Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(902)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: patches.chromium/0009-stricter_cutthrough.patch

Issue 2072073002: Delete bundled copy of OpenSSL and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master
Patch Set: Delete bundled copy of OpenSSL and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « patches.chromium/0008-paddingext.patch ('k') | patches.chromium/0010-mac_ia32_assembly.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches.chromium/0009-stricter_cutthrough.patch
diff --git a/patches.chromium/0009-stricter_cutthrough.patch b/patches.chromium/0009-stricter_cutthrough.patch
deleted file mode 100644
index a880d64fa24641f66dfe1cc7ba5b98d428c36e28..0000000000000000000000000000000000000000
--- a/patches.chromium/0009-stricter_cutthrough.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index e47eef1..d1b3224 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -557,7 +557,8 @@ int ssl3_connect(SSL *s)
- }
- else
- {
-- if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
-+ if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-+ && ssl3_can_cutthrough(s)
- && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
- )
- {
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 45a76ae..d75b9f7 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3305,12 +3305,39 @@ int SSL_cutthrough_complete(const SSL *s)
- s->version >= SSL3_VERSION &&
- s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */
- (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */
-- SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */
-+ ssl3_can_cutthrough(s) && /* cutthrough allowed */
- s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */
- (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/
- s->state == SSL3_ST_CR_FINISHED_A));
- }
-
-+int ssl3_can_cutthrough(const SSL *s)
-+ {
-+ const SSL_CIPHER *c;
-+
-+ /* require a strong enough cipher */
-+ if (SSL_get_cipher_bits(s, NULL) < 128)
-+ return 0;
-+
-+ /* require NPN extension */
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+ if (!s->s3->next_proto_neg_seen)
-+ return 0;
-+#else
-+ return 0;
-+#endif
-+
-+ /* require a forward-secret cipher */
-+ c = SSL_get_current_cipher(s);
-+ if (!c || (c->algorithm_mkey != SSL_kEDH &&
-+ c->algorithm_mkey != SSL_kEECDH))
-+ {
-+ return 0;
-+ }
-+
-+ return 1;
-+ }
-+
- /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * vairable, freeing EVP_MD_CTX previously stored in that variable, if
- * any. If EVP_MD pointer is passed, initializes ctx with this md
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 2f8cda8..3732825 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -1160,6 +1160,8 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
- int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
- #endif
-
-+int ssl3_can_cutthrough(const SSL *s);
-+
- EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
- void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
- int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
« no previous file with comments | « patches.chromium/0008-paddingext.patch ('k') | patches.chromium/0010-mac_ia32_assembly.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698