src/third_party/openssl/patches.chromium/0009-stricter_cutthrough.patch

   1 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
   2 index e47eef1..d1b3224 100644
   3 --- a/ssl/s3_clnt.c
   4 +++ b/ssl/s3_clnt.c
   5 @@ -557,7 +557,8 @@ int ssl3_connect(SSL *s)
   6                                 }
   7                         else
   8                                 {
   9 -                               if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
  10 +                               if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
  11 +                                   && ssl3_can_cutthrough(s)
  12                                     && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
  13                                    )
  14                                         {
  15 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
  16 index 45a76ae..d75b9f7 100644
  17 --- a/ssl/ssl_lib.c
  18 +++ b/ssl/ssl_lib.c
  19 @@ -3305,12 +3305,39 @@ int SSL_cutthrough_complete(const SSL *s)
  20                 s->version >= SSL3_VERSION &&
  21                 s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
  22                 (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
  23 -               SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
  24 +               ssl3_can_cutthrough(s) &&                                   /* cutthrough allowed */
  25                 s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
  26                 (s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
  27                         s->state == SSL3_ST_CR_FINISHED_A));
  28         }
  29
  30 +int ssl3_can_cutthrough(const SSL *s)
  31 +       {
  32 +       const SSL_CIPHER *c;
  33 +
  34 +       /* require a strong enough cipher */
  35 +       if (SSL_get_cipher_bits(s, NULL) < 128)
  36 +               return 0;
  37 +
  38 +       /* require NPN extension */
  39 +#ifndef OPENSSL_NO_NEXTPROTONEG
  40 +       if (!s->s3->next_proto_neg_seen)
  41 +               return 0;
  42 +#else
  43 +       return 0;
  44 +#endif
  45 +
  46 +       /* require a forward-secret cipher */
  47 +       c = SSL_get_current_cipher(s);
  48 +       if (!c || (c->algorithm_mkey != SSL_kEDH &&
  49 +                       c->algorithm_mkey != SSL_kEECDH))
  50 +               {
  51 +               return 0;
  52 +               }
  53 +
  54 +       return 1;
  55 +       }
  56 +
  57  /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  58   * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
  59   * any. If EVP_MD pointer is passed, initializes ctx with this md
  60 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
  61 index 2f8cda8..3732825 100644
  62 --- a/ssl/ssl_locl.h
  63 +++ b/ssl/ssl_locl.h
  64 @@ -1160,6 +1160,8 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg);
  65  int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
  66  #endif
  67
  68 +int ssl3_can_cutthrough(const SSL *s);
  69 +
  70  EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
  71  void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
  72  int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,