From c1a1aa34dda5965a64ba0548f8a97bb528e82881 Mon Sep 17 00:00:00 2001 From: Roy Tam Date: Tue, 29 May 2018 15:29:27 +0800 Subject: [PATCH] TLS 1.3 support (part 3), adapted from: https://github.com/MoonchildProductions/Pale-Moon/commit/ac4f201752ddbd05b0cc35b76ea4d2e9d0efb8b8 https://github.com/MoonchildProductions/Pale-Moon/commit/2045154e7c80760829bdc634ec561fb2ee027a17 https://github.com/MoonchildProductions/Pale-Moon/commit/87b37fe5e3f463ebeb5094b3ba9275482812cc6b https://github.com/MoonchildProductions/Pale-Moon/commit/1c55c0d271565bfc3e785430ef40c8469ff650c3 --- .../webbrowserpersist/nsWebBrowserPersist.cpp | 2 ++ netwerk/locales/en-US/necko.properties | 2 ++ netwerk/protocol/ftp/nsFtpConnectionThread.cpp | 2 ++ netwerk/protocol/http/Http2Session.cpp | 8 ++++++++ netwerk/protocol/http/nsHttpTransaction.cpp | 5 +++++ security/manager/ssl/nsNSSCallbacks.cpp | 15 ++++++++++----- 6 files changed, 29 insertions(+), 5 deletions(-) diff --git a/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp b/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp index c39d7571a..959451864 100644 --- a/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp @@ -1116,6 +1116,8 @@ NS_IMETHODIMP nsWebBrowserPersist::OnStatus( case NS_NET_STATUS_END_FTP_TRANSACTION: case NS_NET_STATUS_CONNECTING_TO: case NS_NET_STATUS_CONNECTED_TO: + case NS_NET_STATUS_TLS_HANDSHAKE_STARTING: + case NS_NET_STATUS_TLS_HANDSHAKE_ENDED: case NS_NET_STATUS_SENDING_TO: case NS_NET_STATUS_RECEIVING_FROM: case NS_NET_STATUS_WAITING_FOR: diff --git a/netwerk/locales/en-US/necko.properties b/netwerk/locales/en-US/necko.properties index c350b24c2..d48308c1b 100644 --- a/netwerk/locales/en-US/necko.properties +++ b/netwerk/locales/en-US/necko.properties @@ -17,6 +17,8 @@ 9=Wrote %1$S 10=Waiting for %1$S… 11=Looked up %1$S… +12=Performing a TLS handshake to %1$S… +13=The TLS handshake finished for %1$S… 27=Beginning FTP transaction… 28=Finished FTP transaction diff --git a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp index 57a7d0957..dede9bec2 100644 --- a/netwerk/protocol/ftp/nsFtpConnectionThread.cpp +++ b/netwerk/protocol/ftp/nsFtpConnectionThread.cpp @@ -2025,6 +2025,8 @@ nsFtpState::OnTransportStatus(nsITransport *transport, nsresult status, case NS_NET_STATUS_RESOLVED_HOST: case NS_NET_STATUS_CONNECTING_TO: case NS_NET_STATUS_CONNECTED_TO: + case NS_NET_STATUS_TLS_HANDSHAKE_STARTING: + case NS_NET_STATUS_TLS_HANDSHAKE_ENDED: break; default: return NS_OK; diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp index d5eb37176..9a556d96b 100644 --- a/netwerk/protocol/http/Http2Session.cpp +++ b/netwerk/protocol/http/Http2Session.cpp @@ -2235,6 +2235,8 @@ Http2Session::OnTransportStatus(nsITransport* aTransport, case NS_NET_STATUS_RESOLVED_HOST: case NS_NET_STATUS_CONNECTING_TO: case NS_NET_STATUS_CONNECTED_TO: + case NS_NET_STATUS_TLS_HANDSHAKE_STARTING: + case NS_NET_STATUS_TLS_HANDSHAKE_ENDED: { Http2Stream *target = mStreamIDHash.Get(1); nsAHttpTransaction *transaction = target ? target->Transaction() : nullptr; @@ -2301,7 +2303,13 @@ Http2Session::ReadSegmentsAgain(nsAHttpSegmentReader *reader, if (!stream) { LOG3(("Http2Session %p could not identify a stream to write; suspending.", this)); + uint32_t availBeforeFlush = mOutputQueueUsed - mOutputQueueSent; FlushOutputQueue(); + uint32_t availAfterFlush = mOutputQueueUsed - mOutputQueueSent; + if (availBeforeFlush != availAfterFlush) { + LOG3(("Http2Session %p ResumeRecv After early flush in ReadSegments", this)); + ResumeRecv(); + } SetWriteCallbacks(); return NS_BASE_STREAM_WOULD_BLOCK; } diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp index a806000b0..bde85ee54 100644 --- a/netwerk/protocol/http/nsHttpTransaction.cpp +++ b/netwerk/protocol/http/nsHttpTransaction.cpp @@ -2367,6 +2367,7 @@ nsHttpTransaction::Do0RTT() nsresult nsHttpTransaction::Finish0RTT(bool aRestart) { + LOG(("nsHttpTransaction::Finish0RTT %p %d\n", this, aRestart)); MOZ_ASSERT(m0RTTInProgress); m0RTTInProgress = false; if (aRestart) { @@ -2378,6 +2379,10 @@ nsHttpTransaction::Finish0RTT(bool aRestart) } else { return NS_ERROR_FAILURE; } + } else if (!mConnected) { + // this is code that was skipped in ::ReadSegments while in 0RTT + mConnected = true; + mConnection->GetSecurityInfo(getter_AddRefs(mSecurityInfo)); } return NS_OK; } diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 65fbe4d66..0d15deb9f 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -1233,11 +1233,16 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { } PRBool siteSupportsSafeRenego; - rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn, - &siteSupportsSafeRenego); - MOZ_ASSERT(rv == SECSuccess); - if (rv != SECSuccess) { - siteSupportsSafeRenego = false; + if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) { + rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn, + &siteSupportsSafeRenego); + MOZ_ASSERT(rv == SECSuccess); + if (rv != SECSuccess) { + siteSupportsSafeRenego = false; + } + } else { + // TLS 1.3 dropped support for renegotiation. + siteSupportsSafeRenego = true; } bool renegotiationUnsafe = !siteSupportsSafeRenego && ioLayerHelpers.treatUnsafeNegotiationAsBroken();