mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-09-09 04:54:33 +00:00
commit
ef01f06b64
@ -72,7 +72,7 @@ if CONFIG['HAVE_CLOCK_MONOTONIC']:
|
||||
OS_LIBS += CONFIG['REALTIME_LIBS']
|
||||
|
||||
# we build only on Darwin anyway
|
||||
if CONFIG['OS_ARCH'] == 'Darwin' and CONFIG['CPU_TYPE'] == 'ppc':
|
||||
if CONFIG['OS_ARCH'] == 'Darwin' and CONFIG['CPU_ARCH'] == 'ppc':
|
||||
OS_LIBS += ['-Wl,-stack_size,0x40000000,-stack_addr,0xf0000000']
|
||||
|
||||
if CONFIG['GNU_CXX']:
|
||||
|
@ -38,9 +38,11 @@ var gTenFourFoxPane = {
|
||||
|
||||
// Find and set the appropriate UA string based on the UA template.
|
||||
validUA : {
|
||||
"fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
|
||||
"fx" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Firefox/52.0",
|
||||
"fx60" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0",
|
||||
"classilla" : "NokiaN90-1/3.0545.5.1 Series60/2.8 Profile/MIDP-2.0 Configuration/CLDC-1.1 (en-US; rv:9.3.3) Clecko/20141026 Classilla/CFM",
|
||||
"ie8" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
|
||||
"ie11" : "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",
|
||||
"android" : "Mozilla/5.0 (Linux; Android 8.1.0; Pixel XL Build/OPM1.171019.021) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36",
|
||||
"ipad" : "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_6 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D100 Safari/604.1"
|
||||
},
|
||||
|
@ -63,9 +63,11 @@
|
||||
preference="tenfourfox.ua.template">
|
||||
<menupopup>
|
||||
<menuitem label="&TFFuserAgent.default;" value=""/>
|
||||
<menuitem label="Firefox 60ESR (Intel)" value="fx"/>
|
||||
<menuitem label="Firefox 60ESR (Intel)" value="fx60"/>
|
||||
<menuitem label="Firefox 52ESR (Intel)" value="fx"/>
|
||||
<menuitem label="Classilla 9.3.x" value="classilla"/>
|
||||
<menuitem label="Internet Explorer 8" value="ie8"/>
|
||||
<menuitem label="Internet Explorer 11" value="ie11"/>
|
||||
<menuitem label="Android Chrome" value="android"/>
|
||||
<menuitem label="iOS Safari (iPad)" value="ipad"/>
|
||||
</menupopup>
|
||||
|
@ -1058,6 +1058,18 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
|
||||
BLOK("api.b2c.com") ||
|
||||
|
||||
BLOK("bounceexchange.com") ||
|
||||
|
||||
BLOK("bullseye.backbeatmedia.com") ||
|
||||
BLOK("adserver1.backbeatmedia.com") ||
|
||||
|
||||
BLOK("live.sekindo.com") ||
|
||||
|
||||
BLOK("cdn.spotxcdn.com") ||
|
||||
|
||||
BLOK("api.addmee.net") ||
|
||||
|
||||
BLOK("a.intentmedia.net") ||
|
||||
BLOK("a.cdn.intentmedia.net") ||
|
||||
0) {
|
||||
#undef BLOK
|
||||
// Yup.
|
||||
|
@ -1971,6 +1971,7 @@ GK_ATOM(letterFrame, "LetterFrame")
|
||||
GK_ATOM(lineFrame, "LineFrame")
|
||||
GK_ATOM(listControlFrame,"ListControlFrame")
|
||||
GK_ATOM(menuFrame,"MenuFrame")
|
||||
GK_ATOM(meterFrame, "MeterFrame")
|
||||
GK_ATOM(menuPopupFrame,"MenuPopupFrame")
|
||||
GK_ATOM(numberControlFrame, "NumberControlFrame")
|
||||
GK_ATOM(objectFrame, "ObjectFrame")
|
||||
@ -1979,6 +1980,7 @@ GK_ATOM(pageBreakFrame, "PageBreakFrame")
|
||||
GK_ATOM(pageContentFrame, "PageContentFrame")
|
||||
GK_ATOM(placeholderFrame, "PlaceholderFrame")
|
||||
GK_ATOM(popupSetFrame, "PopupSetFrame")
|
||||
GK_ATOM(progressFrame, "ProgressFrame")
|
||||
GK_ATOM(canvasFrame, "CanvasFrame")
|
||||
GK_ATOM(rangeFrame, "RangeFrame")
|
||||
GK_ATOM(rootFrame, "RootFrame")
|
||||
|
@ -123,6 +123,16 @@ public:
|
||||
*/
|
||||
void DeleteAll();
|
||||
|
||||
/**
|
||||
* Check if a property exists (added for TenFourFox issue 493).
|
||||
*/
|
||||
bool Has(const nsIFrame* aFrame, const FramePropertyDescriptor* aProperty)
|
||||
{
|
||||
bool foundResult = false;
|
||||
(void)Get(aFrame, aProperty, &foundResult);
|
||||
return foundResult;
|
||||
}
|
||||
|
||||
size_t SizeOfExcludingThis(mozilla::MallocSizeOf aMallocSizeOf) const;
|
||||
|
||||
protected:
|
||||
@ -238,6 +248,13 @@ public:
|
||||
{
|
||||
mTable->Delete(mFrame, aProperty);
|
||||
}
|
||||
// TenFourFox issue 493
|
||||
bool Has(const FramePropertyDescriptor* aProperty)
|
||||
{
|
||||
bool foundResult;
|
||||
(void)mTable->Get(mFrame, aProperty, &foundResult);
|
||||
return foundResult;
|
||||
}
|
||||
|
||||
private:
|
||||
FramePropertyTable* mTable;
|
||||
|
@ -4489,6 +4489,43 @@ GetIntrinsicCoord(const nsStyleCoord& aStyle,
|
||||
static int32_t gNoiseIndent = 0;
|
||||
#endif
|
||||
|
||||
// Return true for form controls whose minimum intrinsic inline-size
|
||||
// shrinks to 0 when they have a percentage inline-size (but not
|
||||
// percentage max-inline-size). (Proper replaced elements, whose
|
||||
// intrinsic minimium inline-size shrinks to 0 for both percentage
|
||||
// inline-size and percentage max-inline-size, are handled elsewhere.)
|
||||
inline static bool
|
||||
FormControlShrinksForPercentISize(nsIFrame* aFrame)
|
||||
{
|
||||
if (!aFrame->IsFrameOfType(nsIFrame::eReplaced)) {
|
||||
// Quick test to reject most frames.
|
||||
return false;
|
||||
}
|
||||
|
||||
nsIAtom* fType = aFrame->GetType();
|
||||
if (fType == nsGkAtoms::meterFrame || fType == nsGkAtoms::progressFrame) {
|
||||
// progress and meter do have this shrinking behavior
|
||||
// FIXME: Maybe these should be nsIFormControlFrame?
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!static_cast<nsIFormControlFrame*>(do_QueryFrame(aFrame))) {
|
||||
// Not a form control. This includes fieldsets, which do not
|
||||
// shrink.
|
||||
return false;
|
||||
}
|
||||
|
||||
if (fType == nsGkAtoms::gfxButtonControlFrame ||
|
||||
fType == nsGkAtoms::HTMLButtonControlFrame) {
|
||||
// Buttons don't have this shrinking behavior. (Note that color
|
||||
// inputs do, even though they inherit from button, so we can't use
|
||||
// do_QueryFrame here.)
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add aOffsets which describes what to add on outside of the content box
|
||||
* aContentSize (controlled by 'box-sizing') and apply min/max properties.
|
||||
@ -4565,19 +4602,23 @@ AddIntrinsicSizeOffset(nsRenderingContext* aRenderingContext,
|
||||
pctTotal += pctOutsideSize;
|
||||
|
||||
nscoord size;
|
||||
if (GetAbsoluteCoord(aStyleSize, size) ||
|
||||
GetIntrinsicCoord(aStyleSize, aRenderingContext, aFrame,
|
||||
PROP_WIDTH, size)) {
|
||||
if (aType == nsLayoutUtils::MIN_ISIZE &&
|
||||
(((aStyleSize.HasPercent() || aStyleMaxSize.HasPercent()) &&
|
||||
aFrame->IsFrameOfType(nsIFrame::eReplacedSizing)) ||
|
||||
(aStyleSize.HasPercent() &&
|
||||
FormControlShrinksForPercentISize(aFrame)))) {
|
||||
// A percentage width or max-width on replaced elements means they
|
||||
// can shrink to 0.
|
||||
// This is also true for percentage widths (but not max-widths) on
|
||||
// text inputs.
|
||||
// Note that if this is max-width, this overrides the fixed-width
|
||||
// rule in the next condition.
|
||||
result = 0; // let |min| handle padding/border/margin
|
||||
} else if (GetAbsoluteCoord(aStyleSize, size) ||
|
||||
GetIntrinsicCoord(aStyleSize, aRenderingContext, aFrame,
|
||||
PROP_WIDTH, size)) {
|
||||
result = nsLayoutUtils::AddPercents(aType, size + coordOutsideSize,
|
||||
pctOutsideSize);
|
||||
} else if (aType == nsLayoutUtils::MIN_ISIZE &&
|
||||
// The only cases of coord-percent-calc() units that
|
||||
// GetAbsoluteCoord didn't handle are percent and calc()s
|
||||
// containing percent.
|
||||
aStyleSize.IsCoordPercentCalcUnit() &&
|
||||
aFrame->IsFrameOfType(nsIFrame::eReplaced)) {
|
||||
// A percentage width on replaced elements means they can shrink to 0.
|
||||
result = 0; // let |min| handle padding/border/margin
|
||||
} else {
|
||||
// NOTE: We could really do a lot better for percents and for some
|
||||
// cases of calc() containing percent (certainly including any where
|
||||
@ -5124,33 +5165,58 @@ nsLayoutUtils::ComputeSizeWithIntrinsicDimensions(WritingMode aWM,
|
||||
bool isFlexItem = aFrame->IsFlexItem();
|
||||
bool isInlineFlexItem = false;
|
||||
|
||||
Maybe<nsStyleCoord> imposedMainSizeStyleCoord;
|
||||
|
||||
// If this is a flex item, and we're measuring its cross size after flexing
|
||||
// to resolve its main size, then we need to use the resolved main size
|
||||
// that the container provides to us *instead of* the main-size coordinate
|
||||
// from our style struct. (Otherwise, we'll be using an irrelevant value in
|
||||
// the aspect-ratio calculations below.)
|
||||
if (isFlexItem) {
|
||||
// Flex items use their "flex-basis" property in place of their main-size
|
||||
// property (e.g. "width") for sizing purposes, *unless* they have
|
||||
// "flex-basis:auto", in which case they use their main-size property after
|
||||
// all.
|
||||
uint32_t flexDirection =
|
||||
aFrame->GetParent()->StylePosition()->mFlexDirection;
|
||||
isInlineFlexItem =
|
||||
flexDirection == NS_STYLE_FLEX_DIRECTION_ROW ||
|
||||
flexDirection == NS_STYLE_FLEX_DIRECTION_ROW_REVERSE;
|
||||
|
||||
// NOTE: The logic here should match the similar chunk for determining
|
||||
// inlineStyleCoord and blockStyleCoord in nsFrame::ComputeSize().
|
||||
const nsStyleCoord* flexBasis = &(stylePos->mFlexBasis);
|
||||
if (flexBasis->GetUnit() != eStyleUnit_Auto) {
|
||||
// If FlexItemMainSizeOverride frame-property is set, then that means the
|
||||
// flex container is imposing a main-size on this flex item for it to use
|
||||
// as its size in the container's main axis.
|
||||
FrameProperties props = aFrame->Properties();
|
||||
bool didImposeMainSize;
|
||||
nscoord imposedMainSize =
|
||||
props.Get(nsIFrame::FlexItemMainSizeOverride(), &didImposeMainSize);
|
||||
if (didImposeMainSize) {
|
||||
imposedMainSizeStyleCoord.emplace(imposedMainSize,
|
||||
nsStyleCoord::CoordConstructor);
|
||||
if (isInlineFlexItem) {
|
||||
inlineStyleCoord = flexBasis;
|
||||
inlineStyleCoord = imposedMainSizeStyleCoord.ptr();
|
||||
} else {
|
||||
// One caveat for vertical flex items: We don't support enumerated
|
||||
// values (e.g. "max-content") for height properties yet. So, if our
|
||||
// computed flex-basis is an enumerated value, we'll just behave as if
|
||||
// it were "auto", which means "use the main-size property after all"
|
||||
// (which is "height", in this case).
|
||||
// NOTE: Once we support intrinsic sizing keywords for "height",
|
||||
// we should remove this check.
|
||||
if (flexBasis->GetUnit() != eStyleUnit_Enumerated) {
|
||||
blockStyleCoord = flexBasis;
|
||||
blockStyleCoord = imposedMainSizeStyleCoord.ptr();
|
||||
}
|
||||
|
||||
} else {
|
||||
// Flex items use their "flex-basis" property in place of their main-size
|
||||
// property (e.g. "width") for sizing purposes, *unless* they have
|
||||
// "flex-basis:auto", in which case they use their main-size property
|
||||
// after all.
|
||||
// NOTE: The logic here should match the similar chunk for determining
|
||||
// inlineStyleCoord and blockStyleCoord in nsFrame::ComputeSize().
|
||||
const nsStyleCoord* flexBasis = &(stylePos->mFlexBasis);
|
||||
if (flexBasis->GetUnit() != eStyleUnit_Auto) {
|
||||
if (isInlineFlexItem) {
|
||||
inlineStyleCoord = flexBasis;
|
||||
} else {
|
||||
// One caveat for vertical flex items: We don't support enumerated
|
||||
// values (e.g. "max-content") for height properties yet. So, if our
|
||||
// computed flex-basis is an enumerated value, we'll just behave as if
|
||||
// it were "auto", which means "use the main-size property after all"
|
||||
// (which is "height", in this case).
|
||||
// NOTE: Once we support intrinsic sizing keywords for "height",
|
||||
// we should remove this check.
|
||||
if (flexBasis->GetUnit() != eStyleUnit_Enumerated) {
|
||||
blockStyleCoord = flexBasis;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -56,6 +56,12 @@ nsMeterFrame::DestroyFrom(nsIFrame* aDestructRoot)
|
||||
nsContainerFrame::DestroyFrom(aDestructRoot);
|
||||
}
|
||||
|
||||
nsIAtom*
|
||||
nsMeterFrame::GetType() const
|
||||
{
|
||||
return nsGkAtoms::meterFrame;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsMeterFrame::CreateAnonymousContent(nsTArray<ContentInfo>& aElements)
|
||||
{
|
||||
|
@ -32,6 +32,8 @@ public:
|
||||
const nsHTMLReflowState& aReflowState,
|
||||
nsReflowStatus& aStatus) override;
|
||||
|
||||
virtual nsIAtom* GetType() const override;
|
||||
|
||||
#ifdef DEBUG_FRAME_DUMP
|
||||
virtual nsresult GetFrameName(nsAString& aResult) const override {
|
||||
return MakeFrameName(NS_LITERAL_STRING("Meter"), aResult);
|
||||
|
@ -55,6 +55,12 @@ nsProgressFrame::DestroyFrom(nsIFrame* aDestructRoot)
|
||||
nsContainerFrame::DestroyFrom(aDestructRoot);
|
||||
}
|
||||
|
||||
nsIAtom*
|
||||
nsProgressFrame::GetType() const
|
||||
{
|
||||
return nsGkAtoms::progressFrame;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsProgressFrame::CreateAnonymousContent(nsTArray<ContentInfo>& aElements)
|
||||
{
|
||||
|
@ -35,6 +35,8 @@ public:
|
||||
const nsHTMLReflowState& aReflowState,
|
||||
nsReflowStatus& aStatus) override;
|
||||
|
||||
virtual nsIAtom* GetType() const override;
|
||||
|
||||
#ifdef DEBUG_FRAME_DUMP
|
||||
virtual nsresult GetFrameName(nsAString& aResult) const override {
|
||||
return MakeFrameName(NS_LITERAL_STRING("Progress"), aResult);
|
||||
|
@ -462,6 +462,9 @@ public:
|
||||
return mFlexShrink * mFlexBaseSize;
|
||||
}
|
||||
|
||||
const nsSize& IntrinsicRatio() const { return mIntrinsicRatio; }
|
||||
bool HasIntrinsicRatio() const { return mIntrinsicRatio != nsSize(); }
|
||||
|
||||
// Getters for margin:
|
||||
// ===================
|
||||
const nsMargin& GetMargin() const { return mMargin; }
|
||||
@ -642,6 +645,10 @@ public:
|
||||
|
||||
uint32_t GetNumAutoMarginsInAxis(AxisOrientationType aAxis) const;
|
||||
|
||||
// Once the main size has been resolved, should we bother doing layout to
|
||||
// establish the cross size?
|
||||
bool CanMainSizeInfluenceCrossSize(const FlexboxAxisTracker& aAxisTracker) const;
|
||||
|
||||
protected:
|
||||
// Helper called by the constructor, to set mNeedsMinSizeAutoResolution:
|
||||
void CheckForMinSizeAuto(const nsHTMLReflowState& aFlexItemReflowState,
|
||||
@ -654,6 +661,10 @@ protected:
|
||||
const float mFlexGrow;
|
||||
const float mFlexShrink;
|
||||
|
||||
public: // bustage kludge for bug 1030952 (see TenFourFox issue 493)
|
||||
const nsSize mIntrinsicRatio;
|
||||
protected:
|
||||
|
||||
const nsMargin mBorderPadding;
|
||||
nsMargin mMargin; // non-const because we need to resolve auto margins
|
||||
|
||||
@ -1258,7 +1269,6 @@ MainSizeFromAspectRatio(nscoord aCrossSize,
|
||||
static nscoord
|
||||
PartiallyResolveAutoMinSize(const FlexItem& aFlexItem,
|
||||
const nsHTMLReflowState& aItemReflowState,
|
||||
const nsSize& aIntrinsicRatio,
|
||||
const FlexboxAxisTracker& aAxisTracker)
|
||||
{
|
||||
MOZ_ASSERT(aFlexItem.NeedsMinSizeAutoResolution(),
|
||||
@ -1295,7 +1305,7 @@ PartiallyResolveAutoMinSize(const FlexItem& aFlexItem,
|
||||
// * if the item has an intrinsic aspect ratio, the width (height) calculated
|
||||
// from the aspect ratio and any definite size constraints in the opposite
|
||||
// dimension.
|
||||
if (aAxisTracker.GetCrossComponent(aIntrinsicRatio) != 0) {
|
||||
if (aAxisTracker.GetCrossComponent(aFlexItem.mIntrinsicRatio) != 0) {
|
||||
// We have a usable aspect ratio. (not going to divide by 0)
|
||||
const bool useMinSizeIfCrossSizeIsIndefinite = true;
|
||||
nscoord crossSizeToUseWithRatio =
|
||||
@ -1304,7 +1314,7 @@ PartiallyResolveAutoMinSize(const FlexItem& aFlexItem,
|
||||
aAxisTracker);
|
||||
nscoord minMainSizeFromRatio =
|
||||
MainSizeFromAspectRatio(crossSizeToUseWithRatio,
|
||||
aIntrinsicRatio, aAxisTracker);
|
||||
aFlexItem.mIntrinsicRatio, aAxisTracker);
|
||||
minMainSize = std::min(minMainSize, minMainSizeFromRatio);
|
||||
}
|
||||
|
||||
@ -1318,7 +1328,6 @@ PartiallyResolveAutoMinSize(const FlexItem& aFlexItem,
|
||||
static bool
|
||||
ResolveAutoFlexBasisFromRatio(FlexItem& aFlexItem,
|
||||
const nsHTMLReflowState& aItemReflowState,
|
||||
const nsSize& aIntrinsicRatio,
|
||||
const FlexboxAxisTracker& aAxisTracker)
|
||||
{
|
||||
MOZ_ASSERT(NS_AUTOHEIGHT == aFlexItem.GetFlexBaseSize(),
|
||||
@ -1329,7 +1338,7 @@ ResolveAutoFlexBasisFromRatio(FlexItem& aFlexItem,
|
||||
// - a definite cross size
|
||||
// then the flex base size is calculated from its inner cross size and the
|
||||
// flex item’s intrinsic aspect ratio.
|
||||
if (aAxisTracker.GetCrossComponent(aIntrinsicRatio) != 0) {
|
||||
if (aAxisTracker.GetCrossComponent(aFlexItem.mIntrinsicRatio) != 0) {
|
||||
// We have a usable aspect ratio. (not going to divide by 0)
|
||||
const bool useMinSizeIfCrossSizeIsIndefinite = false;
|
||||
nscoord crossSizeToUseWithRatio =
|
||||
@ -1340,7 +1349,7 @@ ResolveAutoFlexBasisFromRatio(FlexItem& aFlexItem,
|
||||
// We have a definite cross-size
|
||||
nscoord mainSizeFromRatio =
|
||||
MainSizeFromAspectRatio(crossSizeToUseWithRatio,
|
||||
aIntrinsicRatio, aAxisTracker);
|
||||
aFlexItem.mIntrinsicRatio, aAxisTracker);
|
||||
aFlexItem.SetFlexBaseSizeAndMainSize(mainSizeFromRatio);
|
||||
return true;
|
||||
}
|
||||
@ -1398,19 +1407,15 @@ nsFlexContainerFrame::
|
||||
}
|
||||
}
|
||||
|
||||
// We'll need the intrinsic ratio (if there is one), regardless of whether
|
||||
// we're resolving min-[width|height]:auto or flex-basis:auto.
|
||||
const nsSize ratio = aFlexItem.Frame()->GetIntrinsicRatio();
|
||||
|
||||
nscoord resolvedMinSize; // (only set/used if isMainMinSizeAuto==true)
|
||||
bool minSizeNeedsToMeasureContent = false; // assume the best
|
||||
if (isMainMinSizeAuto) {
|
||||
// Resolve the min-size, except for considering the min-content size.
|
||||
// (We'll consider that later, if we need to.)
|
||||
resolvedMinSize = PartiallyResolveAutoMinSize(aFlexItem, aItemReflowState,
|
||||
ratio, aAxisTracker);
|
||||
aAxisTracker);
|
||||
if (resolvedMinSize > 0 &&
|
||||
aAxisTracker.GetCrossComponent(ratio) == 0) {
|
||||
aAxisTracker.GetCrossComponent(aFlexItem.IntrinsicRatio()) == 0) {
|
||||
// We don't have a usable aspect ratio, so we need to consider our
|
||||
// min-content size as another candidate min-size, which we'll have to
|
||||
// min() with the current resolvedMinSize.
|
||||
@ -1423,7 +1428,7 @@ nsFlexContainerFrame::
|
||||
bool flexBasisNeedsToMeasureContent = false; // assume the best
|
||||
if (isMainSizeAuto) {
|
||||
if (!ResolveAutoFlexBasisFromRatio(aFlexItem, aItemReflowState,
|
||||
ratio, aAxisTracker)) {
|
||||
aAxisTracker)) {
|
||||
flexBasisNeedsToMeasureContent = true;
|
||||
}
|
||||
}
|
||||
@ -1543,6 +1548,7 @@ FlexItem::FlexItem(nsHTMLReflowState& aFlexItemReflowState,
|
||||
: mFrame(aFlexItemReflowState.frame),
|
||||
mFlexGrow(aFlexGrow),
|
||||
mFlexShrink(aFlexShrink),
|
||||
mIntrinsicRatio(mFrame->GetIntrinsicRatio()),
|
||||
mBorderPadding(aFlexItemReflowState.ComputedPhysicalBorderPadding()),
|
||||
mMargin(aFlexItemReflowState.ComputedPhysicalMargin()),
|
||||
mMainMinSize(aMainMinSize),
|
||||
@ -1624,6 +1630,7 @@ FlexItem::FlexItem(nsIFrame* aChildFrame, nscoord aCrossSize,
|
||||
: mFrame(aChildFrame),
|
||||
mFlexGrow(0.0f),
|
||||
mFlexShrink(0.0f),
|
||||
mIntrinsicRatio(),
|
||||
// mBorderPadding uses default constructor,
|
||||
// mMargin uses default constructor,
|
||||
mFlexBaseSize(0),
|
||||
@ -1736,6 +1743,45 @@ FlexItem::GetNumAutoMarginsInAxis(AxisOrientationType aAxis) const
|
||||
return numAutoMargins;
|
||||
}
|
||||
|
||||
bool
|
||||
FlexItem::CanMainSizeInfluenceCrossSize(
|
||||
const FlexboxAxisTracker& aAxisTracker) const
|
||||
{
|
||||
if (mIsStretched) {
|
||||
// We've already had our cross-size stretched for "align-self:stretch").
|
||||
// The container is imposing its cross size on us.
|
||||
return false;
|
||||
}
|
||||
|
||||
if (HasIntrinsicRatio()) {
|
||||
// For flex items that have an intrinsic ratio (and maintain it, i.e. are
|
||||
// not stretched, which we already checked above): changes to main-size
|
||||
// *do* influence the cross size.
|
||||
return true;
|
||||
}
|
||||
|
||||
if (mIsStrut) {
|
||||
// Struts (for visibility:collapse items) have a predetermined size;
|
||||
// no need to measure anything.
|
||||
return false;
|
||||
}
|
||||
|
||||
if (aAxisTracker.IsCrossAxisHorizontal()) {
|
||||
// If the cross axis is horizontal, then changes to the item's main size
|
||||
// (height) can't influence its cross size (width), if the item is a block
|
||||
// with a horizontal writing-mode.
|
||||
// XXXdholbert This doesn't account for vertical writing-modes, items with
|
||||
// aspect ratios, items that are multicol elements, & items that are
|
||||
// multi-line vertical flex containers. In all of those cases, a change to
|
||||
// the height could influence the width.
|
||||
return false;
|
||||
}
|
||||
|
||||
// Default assumption, if we haven't proven otherwise: the resolved main size
|
||||
// *can* change the cross size.
|
||||
return true;
|
||||
}
|
||||
|
||||
// Keeps track of our position along a particular axis (where a '0' position
|
||||
// corresponds to the 'start' edge of that axis).
|
||||
// This class shouldn't be instantiated directly -- rather, it should only be
|
||||
@ -3488,16 +3534,17 @@ nsFlexContainerFrame::SizeItemInCrossAxis(
|
||||
FlexItem& aItem)
|
||||
{
|
||||
if (aAxisTracker.IsCrossAxisHorizontal()) {
|
||||
// XXXdholbert NOTE: For now, we should never hit this case, due to a
|
||||
// !aAxisTracker.IsCrossAxisHorizontal() check that guards this
|
||||
// call in the caller. BUT, when we add support for vertical writing-modes,
|
||||
// (in bug 1079155 or a dependency), we'll relax that check, and we'll need
|
||||
// to be able to measure the baseline & width (given our resolved height)
|
||||
MOZ_ASSERT(aItem.HasIntrinsicRatio(),
|
||||
"For now, caller's CanMainSizeInfluenceCrossSize check should "
|
||||
"only allow us to get here for items with intrinsic ratio");
|
||||
// XXXdholbert When we finish support for vertical writing-modes,
|
||||
// (in bug 1079155 or a dependency), we'll relax the horizontal check in
|
||||
// CanMainSizeInfluenceCrossSize, and this function will need to be able
|
||||
// to measure the baseline & width (given our resolved height)
|
||||
// of vertical-writing-mode flex items here.
|
||||
MOZ_ASSERT_UNREACHABLE("Caller should use tentative cross size instead "
|
||||
"of calling SizeItemInCrossAxis");
|
||||
// (But if we do happen to get here, just trust the passed-in reflow state
|
||||
// for our cross size [width].)
|
||||
// For now, we only expect to get here for items with an intrinsic aspect
|
||||
// ratio; and for those items, we can just read the size off of the reflow
|
||||
// state, without performing reflow.
|
||||
aItem.SetCrossSize(aChildReflowState.ComputedWidth());
|
||||
return;
|
||||
}
|
||||
@ -3709,6 +3756,40 @@ private:
|
||||
MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
|
||||
};
|
||||
|
||||
// Class to let us temporarily provide an override value for the the main-size
|
||||
// CSS property ('width' or 'height') on a flex item, for use in
|
||||
// nsLayoutUtils::ComputeSizeWithIntrinsicDimensions.
|
||||
// (We could use this overridden size more broadly, too, but it's probably
|
||||
// better to avoid property-table accesses. So, where possible, we communicate
|
||||
// the resolved main-size to the child via modifying its reflow state directly,
|
||||
// instead of using this class.)
|
||||
class MOZ_RAII AutoFlexItemMainSizeOverride final
|
||||
{
|
||||
public:
|
||||
explicit AutoFlexItemMainSizeOverride(FlexItem& aItem
|
||||
MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
||||
: mItemProps(aItem.Frame()->Properties())
|
||||
{
|
||||
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
||||
|
||||
MOZ_ASSERT(!mItemProps.Has(nsIFrame::FlexItemMainSizeOverride()),
|
||||
"FlexItemMainSizeOverride prop shouldn't be set already; "
|
||||
"it should only be set temporarily (& not recursively)");
|
||||
NS_ASSERTION(aItem.HasIntrinsicRatio(),
|
||||
"This should only be needed for items with an aspect ratio");
|
||||
|
||||
mItemProps.Set(nsIFrame::FlexItemMainSizeOverride(), aItem.GetMainSize());
|
||||
}
|
||||
|
||||
~AutoFlexItemMainSizeOverride() {
|
||||
mItemProps.Remove(nsIFrame::FlexItemMainSizeOverride());
|
||||
}
|
||||
|
||||
private:
|
||||
const FrameProperties mItemProps;
|
||||
MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
|
||||
};
|
||||
|
||||
void
|
||||
nsFlexContainerFrame::DoFlexLayout(nsPresContext* aPresContext,
|
||||
nsHTMLReflowMetrics& aDesiredSize,
|
||||
@ -3744,41 +3825,35 @@ nsFlexContainerFrame::DoFlexLayout(nsPresContext* aPresContext,
|
||||
nscoord sumLineCrossSizes = 0;
|
||||
for (FlexLine* line = lines.getFirst(); line; line = line->getNext()) {
|
||||
for (FlexItem* item = line->GetFirstItem(); item; item = item->getNext()) {
|
||||
// Note that we may already have the correct cross size. (We guess at it
|
||||
// in GenerateFlexItemForChild(), and we also may resolve it early for
|
||||
// stretched flex items.)
|
||||
//
|
||||
// We can skip measuring an item's cross size here in a few scenarios:
|
||||
// (A) If the flex item has already been stretched, then we're imposing
|
||||
// the container's cross size on it; no need to measure.
|
||||
// (B) If the flex item is a "strut", then it's just a placeholder with a
|
||||
// predetermined cross size; no need to measure.
|
||||
// (C) If the item's main-size can't affect its cross-size, then the
|
||||
// item's tentative cross size (which we got from the reflow state in
|
||||
// GenerateFlexItemForChild()) is correct. So, no need to re-measure.
|
||||
// (For now, this is equivalent to checking if the cross-axis is
|
||||
// horizontal, because until we enable vertical writing-modes, an
|
||||
// element's computed width can't be influenced by its computed
|
||||
// height.)
|
||||
if (!item->IsStretched() && // !A
|
||||
!item->IsStrut() && // !B
|
||||
!aAxisTracker.IsCrossAxisHorizontal()) { // !C
|
||||
// The item may already have the correct cross-size; only recalculate
|
||||
// if the item's main size resolution (flexing) could have influenced it:
|
||||
if (item->CanMainSizeInfluenceCrossSize(aAxisTracker)) {
|
||||
Maybe<AutoFlexItemMainSizeOverride> sizeOverride;
|
||||
if (item->HasIntrinsicRatio()) {
|
||||
// For flex items with an aspect ratio, we have to impose an override
|
||||
// for the main-size property *before* we even instantiate the reflow
|
||||
// state, in order for aspect ratio calculations to produce the right
|
||||
// cross size in the reflow state. (For other flex items, it's OK
|
||||
// (and cheaper) to impose our main size *after* the reflow state has
|
||||
// been constructed, since the main size shouldn't influence anything
|
||||
// about cross-size measurement until we actually reflow the child.)
|
||||
sizeOverride.emplace(*item);
|
||||
}
|
||||
|
||||
WritingMode wm = item->Frame()->GetWritingMode();
|
||||
LogicalSize availSize = aReflowState.ComputedSize(wm);
|
||||
availSize.BSize(wm) = NS_UNCONSTRAINEDSIZE;
|
||||
nsHTMLReflowState childReflowState(aPresContext, aReflowState,
|
||||
item->Frame(), availSize);
|
||||
// Override computed main-size
|
||||
if (aAxisTracker.IsMainAxisHorizontal()) {
|
||||
childReflowState.SetComputedWidth(item->GetMainSize());
|
||||
} else {
|
||||
// XXXdholbert NOTE: For now, we'll never hit this case, due to the
|
||||
// !aAxisTracker.IsCrossAxisHorizontal() check above. But
|
||||
// when we add support for vertical writing modes, we'll relax that
|
||||
// check and be able to hit this code.
|
||||
childReflowState.SetComputedHeight(item->GetMainSize());
|
||||
if (!sizeOverride) {
|
||||
// Directly override the computed main-size, by tweaking reflow state:
|
||||
if (aAxisTracker.IsMainAxisHorizontal()) {
|
||||
childReflowState.SetComputedWidth(item->GetMainSize());
|
||||
} else {
|
||||
childReflowState.SetComputedHeight(item->GetMainSize());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
SizeItemInCrossAxis(aPresContext, aAxisTracker,
|
||||
childReflowState, *item);
|
||||
}
|
||||
@ -4076,20 +4151,29 @@ nsFlexContainerFrame::ReflowFlexItem(nsPresContext* aPresContext,
|
||||
didOverrideComputedHeight = true;
|
||||
}
|
||||
|
||||
// Override reflow state's computed cross-size, for stretched items.
|
||||
if (aItem.IsStretched()) {
|
||||
MOZ_ASSERT(aItem.GetAlignSelf() == NS_STYLE_ALIGN_STRETCH,
|
||||
"stretched item w/o 'align-self: stretch'?");
|
||||
// Override reflow state's computed cross-size if either:
|
||||
// - the item was stretched (in which case we're imposing a cross size)
|
||||
// ...or...
|
||||
// - the item it has an aspect ratio (in which case the cross-size that's
|
||||
// currently in the reflow state is based on arithmetic involving a stale
|
||||
// main-size value that we just stomped on above). (Note that we could handle
|
||||
// this case using an AutoFlexItemMainSizeOverride, as we do elsewhere; but
|
||||
// given that we *already know* the correct cross size to use here, it's
|
||||
// cheaper to just directly set it instead of setting a frame property.)
|
||||
if (aItem.IsStretched() ||
|
||||
aItem.HasIntrinsicRatio()) {
|
||||
if (aAxisTracker.IsCrossAxisHorizontal()) {
|
||||
childReflowState.SetComputedWidth(aItem.GetCrossSize());
|
||||
didOverrideComputedWidth = true;
|
||||
} else {
|
||||
// If this item's height is stretched, it's a relative height.
|
||||
aItem.Frame()->AddStateBits(NS_FRAME_CONTAINS_RELATIVE_BSIZE);
|
||||
childReflowState.SetComputedHeight(aItem.GetCrossSize());
|
||||
didOverrideComputedHeight = true;
|
||||
}
|
||||
}
|
||||
if (aItem.IsStretched() && !aAxisTracker.IsCrossAxisHorizontal()) {
|
||||
// If this item's height is stretched, it's a relative height.
|
||||
aItem.Frame()->AddStateBits(NS_FRAME_CONTAINS_RELATIVE_BSIZE);
|
||||
}
|
||||
|
||||
// XXXdholbert Might need to actually set the correct margins in the
|
||||
// reflow state at some point, so that they can be saved on the frame for
|
||||
|
@ -86,7 +86,8 @@ public:
|
||||
|
||||
virtual bool IsFrameOfType(uint32_t aFlags) const override
|
||||
{
|
||||
return nsSplittableFrame::IsFrameOfType(aFlags & ~(nsIFrame::eReplaced));
|
||||
return nsSplittableFrame::IsFrameOfType(aFlags &
|
||||
~(nsIFrame::eReplaced | nsIFrame::eReplacedSizing));
|
||||
}
|
||||
|
||||
#ifdef DEBUG_FRAME_DUMP
|
||||
|
@ -893,6 +893,12 @@ public:
|
||||
|
||||
NS_DECLARE_FRAME_PROPERTY(LineBaselineOffset, nullptr)
|
||||
|
||||
// Temporary override for a flex item's main-size property (either width
|
||||
// or height), imposed by its flex container.
|
||||
// XXX: We don't have bug 1064843, so use the previous declaration system
|
||||
// (see bug 1030952 part 3 and TenFourFox issue 493).
|
||||
NS_DECLARE_FRAME_PROPERTY(FlexItemMainSizeOverride, nullptr)
|
||||
|
||||
NS_DECLARE_FRAME_PROPERTY(CachedBackgroundImage, ReleaseValue<gfxASurface>)
|
||||
NS_DECLARE_FRAME_PROPERTY(CachedBackgroundImageDT,
|
||||
ReleaseValue<mozilla::gfx::DrawTarget>)
|
||||
@ -2123,6 +2129,11 @@ public:
|
||||
eExcludesIgnorableWhitespace = 1 << 14,
|
||||
eSupportsCSSTransforms = 1 << 15,
|
||||
|
||||
// A replaced element that has replaced-element sizing
|
||||
// characteristics (i.e., like images or iframes), as opposed to
|
||||
// inline-block sizing characteristics (like form controls).
|
||||
eReplacedSizing = 1 << 16,
|
||||
|
||||
// These are to allow nsFrame::Init to assert that IsFrameOfType
|
||||
// implementations all call the base class method. They are only
|
||||
// meaningful in DEBUG builds.
|
||||
|
@ -112,7 +112,8 @@ public:
|
||||
|
||||
virtual bool IsFrameOfType(uint32_t aFlags) const override
|
||||
{
|
||||
return ImageFrameSuper::IsFrameOfType(aFlags & ~(nsIFrame::eReplaced));
|
||||
return ImageFrameSuper::IsFrameOfType(aFlags &
|
||||
~(nsIFrame::eReplaced | nsIFrame::eReplacedSizing));
|
||||
}
|
||||
|
||||
#ifdef DEBUG_FRAME_DUMP
|
||||
|
@ -91,7 +91,8 @@ public:
|
||||
|
||||
virtual bool IsFrameOfType(uint32_t aFlags) const override
|
||||
{
|
||||
return nsPluginFrameSuper::IsFrameOfType(aFlags & ~(nsIFrame::eReplaced));
|
||||
return nsPluginFrameSuper::IsFrameOfType(aFlags &
|
||||
~(nsIFrame::eReplaced | nsIFrame::eReplacedSizing));
|
||||
}
|
||||
|
||||
virtual bool NeedsView() override { return true; }
|
||||
|
@ -37,7 +37,9 @@ public:
|
||||
{
|
||||
// nsLeafFrame is already eReplacedContainsBlock, but that's somewhat bogus
|
||||
return nsLeafFrame::IsFrameOfType(aFlags &
|
||||
~(nsIFrame::eReplaced | nsIFrame::eReplacedContainsBlock));
|
||||
~(nsIFrame::eReplaced |
|
||||
nsIFrame::eReplacedSizing |
|
||||
nsIFrame::eReplacedContainsBlock));
|
||||
}
|
||||
|
||||
virtual void Init(nsIContent* aContent,
|
||||
|
@ -77,7 +77,8 @@ public:
|
||||
|
||||
virtual bool IsFrameOfType(uint32_t aFlags) const override
|
||||
{
|
||||
return nsSplittableFrame::IsFrameOfType(aFlags & ~(nsIFrame::eReplaced));
|
||||
return nsSplittableFrame::IsFrameOfType(aFlags &
|
||||
~(nsIFrame::eReplaced | nsIFrame::eReplacedSizing));
|
||||
}
|
||||
|
||||
virtual nsresult CreateAnonymousContent(nsTArray<ContentInfo>& aElements) override;
|
||||
|
@ -673,6 +673,9 @@ static const uint32_t EnabledCiphers[] = {
|
||||
// Anything outside this list is governed by the usual combination of policy
|
||||
// and user preferences.
|
||||
static const uint32_t DisabledCiphers[] = {
|
||||
// ALL SHA384 ciphers are disabled per bug 1310061.
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
|
@ -18,6 +18,7 @@ pref("security.ssl.enable_alpn", true);
|
||||
|
||||
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
|
||||
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
|
||||
pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true);
|
||||
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
|
||||
pref("security.ssl3.ecdhe_rsa_aes_128_sha256", true);
|
||||
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
|
||||
|
@ -1080,6 +1080,7 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
|
||||
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
|
||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: value = 11; break; // just in case, issue 489
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: value = 14; break; // just in case, issue 480
|
||||
// DHE key exchange
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
|
||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
|
||||
|
@ -619,6 +619,10 @@ static const CipherPref sCipherPrefs[] = {
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, true },
|
||||
{ "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true },
|
||||
|
||||
{ "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384",
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true },
|
||||
|
||||
{ "security.ssl3.ecdhe_rsa_aes_128_sha",
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
|
||||
{ "security.ssl3.ecdhe_ecdsa_aes_128_sha",
|
||||
|
@ -23,6 +23,9 @@
|
||||
#include "sslerr.h"
|
||||
|
||||
#ifndef NO_PKCS11_BYPASS
|
||||
|
||||
#error not patched for SHA384, see bug 923089
|
||||
|
||||
/* make this a macro! */
|
||||
#ifdef NOT_A_MACRO
|
||||
static void
|
||||
|
@ -97,6 +97,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
||||
* bug 946147.
|
||||
*/
|
||||
@ -292,6 +293,7 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
|
||||
{cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0},
|
||||
{cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0},
|
||||
{cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8},
|
||||
{cipher_aes_256_gcm, calg_aes_gcm, 32,32, type_aead, 4, 0,16, 8},
|
||||
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0},
|
||||
};
|
||||
|
||||
@ -416,8 +418,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
||||
|
||||
{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa},
|
||||
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
|
||||
|
||||
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
|
||||
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
||||
{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa}, // XXX: ssl_hash_sha384 hardcoded, see TenFourFox issue 480
|
||||
|
||||
{TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss},
|
||||
{TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss},
|
||||
@ -496,6 +500,7 @@ static const SSLCipher2Mech alg2Mech[] = {
|
||||
#define mmech_md5_hmac CKM_MD5_HMAC
|
||||
#define mmech_sha_hmac CKM_SHA_1_HMAC
|
||||
#define mmech_sha256_hmac CKM_SHA256_HMAC
|
||||
#define mmech_sha384_hmac CKM_SHA384_HMAC
|
||||
|
||||
static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
|
||||
/* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
|
||||
@ -507,6 +512,7 @@ static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
|
||||
{hmac_sha, mmech_sha_hmac, 0, SHA1_LENGTH},
|
||||
{hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH},
|
||||
{ mac_aead, mmech_invalid, 0, 0 },
|
||||
{hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH},
|
||||
};
|
||||
|
||||
/* indexed by SSL3BulkCipher */
|
||||
@ -666,6 +672,7 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
|
||||
return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
@ -2214,6 +2221,7 @@ ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
|
||||
#ifndef NO_PKCS11_BYPASS
|
||||
if (ss->opt.bypassPKCS11 && pwSpec->msItem.len && pwSpec->msItem.data) {
|
||||
/* Double Bypass succeeded in extracting the master_secret */
|
||||
#error not patched for SHA384, see bug 923089
|
||||
const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def;
|
||||
PRBool isTLS = (PRBool)(kea_def->tls_keygen ||
|
||||
(pwSpec->version > SSL_LIBRARY_VERSION_3_0));
|
||||
@ -2348,6 +2356,7 @@ ssl3_ComputeRecordMAC(
|
||||
case ssl_hmac_sha256: /* used with TLS */
|
||||
hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
|
||||
break;
|
||||
#error does not yet support SHA384, see bug 923089
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@ -3592,6 +3601,55 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* XXX: These are stubs for TenFourFox issue 480, based on bug 923089.
|
||||
Instead of using the prf_hash field, these simply check the cipher.
|
||||
If we add a whole lot of new ciphers, we should probably just bite the
|
||||
bullet and add the hash field, but for now just hard-code them IN BOTH
|
||||
PLACES.
|
||||
|
||||
We get away with this because the code actually just maps ssl_hash_sha256
|
||||
and _none to SHA-256, and the only other value is SHA-384 for our
|
||||
exception ciphers. */
|
||||
|
||||
inline static CK_MECHANISM_TYPE
|
||||
ssl3_GetTls12PrfHashMechanism(sslSocket *ss)
|
||||
{
|
||||
#if(0)
|
||||
// For reference
|
||||
switch (ss->ssl3.hs.suite_def->prf_hash) {
|
||||
case ssl_hash_sha384:
|
||||
return CKM_SHA384;
|
||||
case ssl_hash_sha256:
|
||||
case ssl_hash_none:
|
||||
/* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
|
||||
return CKM_SHA256;
|
||||
default:
|
||||
PORT_Assert(0);
|
||||
}
|
||||
return CKM_SHA256;
|
||||
#else
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
|
||||
return CKM_SHA384;
|
||||
return CKM_SHA256;
|
||||
#endif
|
||||
}
|
||||
|
||||
inline static SSLHashType
|
||||
ssl3_GetSuitePrfHash(sslSocket *ss) {
|
||||
#if(0)
|
||||
// For reference
|
||||
/* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
|
||||
if (ss->ssl3.hs.suite_def->prf_hash == ssl_hash_none) {
|
||||
return ssl_hash_sha256;
|
||||
}
|
||||
return ss->ssl3.hs.suite_def->prf_hash;
|
||||
#else
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
|
||||
return ssl_hash_sha384;
|
||||
return ssl_hash_sha256;
|
||||
#endif
|
||||
}
|
||||
|
||||
/* This method completes the derivation of the MS from the PMS.
|
||||
**
|
||||
** 1. Derive the MS, if possible, else return an error.
|
||||
@ -3709,7 +3767,7 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
|
||||
master_params.RandomInfo.pServerRandom = sr;
|
||||
master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
|
||||
if (isTLS12) {
|
||||
master_params.prfHashMechanism = CKM_SHA256;
|
||||
master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss);
|
||||
master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
|
||||
} else {
|
||||
/* prfHashMechanism is not relevant with this PRF */
|
||||
@ -3767,8 +3825,8 @@ tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
|
||||
}
|
||||
|
||||
if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
/* TLS 1.2 */
|
||||
extended_master_params.prfHashMechanism = CKM_SHA256;
|
||||
/* TLS 1.2+ */
|
||||
extended_master_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss);
|
||||
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
||||
} else {
|
||||
/* TLS < 1.2 */
|
||||
@ -3954,7 +4012,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss)
|
||||
|
||||
if (isTLS12) {
|
||||
key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
||||
key_material_params.prfHashMechanism = CKM_SHA256;
|
||||
key_material_params.prfHashMechanism = ssl3_GetTls12PrfHashMechanism(ss);
|
||||
key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
|
||||
} else if (isTLS) {
|
||||
key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
|
||||
@ -4032,11 +4090,14 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
|
||||
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
||||
* then this will need to be updated. */
|
||||
// We don't build with the bypass enabled, but this is here in case we need to.
|
||||
#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete
|
||||
ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
|
||||
if (!ss->ssl3.hs.sha_obj) {
|
||||
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
#error see bug 923089
|
||||
ss->ssl3.hs.sha_clone = (void (*)(void *, void *))SHA256_Clone;
|
||||
ss->ssl3.hs.hashType = handshake_hash_single;
|
||||
ss->ssl3.hs.sha_obj->begin(ss->ssl3.hs.sha_cx);
|
||||
@ -4055,9 +4116,20 @@ ssl3_InitHandshakeHashes(sslSocket *ss)
|
||||
* that the master secret will wind up in ...
|
||||
*/
|
||||
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
||||
* then this will need to be updated. */
|
||||
ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA256);
|
||||
/* determine the hash from the prf */
|
||||
const SECOidData *hash_oid =
|
||||
SECOID_FindOIDByMechanism(ssl3_GetTls12PrfHashMechanism(ss));
|
||||
|
||||
/* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_hash)
|
||||
* Convert that to the OidTag. We can then use that OidTag to create our
|
||||
* PK11Context */
|
||||
PORT_Assert(hash_oid != NULL);
|
||||
if (hash_oid == NULL) {
|
||||
ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset);
|
||||
if (ss->ssl3.hs.sha == NULL) {
|
||||
ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
|
||||
return SECFailure;
|
||||
@ -4378,6 +4450,12 @@ ssl3_AppendSignatureAndHashAlgorithm(
|
||||
sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash)
|
||||
{
|
||||
PRUint8 serialized[2];
|
||||
SECOidTag hashAlg = ssl3_TLSHashAlgorithmToOID(sigAndHash->hashAlg);
|
||||
if (hashAlg == SEC_OID_UNKNOWN) {
|
||||
PORT_Assert(0);
|
||||
PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
serialized[0] = (PRUint8)sigAndHash->hashAlg;
|
||||
serialized[1] = (PRUint8)sigAndHash->sigAlg;
|
||||
@ -4711,6 +4789,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss,
|
||||
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
||||
* then this will need to be updated. */
|
||||
hashes->hashAlg = ssl_hash_sha256;
|
||||
// We don't build with the bypass enabled, but this is here in case we need to.
|
||||
#error handling for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is incomplete
|
||||
rv = SECSuccess;
|
||||
} else if (ss->opt.bypassPKCS11) {
|
||||
/* compute them without PKCS11 */
|
||||
@ -4818,9 +4898,8 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss,
|
||||
rv = SECFailure;
|
||||
goto tls12_loser;
|
||||
}
|
||||
/* If we ever support ciphersuites where the PRF hash isn't SHA-256
|
||||
* then this will need to be updated. */
|
||||
hashes->hashAlg = ssl_hash_sha256;
|
||||
|
||||
hashes->hashAlg = ssl3_GetSuitePrfHash(ss);
|
||||
rv = SECSuccess;
|
||||
|
||||
tls12_loser:
|
||||
@ -6241,7 +6320,26 @@ loser:
|
||||
|
||||
|
||||
|
||||
/* Once a cipher suite has been selected, make sure that the necessary secondary
|
||||
* information is properly set. */
|
||||
static SECStatus
|
||||
ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite)
|
||||
{
|
||||
ss->ssl3.hs.cipher_suite = chosenSuite;
|
||||
ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(chosenSuite);
|
||||
if (!ss->ssl3.hs.suite_def) {
|
||||
PORT_Assert(0);
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
// XXX?
|
||||
ss->ssl3.hs.kea_def = &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
||||
|
||||
/* Now we've have a cipher suite, initialize the handshake hashes. */
|
||||
return ssl3_InitHandshakeHashes(ss);
|
||||
}
|
||||
|
||||
/* Called from ssl3_HandleServerHelloDone(). */
|
||||
static SECStatus
|
||||
@ -6482,13 +6580,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
|
||||
isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
|
||||
|
||||
rv = ssl3_InitHandshakeHashes(ss);
|
||||
if (rv != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
rv = ssl3_ConsumeHandshake(
|
||||
ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
|
||||
if (rv != SECSuccess) {
|
||||
@ -6537,13 +6628,12 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
|
||||
goto alert_loser;
|
||||
}
|
||||
ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp;
|
||||
ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp);
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
||||
PORT_Assert(ss->ssl3.hs.suite_def);
|
||||
if (!ss->ssl3.hs.suite_def) {
|
||||
PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE);
|
||||
goto loser; /* we don't send alerts for our screw-ups. */
|
||||
|
||||
rv = ssl3_SetCipherSuite(ss, (ssl3CipherSuite)temp);
|
||||
if (rv != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
/* find selected compression method in our list. */
|
||||
@ -7128,7 +7218,7 @@ done:
|
||||
/* Destroys the backup handshake hash context if we don't need it. Note that
|
||||
* this function selects the hash algorithm for client authentication
|
||||
* signatures; ssl3_SendCertificateVerify uses the presence of the backup hash
|
||||
* to determine whether to use SHA-1 or SHA-256. */
|
||||
* to determine whether to use SHA-1, or the PRF hash of the cipher suite. */
|
||||
static void
|
||||
ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
|
||||
const SECItem *algorithms)
|
||||
@ -7137,7 +7227,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
|
||||
SSLSignType sigAlg;
|
||||
PRBool preferSha1;
|
||||
PRBool supportsSha1 = PR_FALSE;
|
||||
PRBool supportsSha256 = PR_FALSE;
|
||||
PRBool supportsHandshakeHash = PR_FALSE;
|
||||
PRBool needBackupHash = PR_FALSE;
|
||||
unsigned int i;
|
||||
|
||||
@ -7161,15 +7251,17 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss,
|
||||
if (algorithms->data[i+1] == sigAlg) {
|
||||
if (algorithms->data[i] == ssl_hash_sha1) {
|
||||
supportsSha1 = PR_TRUE;
|
||||
} else if (algorithms->data[i] == ssl_hash_sha256) {
|
||||
supportsSha256 = PR_TRUE;
|
||||
}
|
||||
}
|
||||
} else if (algorithms->data[i] == ssl_hash_sha256 || algorithms->data[i] == ssl_hash_sha384) {
|
||||
/* XXX: This is wrong, but works. If we implement prf_hash,
|
||||
we should fix it. See bug 923089. */
|
||||
supportsHandshakeHash = PR_TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* If either the server does not support SHA-256 or the client key prefers
|
||||
/* If either the server does not support the handshake hash or the client key prefers
|
||||
* SHA-1, leave the backup hash. */
|
||||
if (supportsSha1 && (preferSha1 || !supportsSha256)) {
|
||||
if (supportsSha1 && (preferSha1 || !supportsHandshakeHash)) {
|
||||
needBackupHash = PR_TRUE;
|
||||
}
|
||||
|
||||
@ -8196,14 +8288,16 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
if (!suite->enabled)
|
||||
break;
|
||||
#endif
|
||||
/* Double check that the cached cipher suite is in the client's list */
|
||||
/* Double check that the cached cipher suite is in the client's
|
||||
* list. If it isn't, fall through and start a new session. */
|
||||
for (i = 0; i + 1 < suites.len; i += 2) {
|
||||
PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
|
||||
if (suite_i == suite->cipher_suite) {
|
||||
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
||||
ss->ssl3.hs.suite_def =
|
||||
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
||||
if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
/* Use the cached compression method. */
|
||||
ss->ssl3.hs.compression = sid->u.ssl3.compression;
|
||||
@ -8246,10 +8340,11 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
|
||||
for (i = 0; i + 1 < suites.len; i += 2) {
|
||||
PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
|
||||
if (suite_i == suite->cipher_suite) {
|
||||
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
||||
ss->ssl3.hs.suite_def =
|
||||
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
||||
if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
goto suite_found;
|
||||
}
|
||||
}
|
||||
@ -8763,13 +8858,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
|
||||
}
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
|
||||
|
||||
rv = ssl3_InitHandshakeHashes(ss);
|
||||
if (rv != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
/* if we get a non-zero SID, just ignore it. */
|
||||
if (length !=
|
||||
SSL_HL_CLIENT_HELLO_HBYTES + suite_length + sid_length + rand_length) {
|
||||
@ -8823,10 +8911,11 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length)
|
||||
for (i = 0; i+2 < suite_length; i += 3) {
|
||||
PRUint32 suite_i = (suites[i] << 16)|(suites[i+1] << 8)|suites[i+2];
|
||||
if (suite_i == suite->cipher_suite) {
|
||||
ss->ssl3.hs.cipher_suite = suite->cipher_suite;
|
||||
ss->ssl3.hs.suite_def =
|
||||
ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite);
|
||||
ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
|
||||
if (ssl3_SetCipherSuite(ss, suite_i) != SECSuccess) {
|
||||
desc = internal_error;
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
goto suite_found;
|
||||
}
|
||||
}
|
||||
@ -9375,6 +9464,8 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
|
||||
unsigned maxLen, PRUint32 *len)
|
||||
{
|
||||
unsigned int i;
|
||||
/* We only track a single hash, the one that is the basis for the PRF. */
|
||||
SSLHashType suiteHashAlg = ssl3_GetSuitePrfHash(ss);
|
||||
|
||||
PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2);
|
||||
if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) {
|
||||
@ -9386,9 +9477,9 @@ ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf,
|
||||
for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) {
|
||||
const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i];
|
||||
/* Note that we don't support a handshake hash with anything other than
|
||||
* SHA-256, so asking for a signature from clients for something else
|
||||
* would be inviting disaster. */
|
||||
if (alg->hashAlg == ssl_hash_sha256) {
|
||||
* the PRF hash, so asking for a signature from clients for something
|
||||
* else would be inviting disaster. */
|
||||
if (alg->hashAlg == suiteHashAlg) {
|
||||
buf[(*len)++] = (PRUint8)alg->hashAlg;
|
||||
buf[(*len)++] = (PRUint8)alg->sigAlg;
|
||||
}
|
||||
@ -9764,6 +9855,7 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
|
||||
rv = PK11_GenerateRandom(rsaPmsBuf, sizeof rsaPmsBuf);
|
||||
}
|
||||
}
|
||||
#error not patched for SHA384, see bug 923089
|
||||
/* have PMS, build MS without PKCS11 */
|
||||
rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS,
|
||||
PR_TRUE);
|
||||
@ -10842,7 +10934,7 @@ done:
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
|
||||
ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
|
||||
PRBool isServer,
|
||||
const SSL3Hashes * hashes,
|
||||
TLSFinished * tlsFinished)
|
||||
@ -10865,7 +10957,7 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec,
|
||||
if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
tls_mac_params.prfMechanism = CKM_TLS_PRF;
|
||||
} else {
|
||||
tls_mac_params.prfMechanism = CKM_SHA256;
|
||||
tls_mac_params.prfMechanism = ssl3_GetTls12PrfHashMechanism(ss);
|
||||
}
|
||||
tls_mac_params.ulMacLength = 12;
|
||||
tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
|
||||
@ -11067,7 +11159,7 @@ ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
|
||||
isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
|
||||
rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
|
||||
if (isTLS && rv == SECSuccess) {
|
||||
rv = ssl3_ComputeTLSFinished(cwSpec, isServer, &hashes, &tlsFinished);
|
||||
rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished);
|
||||
}
|
||||
ssl_ReleaseSpecReadLock(ss);
|
||||
if (rv != SECSuccess) {
|
||||
@ -11238,7 +11330,7 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
|
||||
PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
|
||||
return SECFailure;
|
||||
}
|
||||
rv = ssl3_ComputeTLSFinished(ss->ssl3.crSpec, !isServer,
|
||||
rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer,
|
||||
hashes, &tlsFinished);
|
||||
if (!isServer)
|
||||
ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
|
||||
|
@ -930,6 +930,7 @@ static const ssl3CipherSuite ecdhe_rsa_suites[] = {
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
@ -949,6 +950,7 @@ static const ssl3CipherSuite ecSuites[] = {
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
|
@ -50,6 +50,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
|
||||
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
|
||||
*/
|
||||
|
@ -63,6 +63,7 @@ typedef SSLSignType SSL3SignType;
|
||||
#define hmac_md5 ssl_hmac_md5
|
||||
#define hmac_sha ssl_hmac_sha
|
||||
#define hmac_sha256 ssl_hmac_sha256
|
||||
#define hmac_sha384 ssl_hmac_sha384
|
||||
#define mac_aead ssl_mac_aead
|
||||
|
||||
#define SET_ERROR_CODE /* reminder */
|
||||
@ -291,7 +292,7 @@ typedef struct {
|
||||
} ssl3CipherSuiteCfg;
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 64
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 65
|
||||
#else
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 40
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
@ -477,6 +478,7 @@ typedef enum {
|
||||
cipher_camellia_256,
|
||||
cipher_seed,
|
||||
cipher_aes_128_gcm,
|
||||
cipher_aes_256_gcm,
|
||||
cipher_missing /* reserved for no such supported cipher */
|
||||
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
|
||||
} SSL3BulkCipher;
|
||||
@ -593,7 +595,7 @@ typedef struct {
|
||||
ssl3KeyMaterial client;
|
||||
ssl3KeyMaterial server;
|
||||
SECItem msItem;
|
||||
unsigned char key_block[NUM_MIXERS * MD5_LENGTH];
|
||||
unsigned char key_block[NUM_MIXERS * HASH_LENGTH_MAX];
|
||||
unsigned char raw_master_secret[56];
|
||||
SECItem srvVirtName; /* for server: name that was negotiated
|
||||
* with a client. For client - is
|
||||
|
@ -159,6 +159,7 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
||||
#define B_0 0, 0, 0
|
||||
|
||||
#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
|
||||
#define M_SHA384 "SHA384", ssl_hmac_sha384, 384
|
||||
#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
|
||||
#define M_SHA "SHA1", ssl_mac_sha, 160
|
||||
#define M_MD5 "MD5", ssl_mac_md5, 128
|
||||
@ -215,6 +216,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
/* ECC cipher suites */
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
|
||||
|
@ -258,6 +258,7 @@
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
||||
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
|
||||
|
||||
/* Netscape "experimental" cipher suites. */
|
||||
|
@ -114,7 +114,8 @@ typedef enum {
|
||||
ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
|
||||
ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
|
||||
ssl_hmac_sha256 = 5,
|
||||
ssl_mac_aead = 6
|
||||
ssl_mac_aead = 6,
|
||||
ssl_hmac_sha384 = 7
|
||||
} SSLMACAlgorithm;
|
||||
|
||||
typedef enum {
|
||||
|
@ -466,6 +466,7 @@ CONST_OID aes128_OFB[] = { AES, 3 };
|
||||
CONST_OID aes128_CFB[] = { AES, 4 };
|
||||
#endif
|
||||
CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
|
||||
CONST_OID aes128_GCM[] = { AES, 6 };
|
||||
|
||||
CONST_OID aes192_ECB[] = { AES, 21 };
|
||||
CONST_OID aes192_CBC[] = { AES, 22 };
|
||||
@ -474,6 +475,7 @@ CONST_OID aes192_OFB[] = { AES, 23 };
|
||||
CONST_OID aes192_CFB[] = { AES, 24 };
|
||||
#endif
|
||||
CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
|
||||
CONST_OID aes192_GCM[] = { AES, 26 };
|
||||
|
||||
CONST_OID aes256_ECB[] = { AES, 41 };
|
||||
CONST_OID aes256_CBC[] = { AES, 42 };
|
||||
@ -482,6 +484,7 @@ CONST_OID aes256_OFB[] = { AES, 43 };
|
||||
CONST_OID aes256_CFB[] = { AES, 44 };
|
||||
#endif
|
||||
CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
|
||||
CONST_OID aes256_GCM[] = { AES, 46 };
|
||||
|
||||
CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
|
||||
CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
|
||||
@ -1639,7 +1642,14 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
|
||||
"Microsoft Trust List Signing",
|
||||
CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
OD( x520Name, SEC_OID_AVA_NAME,
|
||||
"X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION )
|
||||
"X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
|
||||
|
||||
OD( aes128_GCM, SEC_OID_AES_128_GCM,
|
||||
"AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ),
|
||||
OD( aes192_GCM, SEC_OID_AES_192_GCM,
|
||||
"AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ),
|
||||
OD( aes256_GCM, SEC_OID_AES_256_GCM,
|
||||
"AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION )
|
||||
};
|
||||
|
||||
/* PRIVATE EXTENDED SECOID Table
|
||||
|
@ -443,6 +443,10 @@ typedef enum {
|
||||
/* The 'name' attribute type in X.520 */
|
||||
SEC_OID_AVA_NAME = 317,
|
||||
|
||||
SEC_OID_AES_128_GCM = 318,
|
||||
SEC_OID_AES_192_GCM = 319,
|
||||
SEC_OID_AES_256_GCM = 320,
|
||||
|
||||
SEC_OID_TOTAL
|
||||
} SECOidTag;
|
||||
|
||||
|
@ -48,6 +48,11 @@ using mozilla::gfx::SourceSurface;
|
||||
static const uint32_t kIconWidth = 16;
|
||||
static const uint32_t kIconHeight = 16;
|
||||
|
||||
// The transparent placeholder gets used several places.
|
||||
// See TenFourFox issue 484.
|
||||
static bool sInitializedPlaceholder = false;
|
||||
static NSImage* sPlaceholderIconImage = nil;
|
||||
|
||||
typedef NS_STDCALL_FUNCPROTO(nsresult, GetRectSideMethod, nsIDOMRect,
|
||||
GetBottom, (nsIDOMCSSPrimitiveValue**));
|
||||
|
||||
@ -296,8 +301,6 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
|
||||
// position that it will be displayed when the real icon is loaded, and
|
||||
// prevents it from jumping around or looking misaligned.
|
||||
|
||||
static bool sInitializedPlaceholder;
|
||||
static NSImage* sPlaceholderIconImage;
|
||||
if (!sInitializedPlaceholder) {
|
||||
sInitializedPlaceholder = true;
|
||||
|
||||
@ -411,7 +414,16 @@ nsMenuItemIconX::OnFrameComplete(imgIRequest* aRequest)
|
||||
imageContainer->GetFrame(imgIContainer::FRAME_CURRENT,
|
||||
imgIContainer::FLAG_SYNC_DECODE);
|
||||
if (!surface) {
|
||||
[mNativeMenuItem setImage:nil];
|
||||
if (MOZ_UNLIKELY(!sInitializedPlaceholder)) {
|
||||
NS_WARNING("Oddly, the placeholder image was not initialized yet");
|
||||
[mNativeMenuItem setImage:nil];
|
||||
} else {
|
||||
// This can occur with SVG images. In that case, set a dummy icon
|
||||
// so that the menu isn't distorted, but still return failure, since
|
||||
// this is a fallback (TenFourFox issue 484).
|
||||
mImageRegionRect.SetRect(0, 0, 16, 16);
|
||||
[mNativeMenuItem setImage:sPlaceholderIconImage];
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user