Chromium Code Reviews Chromium Code Reviews
Issue 27254004:
Make SSL False Start work with asynchronous certificate validation (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/third_party/nss/ssl/ssl3gthr.c |
| =================================================================== |
| --- net/third_party/nss/ssl/ssl3gthr.c (revision 227672) |
| +++ net/third_party/nss/ssl/ssl3gthr.c (working copy) |
| @@ -275,24 +275,24 @@ |
| { |
| SSL3Ciphertext cText; |
| int rv; |
| - PRBool canFalseStart = PR_FALSE; |
| SSL_TRC(30, ("ssl3_GatherCompleteHandshake")); |
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| + |
| + ssl_GetSSL3HandshakeLock(ss); |
| + |
| do { |
| PRBool handleRecordNow = PR_FALSE; |
| - ssl_GetSSL3HandshakeLock(ss); |
| - |
| /* Without this, we may end up wrongly reporting |
| * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the |
| * peer while we are waiting to be restarted. |
| */ |
| if (ss->ssl3.hs.restartTarget) { |
| - ssl_ReleaseSSL3HandshakeLock(ss); |
| PORT_SetError(PR_WOULD_BLOCK_ERROR); |
| - return (int) SECFailure; |
| + rv = (int) SECFailure; |
| + goto done; |
| } |
| /* Treat an empty msgState like a NULL msgState. (Most of the time |
| @@ -308,8 +308,6 @@ |
| } |
| } |
| - ssl_ReleaseSSL3HandshakeLock(ss); |
| - |
| if (handleRecordNow) { |
| /* ssl3_HandleHandshake previously returned SECWouldBlock and the |
| * as-yet-unprocessed plaintext of that previous handshake record. |
| @@ -329,16 +327,16 @@ |
| * retransmit */ |
| if (rv == SECFailure && |
| (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) { |
| - ssl_GetSSL3HandshakeLock(ss); |
| dtls_CheckTimer(ss); |
| - ssl_ReleaseSSL3HandshakeLock(ss); |
| /* Restore the error in case something succeeded */ |
| PORT_SetError(PR_WOULD_BLOCK_ERROR); |
| } |
| } |
| + PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
|
wtc
2013/10/17 00:10:53
Is this assertion necessary? We already checked th
briansmith
2013/10/17 01:42:40
Done.
|
| + |
| if (rv <= 0) { |
| - return rv; |
| + goto done; |
| } |
| /* decipher it, and handle it if it's a handshake. |
| @@ -364,28 +362,25 @@ |
| cText.buf = &ss->gs.inbuf; |
| rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf); |
| + |
| + PORT_Assert(rv < 0 || ss->gs.buf.len == 0 || |
| + cText.type == content_application_data); |
|
wtc
2013/10/17 00:10:53
Can you explain this assertion with a comment?
briansmith
2013/10/17 01:42:40
Done.
briansmith
2013/10/25 19:17:14
Making this clearer, and fixing the locking accord
|
| } |
| if (rv < 0) { |
| - return ss->recvdCloseNotify ? 0 : rv; |
| + rv = ss->recvdCloseNotify ? 0 : rv; |
| + goto done; |
| } |
| - |
| - /* If we kicked off a false start in ssl3_HandleServerHelloDone, break |
| - * out of this loop early without finishing the handshake. |
| - */ |
| - if (ss->opt.enableFalseStart) { |
| - ssl_GetSSL3HandshakeLock(ss); |
| - canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || |
| - ss->ssl3.hs.ws == wait_new_session_ticket) && |
|
wtc
2013/10/17 00:10:53
Note that ss->ssl3.hs.ws == wait_finished is not p
briansmith
2013/10/17 01:44:46
The false start code, before this patch, was incon
briansmith
2013/10/24 20:57:04
I found a reason why we should probably care about
|
| - ssl3_CanFalseStart(ss); |
| - ssl_ReleaseSSL3HandshakeLock(ss); |
| - } |
| } while (ss->ssl3.hs.ws != idle_handshake && |
| - !canFalseStart && |
| + !ss->ssl3.hs.canFalseStart && |
| ss->gs.buf.len == 0); |
| ss->gs.readOffset = 0; |
| ss->gs.writeOffset = ss->gs.buf.len; |
| - return 1; |
| + rv = 1; |
| + |
| +done: |
| + ssl_ReleaseSSL3HandshakeLock(ss); |
| + return rv; |
| } |
| /* Repeatedly gather in a record and when complete, Handle that record. |
| @@ -405,6 +400,8 @@ |
| int rv; |
| PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| + PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
| + |
| do { |
| rv = ssl3_GatherCompleteHandshake(ss, flags); |
| } while (rv > 0 && ss->gs.buf.len == 0); |
