OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Various SSL functions. | 2 * Various SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 #include "cert.h" | 7 #include "cert.h" |
8 #include "secitem.h" | 8 #include "secitem.h" |
9 #include "keyhi.h" | 9 #include "keyhi.h" |
10 #include "ssl.h" | 10 #include "ssl.h" |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
90 /* Previous handshake finished. Switch to next one */ | 90 /* Previous handshake finished. Switch to next one */ |
91 ss->handshake = ss->nextHandshake; | 91 ss->handshake = ss->nextHandshake; |
92 ss->nextHandshake = 0; | 92 ss->nextHandshake = 0; |
93 } | 93 } |
94 if (ss->handshake == 0) { | 94 if (ss->handshake == 0) { |
95 /* Previous handshake finished. Switch to security handshake */ | 95 /* Previous handshake finished. Switch to security handshake */ |
96 ss->handshake = ss->securityHandshake; | 96 ss->handshake = ss->securityHandshake; |
97 ss->securityHandshake = 0; | 97 ss->securityHandshake = 0; |
98 } | 98 } |
99 if (ss->handshake == 0) { | 99 if (ss->handshake == 0) { |
100 » ssl_GetRecvBufLock(ss); | 100 » /* for v3 this is done in ssl3_FinishHandshake */ |
101 » ss->gs.recordLen = 0; | 101 » if (!ss->firstHsDone && ss->version < SSL_LIBRARY_VERSION_3_0) { |
102 » ssl_ReleaseRecvBufLock(ss); | 102 » » ssl_GetRecvBufLock(ss); |
103 | 103 » » ss->gs.recordLen = 0; |
104 » SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", | 104 » » ssl_ReleaseRecvBufLock(ss); |
wtc
2013/10/17 00:10:53
Why do we only need to set ss->gs.recordLen to 0 f
briansmith
2013/10/17 01:42:40
recordLen is only used for SSL 2.0:
unsigned int
| |
105 » » » SSL_GETPID(), ss->fd)); | 105 » » ssl_FinishHandshake(ss); |
106 /* call handshake callback for ssl v2 */ | |
107 » /* for v3 this is done in ssl3_HandleFinished() */ | |
108 » if ((ss->handshakeCallback != NULL) && /* has callback */ | |
109 » » (!ss->firstHsDone) && /* only first time */ | |
110 » » (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */ | |
111 » » ss->firstHsDone = PR_TRUE; | |
112 » » (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
113 } | 106 } |
114 ss->firstHsDone = PR_TRUE; | |
115 ss->gs.writeOffset = 0; | |
116 ss->gs.readOffset = 0; | |
117 break; | 107 break; |
118 } | 108 } |
119 rv = (*ss->handshake)(ss); | 109 rv = (*ss->handshake)(ss); |
120 ++loopCount; | 110 ++loopCount; |
121 /* This code must continue to loop on SECWouldBlock, | 111 /* This code must continue to loop on SECWouldBlock, |
122 * or any positive value. See XXX_1 comments. | 112 * or any positive value. See XXX_1 comments. |
123 */ | 113 */ |
124 } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */ | 114 } while (rv != SECFailure); /* was (rv >= 0); XXX_1 */ |
125 | 115 |
126 PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss)); | 116 PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss)); |
127 PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss)); | 117 PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss)); |
128 PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss)); | 118 PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss)); |
129 | 119 |
130 if (rv == SECWouldBlock) { | 120 if (rv == SECWouldBlock) { |
131 PORT_SetError(PR_WOULD_BLOCK_ERROR); | 121 PORT_SetError(PR_WOULD_BLOCK_ERROR); |
132 rv = SECFailure; | 122 rv = SECFailure; |
133 } | 123 } |
134 return rv; | 124 return rv; |
135 } | 125 } |
136 | 126 |
127 void | |
128 ssl_FinishHandshake(sslSocket *ss) | |
wtc
2013/10/17 00:10:53
Should we move this function to sslcon.c, since it
briansmith
2013/10/17 01:42:40
This is not SSL-2.0-only. This is the functionalit
| |
129 { | |
130 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | |
briansmith
2013/10/17 19:09:01
Wan-Teh, do you agree that this assertion is corre
wtc
2013/10/17 23:13:01
This seems very reasonable, but I didn't find this
| |
131 | |
132 SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd)); | |
133 | |
134 ss->firstHsDone = PR_TRUE; | |
135 ss->enoughFirstHsDone = PR_TRUE; | |
136 ss->gs.writeOffset = 0; | |
137 ss->gs.readOffset = 0; | |
138 | |
139 if (ss->handshakeCallback) { | |
140 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | |
141 } | |
142 } | |
143 | |
137 /* | 144 /* |
138 * Handshake function that blocks. Used to force a | 145 * Handshake function that blocks. Used to force a |
139 * retry on a connection on the next read/write. | 146 * retry on a connection on the next read/write. |
140 */ | 147 */ |
141 static SECStatus | 148 static SECStatus |
142 ssl3_AlwaysBlock(sslSocket *ss) | 149 ssl3_AlwaysBlock(sslSocket *ss) |
143 { | 150 { |
144 PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */ | 151 PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */ |
145 return SECWouldBlock; | 152 return SECWouldBlock; |
146 } | 153 } |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
199 if (!ss->opt.useSecurity) | 206 if (!ss->opt.useSecurity) |
200 return SECSuccess; | 207 return SECSuccess; |
201 | 208 |
202 SSL_LOCK_READER(ss); | 209 SSL_LOCK_READER(ss); |
203 SSL_LOCK_WRITER(ss); | 210 SSL_LOCK_WRITER(ss); |
204 | 211 |
205 /* Reset handshake state */ | 212 /* Reset handshake state */ |
206 ssl_Get1stHandshakeLock(ss); | 213 ssl_Get1stHandshakeLock(ss); |
207 | 214 |
208 ss->firstHsDone = PR_FALSE; | 215 ss->firstHsDone = PR_FALSE; |
216 ss->enoughFirstHsDone = PR_FALSE; | |
209 if ( asServer ) { | 217 if ( asServer ) { |
210 ss->handshake = ssl2_BeginServerHandshake; | 218 ss->handshake = ssl2_BeginServerHandshake; |
211 ss->handshaking = sslHandshakingAsServer; | 219 ss->handshaking = sslHandshakingAsServer; |
212 } else { | 220 } else { |
213 ss->handshake = ssl2_BeginClientHandshake; | 221 ss->handshake = ssl2_BeginClientHandshake; |
214 ss->handshaking = sslHandshakingAsClient; | 222 ss->handshaking = sslHandshakingAsClient; |
215 } | 223 } |
216 ss->nextHandshake = 0; | 224 ss->nextHandshake = 0; |
217 ss->securityHandshake = 0; | 225 ss->securityHandshake = 0; |
218 | 226 |
219 ssl_GetRecvBufLock(ss); | 227 ssl_GetRecvBufLock(ss); |
220 status = ssl_InitGather(&ss->gs); | 228 status = ssl_InitGather(&ss->gs); |
221 ssl_ReleaseRecvBufLock(ss); | 229 ssl_ReleaseRecvBufLock(ss); |
222 | 230 |
223 ssl_GetSSL3HandshakeLock(ss); | 231 ssl_GetSSL3HandshakeLock(ss); |
232 ss->ssl3.hs.canFalseStart = PR_FALSE; | |
233 ss->ssl3.hs.restartTarget = NULL; | |
224 | 234 |
225 /* | 235 /* |
226 ** Blow away old security state and get a fresh setup. | 236 ** Blow away old security state and get a fresh setup. |
227 */ | 237 */ |
228 ssl_GetXmitBufLock(ss); | 238 ssl_GetXmitBufLock(ss); |
229 ssl_ResetSecurityInfo(&ss->sec, PR_TRUE); | 239 ssl_ResetSecurityInfo(&ss->sec, PR_TRUE); |
230 status = ssl_CreateSecurityInfo(ss); | 240 status = ssl_CreateSecurityInfo(ss); |
231 ssl_ReleaseXmitBufLock(ss); | 241 ssl_ReleaseXmitBufLock(ss); |
232 | 242 |
233 ssl_ReleaseSSL3HandshakeLock(ss); | 243 ssl_ReleaseSSL3HandshakeLock(ss); |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
324 | 334 |
325 ss->handshakeCallback = cb; | 335 ss->handshakeCallback = cb; |
326 ss->handshakeCallbackData = client_data; | 336 ss->handshakeCallbackData = client_data; |
327 | 337 |
328 ssl_ReleaseSSL3HandshakeLock(ss); | 338 ssl_ReleaseSSL3HandshakeLock(ss); |
329 ssl_Release1stHandshakeLock(ss); | 339 ssl_Release1stHandshakeLock(ss); |
330 | 340 |
331 return SECSuccess; | 341 return SECSuccess; |
332 } | 342 } |
333 | 343 |
344 /* Register an application callback to be called when false start may happen. | |
345 ** Acquires and releases HandshakeLock. | |
346 */ | |
347 SECStatus | |
348 SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb, | |
349 void *client_data) | |
350 { | |
351 sslSocket *ss; | |
352 | |
353 ss = ssl_FindSocket(fd); | |
354 if (!ss) { | |
355 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback", | |
356 SSL_GETPID(), fd)); | |
357 return SECFailure; | |
358 } | |
359 | |
360 if (!ss->opt.useSecurity) { | |
361 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
362 return SECFailure; | |
363 } | |
364 | |
365 ssl_Get1stHandshakeLock(ss); | |
366 ssl_GetSSL3HandshakeLock(ss); | |
367 | |
368 ss->canFalseStartCallback = cb; | |
369 ss->canFalseStartCallbackData = client_data; | |
370 | |
371 ssl_ReleaseSSL3HandshakeLock(ss); | |
372 ssl_Release1stHandshakeLock(ss); | |
373 | |
374 return SECSuccess; | |
375 } | |
376 | |
377 SECStatus | |
378 SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart) | |
379 { | |
380 sslSocket *ss; | |
381 | |
382 *canFalseStart = PR_FALSE; | |
383 ss = ssl_FindSocket(fd); | |
384 if (!ss) { | |
385 SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DefaultCanFalseStart", | |
wtc
2013/10/17 00:10:53
SSL_DefaultCanFalseStart => SSL_RecommendedCanFals
briansmith
2013/10/17 01:42:40
Done.
| |
386 SSL_GETPID(), fd)); | |
387 return SECFailure; | |
388 } | |
389 | |
390 if (!ss->ssl3.initialized) { | |
391 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
392 return SECFailure; | |
393 } | |
394 | |
395 if (ss->version < SSL_LIBRARY_VERSION_3_0) { | |
396 PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); | |
397 return SECFailure; | |
398 } | |
399 | |
400 /* Require a forward-secret key exchange. */ | |
401 *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | |
402 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | |
403 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | |
404 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa; | |
405 | |
406 return SECSuccess; | |
407 } | |
408 | |
334 /* Try to make progress on an SSL handshake by attempting to read the | 409 /* Try to make progress on an SSL handshake by attempting to read the |
335 ** next handshake from the peer, and sending any responses. | 410 ** next handshake from the peer, and sending any responses. |
336 ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot | 411 ** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot |
337 ** read the next handshake from the underlying socket. | 412 ** read the next handshake from the underlying socket. |
338 ** For SSLv2, returns when handshake is complete or fatal error occurs. | 413 ** For SSLv2, returns when handshake is complete or fatal error occurs. |
339 ** For SSLv3, returns when handshake is complete, or application data has | 414 ** For SSLv3, returns when handshake is complete, or application data has |
340 ** arrived that must be taken by application before handshake can continue, | 415 ** arrived that must be taken by application before handshake can continue, |
341 ** or a fatal error occurs. | 416 ** or a fatal error occurs. |
342 ** Application should use handshake completion callback to tell which. | 417 ** Application should use handshake completion callback to tell which. |
343 */ | 418 */ |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
517 ** This code is similar to, and easily confused with, | 592 ** This code is similar to, and easily confused with, |
518 ** ssl_GatherRecord1stHandshake() in sslcon.c | 593 ** ssl_GatherRecord1stHandshake() in sslcon.c |
519 */ | 594 */ |
520 static int | 595 static int |
521 DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) | 596 DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) |
522 { | 597 { |
523 int rv; | 598 int rv; |
524 int amount; | 599 int amount; |
525 int available; | 600 int available; |
526 | 601 |
602 ssl_Get1stHandshakeLock(ss); | |
wtc
2013/10/17 00:10:53
Why does DoRecv() need to get the 1stHandshakeLock
briansmith
2013/10/17 01:42:40
It calls ssl3_GatherAppDataRecord and ssl3_GatherA
wtc
2013/10/17 15:28:14
I'm sorry that I still don't understand this. Coul
| |
527 ssl_GetRecvBufLock(ss); | 603 ssl_GetRecvBufLock(ss); |
528 | 604 |
529 available = ss->gs.writeOffset - ss->gs.readOffset; | 605 available = ss->gs.writeOffset - ss->gs.readOffset; |
530 if (available == 0) { | 606 if (available == 0) { |
531 /* Get some more data */ | 607 /* Get some more data */ |
532 if (ss->version >= SSL_LIBRARY_VERSION_3_0) { | 608 if (ss->version >= SSL_LIBRARY_VERSION_3_0) { |
533 /* Wait for application data to arrive. */ | 609 /* Wait for application data to arrive. */ |
534 rv = ssl3_GatherAppDataRecord(ss, 0); | 610 rv = ssl3_GatherAppDataRecord(ss, 0); |
535 } else { | 611 } else { |
536 /* See if we have a complete record */ | 612 /* See if we have a complete record */ |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
583 } | 659 } |
584 PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset); | 660 PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset); |
585 rv = amount; | 661 rv = amount; |
586 | 662 |
587 SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d", | 663 SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d", |
588 SSL_GETPID(), ss->fd, amount, available)); | 664 SSL_GETPID(), ss->fd, amount, available)); |
589 PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount)); | 665 PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount)); |
590 | 666 |
591 done: | 667 done: |
592 ssl_ReleaseRecvBufLock(ss); | 668 ssl_ReleaseRecvBufLock(ss); |
669 ssl_Release1stHandshakeLock(ss); | |
593 return rv; | 670 return rv; |
594 } | 671 } |
595 | 672 |
596 /************************************************************************/ | 673 /************************************************************************/ |
597 | 674 |
598 /* | 675 /* |
599 ** Return SSLKEAType derived from cert's Public Key algorithm info. | 676 ** Return SSLKEAType derived from cert's Public Key algorithm info. |
600 */ | 677 */ |
601 SSLKEAType | 678 SSLKEAType |
602 NSS_FindCertKEAType(CERTCertificate * cert) | 679 NSS_FindCertKEAType(CERTCertificate * cert) |
(...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1149 int | 1226 int |
1150 ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len) | 1227 ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len) |
1151 { | 1228 { |
1152 return ssl_SecureRecv(ss, buf, len, 0); | 1229 return ssl_SecureRecv(ss, buf, len, 0); |
1153 } | 1230 } |
1154 | 1231 |
1155 /* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */ | 1232 /* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */ |
1156 int | 1233 int |
1157 ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) | 1234 ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) |
1158 { | 1235 { |
1159 int rv»» = 0; | 1236 int rv = 0; |
1237 PRBool falseStart = PR_FALSE; | |
1160 | 1238 |
1161 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", | 1239 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", |
1162 SSL_GETPID(), ss->fd, len)); | 1240 SSL_GETPID(), ss->fd, len)); |
1163 | 1241 |
1164 if (ss->shutdownHow & ssl_SHUTDOWN_SEND) { | 1242 if (ss->shutdownHow & ssl_SHUTDOWN_SEND) { |
1165 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); | 1243 PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); |
1166 rv = PR_FAILURE; | 1244 rv = PR_FAILURE; |
1167 goto done; | 1245 goto done; |
1168 } | 1246 } |
1169 if (flags) { | 1247 if (flags) { |
(...skipping 14 matching lines...) Expand all Loading... | |
1184 } | 1262 } |
1185 ssl_ReleaseXmitBufLock(ss); | 1263 ssl_ReleaseXmitBufLock(ss); |
1186 if (rv < 0) { | 1264 if (rv < 0) { |
1187 goto done; | 1265 goto done; |
1188 } | 1266 } |
1189 | 1267 |
1190 if (len > 0) | 1268 if (len > 0) |
1191 ss->writerThread = PR_GetCurrentThread(); | 1269 ss->writerThread = PR_GetCurrentThread(); |
1192 /* If any of these is non-zero, the initial handshake is not done. */ | 1270 /* If any of these is non-zero, the initial handshake is not done. */ |
1193 if (!ss->firstHsDone) { | 1271 if (!ss->firstHsDone) { |
1194 PRBool canFalseStart = PR_FALSE; | |
1195 ssl_Get1stHandshakeLock(ss); | 1272 ssl_Get1stHandshakeLock(ss); |
1196 » if (ss->version >= SSL_LIBRARY_VERSION_3_0) { | 1273 » if (ss->opt.enableFalseStart && |
wtc
2013/10/17 00:10:53
Why do you check ss->opt.enableFalseStart?
I gues
briansmith
2013/10/17 01:42:40
Yes
| |
1274 » ss->version >= SSL_LIBRARY_VERSION_3_0) { | |
1197 ssl_GetSSL3HandshakeLock(ss); | 1275 ssl_GetSSL3HandshakeLock(ss); |
1198 » if ((ss->ssl3.hs.ws == wait_change_cipher || | 1276 » falseStart = ss->ssl3.hs.canFalseStart; |
1199 » » ss->ssl3.hs.ws == wait_finished || | |
1200 » » ss->ssl3.hs.ws == wait_new_session_ticket) && | |
1201 » » ssl3_CanFalseStart(ss)) { | |
1202 » » canFalseStart = PR_TRUE; | |
1203 » } | |
1204 ssl_ReleaseSSL3HandshakeLock(ss); | 1277 ssl_ReleaseSSL3HandshakeLock(ss); |
1205 } | 1278 } |
1206 » if (!canFalseStart && | 1279 » if (!falseStart && |
1207 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { | 1280 (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
wtc
2013/10/17 15:28:14
Hmm... If we false started, ss->handshake etc. sho
| |
1208 rv = ssl_Do1stHandshake(ss); | 1281 rv = ssl_Do1stHandshake(ss); |
1209 } | 1282 } |
1210 ssl_Release1stHandshakeLock(ss); | 1283 ssl_Release1stHandshakeLock(ss); |
1211 } | 1284 } |
1212 if (rv < 0) { | 1285 if (rv < 0) { |
1213 ss->writerThread = NULL; | 1286 ss->writerThread = NULL; |
1214 goto done; | 1287 goto done; |
1215 } | 1288 } |
1216 | 1289 |
1217 /* Check for zero length writes after we do housekeeping so we make forward | 1290 /* Check for zero length writes after we do housekeeping so we make forward |
1218 * progress. | 1291 * progress. |
1219 */ | 1292 */ |
1220 if (len == 0) { | 1293 if (len == 0) { |
1221 rv = 0; | 1294 rv = 0; |
1222 goto done; | 1295 goto done; |
1223 } | 1296 } |
1224 PORT_Assert(buf != NULL); | 1297 PORT_Assert(buf != NULL); |
1225 if (!buf) { | 1298 if (!buf) { |
1226 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); | 1299 PORT_SetError(PR_INVALID_ARGUMENT_ERROR); |
1227 rv = PR_FAILURE; | 1300 rv = PR_FAILURE; |
1228 goto done; | 1301 goto done; |
1229 } | 1302 } |
1230 | 1303 |
1304 if (ssl_trace >= 2 && | |
1305 !ss->firstHsDone && !falseStart && | |
1306 ss->opt.enableFalseStart && ss->version >= SSL_LIBRARY_VERSION_3_0) { | |
1307 /* We need to check ss->ssl3.hs.canFalseStart again in case we called | |
1308 * ssl_Do1stHandshake, because ssl_Do1stHandshake might have changed | |
1309 * it. | |
1310 */ | |
1311 ssl_GetSSL3HandshakeLock(ss); | |
1312 falseStart = ss->ssl3.hs.canFalseStart; | |
1313 ssl_ReleaseSSL3HandshakeLock(ss); | |
wtc
2013/10/17 00:10:53
falseStart is set here but never used again. So li
briansmith
2013/10/17 01:42:40
You are right that this complicated code can be de
| |
1314 | |
1315 SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending data due to false start", | |
1316 SSL_GETPID(), ss->fd)); | |
1317 } | |
1318 | |
1231 /* Send out the data using one of these functions: | 1319 /* Send out the data using one of these functions: |
1232 * ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock, | 1320 * ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock, |
1233 * ssl3_SendApplicationData | 1321 * ssl3_SendApplicationData |
1234 */ | 1322 */ |
1235 ssl_GetXmitBufLock(ss); | 1323 ssl_GetXmitBufLock(ss); |
1236 rv = (*ss->sec.send)(ss, buf, len, flags); | 1324 rv = (*ss->sec.send)(ss, buf, len, flags); |
1237 ssl_ReleaseXmitBufLock(ss); | 1325 ssl_ReleaseXmitBufLock(ss); |
1238 ss->writerThread = NULL; | 1326 ss->writerThread = NULL; |
1239 done: | 1327 done: |
1240 if (rv < 0) { | 1328 if (rv < 0) { |
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1589 if (!ss) { | 1677 if (!ss) { |
1590 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", | 1678 SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook", |
1591 SSL_GETPID(), fd)); | 1679 SSL_GETPID(), fd)); |
1592 return SECFailure; | 1680 return SECFailure; |
1593 } | 1681 } |
1594 | 1682 |
1595 ss->sniSocketConfig = func; | 1683 ss->sniSocketConfig = func; |
1596 ss->sniSocketConfigArg = arg; | 1684 ss->sniSocketConfigArg = arg; |
1597 return SECSuccess; | 1685 return SECSuccess; |
1598 } | 1686 } |
OLD | NEW |