Index: net/third_party/nss/ssl/sslsecur.c |
=================================================================== |
--- net/third_party/nss/ssl/sslsecur.c (revision 227672) |
+++ net/third_party/nss/ssl/sslsecur.c (working copy) |
@@ -97,23 +97,13 @@ |
ss->securityHandshake = 0; |
} |
if (ss->handshake == 0) { |
- ssl_GetRecvBufLock(ss); |
- ss->gs.recordLen = 0; |
- ssl_ReleaseRecvBufLock(ss); |
- |
- SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", |
- SSL_GETPID(), ss->fd)); |
- /* call handshake callback for ssl v2 */ |
- /* for v3 this is done in ssl3_HandleFinished() */ |
- if ((ss->handshakeCallback != NULL) && /* has callback */ |
- (!ss->firstHsDone) && /* only first time */ |
- (ss->version < SSL_LIBRARY_VERSION_3_0)) { /* not ssl3 */ |
- ss->firstHsDone = PR_TRUE; |
- (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
+ /* for v3 this is done in ssl3_FinishHandshake */ |
+ if (!ss->firstHsDone && ss->version < SSL_LIBRARY_VERSION_3_0) { |
+ ssl_GetRecvBufLock(ss); |
+ ss->gs.recordLen = 0; |
+ ssl_ReleaseRecvBufLock(ss); |
wtc
2013/10/17 00:10:53
Why do we only need to set ss->gs.recordLen to 0 f
briansmith
2013/10/17 01:42:40
recordLen is only used for SSL 2.0:
unsigned int
|
+ ssl_FinishHandshake(ss); |
} |
- ss->firstHsDone = PR_TRUE; |
- ss->gs.writeOffset = 0; |
- ss->gs.readOffset = 0; |
break; |
} |
rv = (*ss->handshake)(ss); |
@@ -134,6 +124,23 @@ |
return rv; |
} |
+void |
+ssl_FinishHandshake(sslSocket *ss) |
wtc
2013/10/17 00:10:53
Should we move this function to sslcon.c, since it
briansmith
2013/10/17 01:42:40
This is not SSL-2.0-only. This is the functionalit
|
+{ |
+ PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
briansmith
2013/10/17 19:09:01
Wan-Teh, do you agree that this assertion is corre
wtc
2013/10/17 23:13:01
This seems very reasonable, but I didn't find this
|
+ |
+ SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd)); |
+ |
+ ss->firstHsDone = PR_TRUE; |
+ ss->enoughFirstHsDone = PR_TRUE; |
+ ss->gs.writeOffset = 0; |
+ ss->gs.readOffset = 0; |
+ |
+ if (ss->handshakeCallback) { |
+ (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
+ } |
+} |
+ |
/* |
* Handshake function that blocks. Used to force a |
* retry on a connection on the next read/write. |
@@ -206,6 +213,7 @@ |
ssl_Get1stHandshakeLock(ss); |
ss->firstHsDone = PR_FALSE; |
+ ss->enoughFirstHsDone = PR_FALSE; |
if ( asServer ) { |
ss->handshake = ssl2_BeginServerHandshake; |
ss->handshaking = sslHandshakingAsServer; |
@@ -221,6 +229,8 @@ |
ssl_ReleaseRecvBufLock(ss); |
ssl_GetSSL3HandshakeLock(ss); |
+ ss->ssl3.hs.canFalseStart = PR_FALSE; |
+ ss->ssl3.hs.restartTarget = NULL; |
/* |
** Blow away old security state and get a fresh setup. |
@@ -331,6 +341,71 @@ |
return SECSuccess; |
} |
+/* Register an application callback to be called when false start may happen. |
+** Acquires and releases HandshakeLock. |
+*/ |
+SECStatus |
+SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb, |
+ void *client_data) |
+{ |
+ sslSocket *ss; |
+ |
+ ss = ssl_FindSocket(fd); |
+ if (!ss) { |
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback", |
+ SSL_GETPID(), fd)); |
+ return SECFailure; |
+ } |
+ |
+ if (!ss->opt.useSecurity) { |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return SECFailure; |
+ } |
+ |
+ ssl_Get1stHandshakeLock(ss); |
+ ssl_GetSSL3HandshakeLock(ss); |
+ |
+ ss->canFalseStartCallback = cb; |
+ ss->canFalseStartCallbackData = client_data; |
+ |
+ ssl_ReleaseSSL3HandshakeLock(ss); |
+ ssl_Release1stHandshakeLock(ss); |
+ |
+ return SECSuccess; |
+} |
+ |
+SECStatus |
+SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart) |
+{ |
+ sslSocket *ss; |
+ |
+ *canFalseStart = PR_FALSE; |
+ ss = ssl_FindSocket(fd); |
+ if (!ss) { |
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DefaultCanFalseStart", |
wtc
2013/10/17 00:10:53
SSL_DefaultCanFalseStart => SSL_RecommendedCanFals
briansmith
2013/10/17 01:42:40
Done.
|
+ SSL_GETPID(), fd)); |
+ return SECFailure; |
+ } |
+ |
+ if (!ss->ssl3.initialized) { |
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); |
+ return SECFailure; |
+ } |
+ |
+ if (ss->version < SSL_LIBRARY_VERSION_3_0) { |
+ PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2); |
+ return SECFailure; |
+ } |
+ |
+ /* Require a forward-secret key exchange. */ |
+ *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss || |
+ ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || |
+ ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || |
+ ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa; |
+ |
+ return SECSuccess; |
+} |
+ |
/* Try to make progress on an SSL handshake by attempting to read the |
** next handshake from the peer, and sending any responses. |
** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK if it cannot |
@@ -524,6 +599,7 @@ |
int amount; |
int available; |
+ ssl_Get1stHandshakeLock(ss); |
wtc
2013/10/17 00:10:53
Why does DoRecv() need to get the 1stHandshakeLock
briansmith
2013/10/17 01:42:40
It calls ssl3_GatherAppDataRecord and ssl3_GatherA
wtc
2013/10/17 15:28:14
I'm sorry that I still don't understand this. Coul
|
ssl_GetRecvBufLock(ss); |
available = ss->gs.writeOffset - ss->gs.readOffset; |
@@ -590,6 +666,7 @@ |
done: |
ssl_ReleaseRecvBufLock(ss); |
+ ssl_Release1stHandshakeLock(ss); |
return rv; |
} |
@@ -1156,7 +1233,8 @@ |
int |
ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags) |
{ |
- int rv = 0; |
+ int rv = 0; |
+ PRBool falseStart = PR_FALSE; |
SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes", |
SSL_GETPID(), ss->fd, len)); |
@@ -1191,19 +1269,14 @@ |
ss->writerThread = PR_GetCurrentThread(); |
/* If any of these is non-zero, the initial handshake is not done. */ |
if (!ss->firstHsDone) { |
- PRBool canFalseStart = PR_FALSE; |
ssl_Get1stHandshakeLock(ss); |
- if (ss->version >= SSL_LIBRARY_VERSION_3_0) { |
+ if (ss->opt.enableFalseStart && |
wtc
2013/10/17 00:10:53
Why do you check ss->opt.enableFalseStart?
I gues
briansmith
2013/10/17 01:42:40
Yes
|
+ ss->version >= SSL_LIBRARY_VERSION_3_0) { |
ssl_GetSSL3HandshakeLock(ss); |
- if ((ss->ssl3.hs.ws == wait_change_cipher || |
- ss->ssl3.hs.ws == wait_finished || |
- ss->ssl3.hs.ws == wait_new_session_ticket) && |
- ssl3_CanFalseStart(ss)) { |
- canFalseStart = PR_TRUE; |
- } |
+ falseStart = ss->ssl3.hs.canFalseStart; |
ssl_ReleaseSSL3HandshakeLock(ss); |
} |
- if (!canFalseStart && |
+ if (!falseStart && |
(ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
wtc
2013/10/17 15:28:14
Hmm... If we false started, ss->handshake etc. sho
|
rv = ssl_Do1stHandshake(ss); |
} |
@@ -1228,6 +1301,21 @@ |
goto done; |
} |
+ if (ssl_trace >= 2 && |
+ !ss->firstHsDone && !falseStart && |
+ ss->opt.enableFalseStart && ss->version >= SSL_LIBRARY_VERSION_3_0) { |
+ /* We need to check ss->ssl3.hs.canFalseStart again in case we called |
+ * ssl_Do1stHandshake, because ssl_Do1stHandshake might have changed |
+ * it. |
+ */ |
+ ssl_GetSSL3HandshakeLock(ss); |
+ falseStart = ss->ssl3.hs.canFalseStart; |
+ ssl_ReleaseSSL3HandshakeLock(ss); |
wtc
2013/10/17 00:10:53
falseStart is set here but never used again. So li
briansmith
2013/10/17 01:42:40
You are right that this complicated code can be de
|
+ |
+ SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending data due to false start", |
+ SSL_GETPID(), ss->fd)); |
+ } |
+ |
/* Send out the data using one of these functions: |
* ssl2_SendClear, ssl2_SendStream, ssl2_SendBlock, |
* ssl3_SendApplicationData |