diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2018-05-01 10:13:52 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2018-05-01 10:13:52 +1000 |
commit | 2850daf15a236e197727180620a797b8cc55352c (patch) | |
tree | 149a7d2e1b0d274ca17f787ea3bc6cf2b557b4be | |
parent | 78f4906df77dcc76da21993c58fe973f2af859fe (diff) | |
download | nss-hg-2850daf15a236e197727180620a797b8cc55352c.tar.gz |
Bug 1452855 - Move 0-RTT discard check up, r=franziskus
Summary: Just moving things about. Also, the comment was outdated.
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1452855
Differential Revision: https://phabricator.services.mozilla.com/D892
-rw-r--r-- | lib/ssl/ssl3con.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 83040a8e9..e45460d07 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -12166,6 +12166,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText) * processed twice. */ plaintext->len = 0; + /* We're waiting for another ClientHello, which will appear unencrypted. + * Use the content type to tell whether this should be discarded. */ + if (ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_hrr && + cText->hdr[0] == content_application_data) { + PORT_Assert(ss->ssl3.hs.ws == wait_client_hello); + return SECSuccess; + } + ssl_GetSpecReadLock(ss); /******************************************/ spec = ssl3_GetCipherSpec(ss, cText); if (!spec) { @@ -12196,18 +12204,6 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText) return SECFailure; } - /* We're waiting for another ClientHello, which will appear unencrypted. - * Use the content type to tell whether this is should be discarded. - * - * XXX If we decide to remove the content type from encrypted records, this - * will become much more difficult to manage. */ - if (ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_hrr && - cText->hdr[0] == content_application_data) { - ssl_ReleaseSpecReadLock(ss); /*****************************/ - PORT_Assert(ss->ssl3.hs.ws == wait_client_hello); - return SECSuccess; - } - if (plaintext->space < MAX_FRAGMENT_LENGTH) { rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048); if (rv != SECSuccess) { |