NSS: always record the ServerHello data.
Previously, if we predicted a ServerHello (because we were snap startting), then serverHelloPredictionData was set and we wouldn't record the actual ServerHello contents in the event of a misprediction. This meant that we couldn't recover from a misprediction because we would record the same prediction again. With this patch, we'll always write to serverHelloPredictionData, even if we made a prediction. BUG=none TEST=snap_start_unittests git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65947 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
28
net/third_party/nss/ssl/ssl3con.c
vendored
28
net/third_party/nss/ssl/ssl3con.c
vendored
@@ -5023,20 +5023,20 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
|||||||
goto alert_loser;
|
goto alert_loser;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ss->ssl3.serverHelloPredictionData.data) {
|
if (ss->ssl3.serverHelloPredictionData.data)
|
||||||
/* If this allocation fails it will only stop the application from
|
SECITEM_FreeItem(&ss->ssl3.serverHelloPredictionData, PR_FALSE);
|
||||||
* recording the ServerHello information and performing future Snap
|
|
||||||
* Starts. */
|
/* If this allocation fails it will only stop the application from
|
||||||
if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData,
|
* recording the ServerHello information and performing future Snap
|
||||||
length))
|
* Starts. */
|
||||||
memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
|
if (SECITEM_AllocItem(NULL, &ss->ssl3.serverHelloPredictionData, length))
|
||||||
/* ss->ssl3.serverHelloPredictionDataValid is still false at this
|
memcpy(ss->ssl3.serverHelloPredictionData.data, b, length);
|
||||||
* point. We have to record the contents of the ServerHello here
|
/* ss->ssl3.serverHelloPredictionDataValid is still false at this
|
||||||
* because we don't have a pointer to the whole message when handling
|
* point. We have to record the contents of the ServerHello here
|
||||||
* the extensions. However, we wait until the Snap Start extenion
|
* because we don't have a pointer to the whole message when handling
|
||||||
* handler to recognise that the server supports Snap Start and to set
|
* the extensions. However, we wait until the Snap Start extension
|
||||||
* serverHelloPredictionDataValid. */
|
* handler to recognise that the server supports Snap Start and to set
|
||||||
}
|
* serverHelloPredictionDataValid. */
|
||||||
|
|
||||||
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
|
||||||
if (temp < 0) {
|
if (temp < 0) {
|
||||||
|
Reference in New Issue
Block a user