From e50251a747bcf105fb3d1b9cda1b5719ef41bab9 Mon Sep 17 00:00:00 2001 From: Sebastian Hengst Date: Thu, 18 Aug 2016 17:28:09 +0200 Subject: [PATCH] Backed out changeset 80942fb9a0f1 (bug 1264578) --- netwerk/base/security-prefs.js | 1 - netwerk/socket/nsISSLSocketControl.idl | 16 ------ security/manager/ssl/nsNSSCallbacks.cpp | 1 - security/manager/ssl/nsNSSComponent.cpp | 9 ---- security/manager/ssl/nsNSSIOLayer.cpp | 68 ------------------------- security/manager/ssl/nsNSSIOLayer.h | 2 - 6 files changed, 97 deletions(-) diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 0153ffde2138..c47f351fcfaa 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -7,7 +7,6 @@ pref("security.tls.version.max", 3); pref("security.tls.version.fallback-limit", 3); pref("security.tls.insecure_fallback_hosts", ""); pref("security.tls.unrestricted_rc4_fallback", false); -pref("security.tls.enable_0rtt_data", false); pref("security.ssl.treat_unsafe_negotiation_as_broken", false); pref("security.ssl.require_safe_negotiation", false); diff --git a/netwerk/socket/nsISSLSocketControl.idl b/netwerk/socket/nsISSLSocketControl.idl index b8c2b4184834..93056df2a2ca 100644 --- a/netwerk/socket/nsISSLSocketControl.idl +++ b/netwerk/socket/nsISSLSocketControl.idl @@ -44,22 +44,6 @@ interface nsISSLSocketControl : nsISupports { */ readonly attribute ACString negotiatedNPN; - /* For 0RTT we need to know the alpn protocol selected for the last tls - * session. This function will return a value if applicable or an error - * NS_ERROR_NOT_AVAILABLE. - */ - ACString getAlpnEarlySelection(); - - /* If 0RTT handshake was applied and some data has been sent, as soon as - * the handshake finishes this attribute will be set to appropriate value. - */ - readonly attribute bool earlyDataAccepted; - - /* When 0RTT is performed, PR_Write will not drive the handshake forward. - * It must be forced by calling this function. - */ - void driveHandshake(); - /* Determine if a potential SSL connection to hostname:port with * a desired NPN negotiated protocol of npnProtocol can use the socket * associated with this object instead of making a new one. diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 996b8719021d..d5f0ebbc5b1e 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -834,7 +834,6 @@ PreliminaryHandshakeDone(PRFileDesc* fd) SSLChannelInfo channelInfo; if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) { infoObject->SetSSLVersionUsed(channelInfo.protocolVersion); - infoObject->SetEarlyDataAccepted(channelInfo.earlyDataAccepted); SSLCipherSuiteInfo cipherInfo; if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo, diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 761eb344e845..ed0632ea8e18 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1369,7 +1369,6 @@ static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false; static const bool FALSE_START_ENABLED_DEFAULT = true; static const bool NPN_ENABLED_DEFAULT = true; static const bool ALPN_ENABLED_DEFAULT = false; -static const bool ENABLED_0RTT_DATA_DEFAULT = false; static void ConfigureTLSSessionIdentifiers() @@ -1777,10 +1776,6 @@ nsNSSComponent::InitializeNSS() Preferences::GetBool("security.ssl.enable_alpn", ALPN_ENABLED_DEFAULT)); - SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA, - Preferences::GetBool("security.tls.enable_0rtt_data", - ENABLED_0RTT_DATA_DEFAULT)); - if (NS_FAILED(InitializeCipherSuite())) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n")); return NS_ERROR_FAILURE; @@ -1966,10 +1961,6 @@ nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic, SSL_OptionSetDefault(SSL_ENABLE_ALPN, Preferences::GetBool("security.ssl.enable_alpn", ALPN_ENABLED_DEFAULT)); - } else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) { - SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA, - Preferences::GetBool("security.tls.enable_0rtt_data", - ENABLED_0RTT_DATA_DEFAULT)); } else if (prefName.Equals("security.ssl.disable_session_identifiers")) { ConfigureTLSSessionIdentifiers(); } else if (prefName.EqualsLiteral("security.OCSP.enabled") || diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index dcdf8d01af01..313cc94a00e6 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -58,8 +58,6 @@ using namespace mozilla::psm; namespace { -#define MAX_ALPN_LENGTH 255 - void getSiteKey(const nsACString& hostName, uint16_t port, /*out*/ nsCSubstring& key) @@ -89,7 +87,6 @@ nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags) mRememberClientAuthCertificate(false), mPreliminaryHandshakeDone(false), mNPNCompleted(false), - mEarlyDataAccepted(false), mFalseStartCallbackCalled(false), mFalseStarted(false), mIsFullHandshake(false), @@ -310,71 +307,6 @@ nsNSSSocketInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN) return NS_OK; } -NS_IMETHODIMP -nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected) -{ - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - SSLNextProtoState alpnState; - unsigned char chosenAlpn[MAX_ALPN_LENGTH]; - unsigned int chosenAlpnLen; - SECStatus rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen, - AssertedCast(ArrayLength(chosenAlpn))); - - if (rv != SECSuccess || alpnState != SSL_NEXT_PROTO_EARLY_VALUE || - chosenAlpnLen == 0) { - return NS_ERROR_NOT_AVAILABLE; - } - - aAlpnSelected.Assign(BitwiseCast(chosenAlpn), - chosenAlpnLen); - return NS_OK; -} - -NS_IMETHODIMP -nsNSSSocketInfo::GetEarlyDataAccepted(bool* aAccepted) -{ - *aAccepted = mEarlyDataAccepted; - return NS_OK; -} - -void -nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted) -{ - mEarlyDataAccepted = aAccepted; -} - -NS_IMETHODIMP -nsNSSSocketInfo::DriveHandshake() -{ - nsNSSShutDownPreventionLock locker; - if (isAlreadyShutDown()) { - return NS_ERROR_NOT_AVAILABLE; - } - if (!mFd) { - return NS_ERROR_FAILURE; - } - PRErrorCode errorCode = GetErrorCode(); - if (errorCode) { - return GetXPCOMFromNSSError(errorCode); - } - - SECStatus rv = SSL_ForceHandshake(mFd); - - if (rv != SECSuccess) { - errorCode = PR_GetError(); - if (errorCode == PR_WOULD_BLOCK_ERROR) { - return NS_BASE_STREAM_WOULD_BLOCK; - } - - SetCanceled(errorCode, PlainErrorMessage); - return GetXPCOMFromNSSError(errorCode); - } - return NS_OK; -} - NS_IMETHODIMP nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval) { diff --git a/security/manager/ssl/nsNSSIOLayer.h b/security/manager/ssl/nsNSSIOLayer.h index 3c164f4e54c3..f462463a8616 100644 --- a/security/manager/ssl/nsNSSIOLayer.h +++ b/security/manager/ssl/nsNSSIOLayer.h @@ -53,7 +53,6 @@ public: const nsNSSShutDownPreventionLock& proofOfLock); void SetNegotiatedNPN(const char* value, uint32_t length); - void SetEarlyDataAccepted(bool aAccepted); void SetHandshakeCompleted(); void NoteTimeUntilReady(); @@ -133,7 +132,6 @@ private: nsCString mNegotiatedNPN; bool mNPNCompleted; - bool mEarlyDataAccepted; bool mFalseStartCallbackCalled; bool mFalseStarted; bool mIsFullHandshake;