Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches.chromium/0009-stricter_cutthrough.patch

Issue 2072073002: Delete bundled copy of OpenSSL and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master
Patch Set: Delete bundled copy of OpenSSL and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « patches.chromium/0008-paddingext.patch ('k') | patches.chromium/0010-mac_ia32_assembly.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
2 index e47eef1..d1b3224 100644
3 --- a/ssl/s3_clnt.c
4 +++ b/ssl/s3_clnt.c
5 @@ -557,7 +557,8 @@ int ssl3_connect(SSL *s)
6 }
7 else
8 {
9 - if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHR OUGH) && SSL_get_cipher_bits(s, NULL) >= 128
10 + if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHR OUGH)
11 + && ssl3_can_cutthrough(s)
12 && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
13 )
14 {
15 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
16 index 45a76ae..d75b9f7 100644
17 --- a/ssl/ssl_lib.c
18 +++ b/ssl/ssl_lib.c
19 @@ -3305,12 +3305,39 @@ int SSL_cutthrough_complete(const SSL *s)
20 s->version >= SSL3_VERSION &&
21 s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */
22 (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* c utthrough enabled */
23 - SSL_get_cipher_bits(s, NULL) >= 128 && /* s trong cipher choosen */
24 + ssl3_can_cutthrough(s) && /* c utthrough allowed */
25 s->s3->previous_server_finished_len == 0 && /* n ot a renegotiation handshake */
26 (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* r eady to write app-data*/
27 s->state == SSL3_ST_CR_FINISHED_A));
28 }
29
30 +int ssl3_can_cutthrough(const SSL *s)
31 + {
32 + const SSL_CIPHER *c;
33 +
34 + /* require a strong enough cipher */
35 + if (SSL_get_cipher_bits(s, NULL) < 128)
36 + return 0;
37 +
38 + /* require NPN extension */
39 +#ifndef OPENSSL_NO_NEXTPROTONEG
40 + if (!s->s3->next_proto_neg_seen)
41 + return 0;
42 +#else
43 + return 0;
44 +#endif
45 +
46 + /* require a forward-secret cipher */
47 + c = SSL_get_current_cipher(s);
48 + if (!c || (c->algorithm_mkey != SSL_kEDH &&
49 + c->algorithm_mkey != SSL_kEECDH))
50 + {
51 + return 0;
52 + }
53 +
54 + return 1;
55 + }
56 +
57 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
58 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
59 * any. If EVP_MD pointer is passed, initializes ctx with this md
60 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
61 index 2f8cda8..3732825 100644
62 --- a/ssl/ssl_locl.h
63 +++ b/ssl/ssl_locl.h
64 @@ -1160,6 +1160,8 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
65 int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
66 #endif
67
68 +int ssl3_can_cutthrough(const SSL *s);
69 +
70 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
71 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
72 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
OLDNEW
« no previous file with comments | « patches.chromium/0008-paddingext.patch ('k') | patches.chromium/0010-mac_ia32_assembly.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698