssl3.hs.ws == wait_new_session_ticket) && | 265 + ss->ssl3.hs.ws == wait_new_session_ticket) && |
| 238 + ssl3_CanFalseStart(ss)) { | 266 + ssl3_CanFalseStart(ss)) { |
| 239 +» break; | 267 +» canFalseStart = PR_TRUE; |
| 240 + } | 268 + } |
| 241 » rv = (*ss->handshake)(ss); | 269 +» if (!canFalseStart && |
| 242 » ++loopCount; | 270 +» (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
| 243 /* This code must continue to loop on SECWouldBlock, | 271 » rv = ssl_Do1stHandshake(ss); |
| 244 diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/s
sl/sslsock.c | 272 » } |
| 245 index aab48d6..40f633a 100644 | 273 » ssl_Release1stHandshakeLock(ss); |
| 246 --- a/mozilla/security/nss/lib/ssl/sslsock.c | 274 Index: mozilla/security/nss/lib/ssl/sslsock.c |
| 247 +++ b/mozilla/security/nss/lib/ssl/sslsock.c | 275 =================================================================== |
| 276 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v |
| 277 retrieving revision 1.66 |
| 278 diff -u -p -r1.66 sslsock.c |
| 279 --- mozilla/security/nss/lib/ssl/sslsock.c» 26 Feb 2010 20:44:54 -0000»
1.66 |
| 280 +++ mozilla/security/nss/lib/ssl/sslsock.c» 16 Mar 2010 01:25:41 -0000 |
| 248 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { | 281 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { |
| 249 PR_FALSE, /* enableDeflate */ | 282 PR_FALSE, /* enableDeflate */ |
| 250 2, /* enableRenegotiation (default: requires extension) */ | 283 2, /* enableRenegotiation (default: requires extension) */ |
| 251 PR_FALSE, /* requireSafeNegotiation */ | 284 PR_FALSE, /* requireSafeNegotiation */ |
| 252 + PR_FALSE, /* enableFalseStart */ | 285 + PR_FALSE, /* enableFalseStart */ |
| 253 }; | 286 }; |
| 254 | 287 |
| 255 sslSessionIDLookupFunc ssl_sid_lookup; | 288 sslSessionIDLookupFunc ssl_sid_lookup; |
| 256 @@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) | 289 @@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh |
| 257 ss->opt.requireSafeNegotiation = on; | 290 ss->opt.requireSafeNegotiation = on; |
| 258 break; | 291 break; |
| 259 | 292 |
| 260 + case SSL_ENABLE_FALSE_START: | 293 + case SSL_ENABLE_FALSE_START: |
| 261 + ss->opt.enableFalseStart = on; | 294 + ss->opt.enableFalseStart = on; |
| 262 + break; | 295 + break; |
| 263 + | 296 + |
| 264 default: | 297 default: |
| 265 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 298 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 266 rv = SECFailure; | 299 rv = SECFailure; |
| 267 @@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) | 300 @@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh |
| 268 on = ss->opt.enableRenegotiation; break; | 301 on = ss->opt.enableRenegotiation; break; |
| 269 case SSL_REQUIRE_SAFE_NEGOTIATION: | 302 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 270 on = ss->opt.requireSafeNegotiation; break; | 303 on = ss->opt.requireSafeNegotiation; break; |
| 271 + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 304 + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
| 272 | 305 |
| 273 default: | 306 default: |
| 274 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 307 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 275 @@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) | 308 @@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo |
| 276 case SSL_REQUIRE_SAFE_NEGOTIATION: | 309 case SSL_REQUIRE_SAFE_NEGOTIATION: |
| 277 on = ssl_defaults.requireSafeNegotiation; | 310 on = ssl_defaults.requireSafeNegotiation; |
| 278 break; | 311 break; |
| 279 + case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 312 + case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
| 280 | 313 |
| 281 default: | 314 default: |
| 282 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 315 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 283 @@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) | 316 @@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo |
| 284 ssl_defaults.requireSafeNegotiation = on; | 317 ssl_defaults.requireSafeNegotiation = on; |
| 285 break; | 318 break; |
| 286 | 319 |
| 287 + case SSL_ENABLE_FALSE_START: | 320 + case SSL_ENABLE_FALSE_START: |
| 288 + ssl_defaults.enableFalseStart = on; | 321 + ssl_defaults.enableFalseStart = on; |
| 289 + break; | 322 + break; |
| 290 + | 323 + |
| 291 default: | 324 default: |
| 292 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 325 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 293 return SECFailure; | 326 return SECFailure; |
| 294 diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss
/tests/ssl/sslstress.txt | 327 Index: mozilla/security/nss/tests/ssl/sslstress.txt |
| 295 index 9a3aae8..c2a5c76 100644 | 328 =================================================================== |
| 296 --- a/mozilla/security/nss/tests/ssl/sslstress.txt | 329 RCS file: /cvsroot/mozilla/security/nss/tests/ssl/sslstress.txt,v |
| 297 +++ b/mozilla/security/nss/tests/ssl/sslstress.txt | 330 retrieving revision 1.18 |
| 331 diff -u -p -r1.18 sslstress.txt |
| 332 --- mozilla/security/nss/tests/ssl/sslstress.txt» 3 Feb 2010 02:25:36 -000
0» 1.18 |
| 333 +++ mozilla/security/nss/tests/ssl/sslstress.txt» 16 Mar 2010 01:25:41 -00
00 |
| 298 @@ -42,9 +42,11 @@ | 334 @@ -42,9 +42,11 @@ |
| 299 noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128
with MD5 | 335 noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128
with MD5 |
| 300 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128
with MD5 | 336 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128
with MD5 |
| 301 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128
with MD5 | 337 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128
with MD5 |
| 302 + noECC 0 _ -c_1000_-C_c_-h Stress TLS RC4 128
with MD5 (false start) | 338 + noECC 0 _ -c_1000_-C_c_-h Stress TLS RC4 128
with MD5 (false start) |
| 303 noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket) | 339 noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket) |
| 304 noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128
with MD5 (compression) | 340 noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128
with MD5 (compression) |
| 305 noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128
with MD5 (session ticket, compression) | 341 noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128
with MD5 (session ticket, compression) |
| 306 + noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-h Stress TLS RC4 128
with MD5 (session ticket, compression, false start) | 342 + noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-h Stress TLS RC4 128
with MD5 (session ticket, compression, false start) |
| 307 SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket, SNI) | 343 SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket, SNI) |
| 308 | 344 |
| 309 # | 345 # |
| 310 @@ -55,7 +57,9 @@ | 346 @@ -55,7 +57,9 @@ |
| 311 noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 w
ith MD5 (no reuse, client auth) | 347 noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 w
ith MD5 (no reuse, client auth) |
| 312 noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 w
ith MD5 (session ticket, client auth) | 348 noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 w
ith MD5 (session ticket, client auth) |
| 313 noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 w
ith MD5 (compression, client auth) | 349 noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 w
ith MD5 (compression, client auth) |
| 314 + noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-h Stress TLS RC4 12
8 with MD5 (compression, client auth, false start) | 350 + noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-h Stress TLS RC4 12
8 with MD5 (compression, client auth, false start) |
| 315 noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 12
8 with MD5 (session ticket, compression, client auth) | 351 noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 12
8 with MD5 (session ticket, compression, client auth) |
| 316 + noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-h Stress TLS RC4
128 with MD5 (session ticket, compression, client auth, false start) | 352 + noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-h Stress TLS RC4
128 with MD5 (session ticket, compression, client auth, false start) |
| 317 SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 1
28 with MD5 (session ticket, SNI, client auth, default virt host) | 353 SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 1
28 with MD5 (session ticket, SNI, client auth, default virt host) |
| 318 SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_
-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, c
hange virt host) | 354 SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_
-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, c
hange virt host) |
| 319 | 355 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 850008:
ssl_SecureSend should not do handshake when the handshake wait state is... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/