third_party/tlslite/tlslite/tlsconnection.py - Issue 1055683005: Revert of Require ECDHE for False Start.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/tlslite/tlslite/tlsconnection.py

Issue 1055683005: Revert of Require ECDHE for False Start. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/tlslite/tlslite/tlsconnection.py

diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py

index dfac274b6e939f631db5099046c9b8f89838b60a..0a85d3cc98481d3e3f8afd1f8f4186ac5ce25bed 100644

--- a/third_party/tlslite/tlslite/tlsconnection.py

+++ b/third_party/tlslite/tlslite/tlsconnection.py

@@ -24,7 +24,6 @@

from .handshakesettings import HandshakeSettings

from .utils.tackwrapper import *

from .utils.rsakey import RSAKey

-from .utils import p256

class KeyExchange(object):

def __init__(self, cipherSuite, clientHello, serverHello, privateKey):

@@ -127,25 +126,6 @@

S = powMod(dh_Yc, self.dh_Xs, self.dh_p)

return numberToByteArray(S)

-class ECDHE_RSAKeyExchange(KeyExchange):

- def makeServerKeyExchange(self):

- public, self.private = p256.generatePublicPrivate()

- version = self.serverHello.server_version

- serverKeyExchange = ServerKeyExchange(self.cipherSuite, version)

- serverKeyExchange.createECDH(NamedCurve.secp256r1, bytearray(public))

- hashBytes = serverKeyExchange.hash(self.clientHello.random,

- self.serverHello.random)

- if version >= (3,3):

- # TODO: Signature algorithm negotiation not supported.

- hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)

- serverKeyExchange.signature = self.privateKey.sign(hashBytes)

- return serverKeyExchange

- def processClientKeyExchange(self, clientKeyExchange):

- ecdh_Yc = clientKeyExchange.ecdh_Yc

- return bytearray(p256.generateSharedValue(bytes(ecdh_Yc), self.private))

class TLSConnection(TLSRecordLayer):

"""

@@ -1341,8 +1321,9 @@

else: break

premasterSecret = result

- # Perform a certificate-based key exchange

- elif cipherSuite in CipherSuite.certAllSuites:

+ # Perform the RSA or DHE_RSA key exchange

+ elif (cipherSuite in CipherSuite.certSuites or

+ cipherSuite in CipherSuite.dheCertSuites):

if cipherSuite in CipherSuite.certSuites:

keyExchange = RSAKeyExchange(cipherSuite,

clientHello,

@@ -1353,11 +1334,6 @@

clientHello,

serverHello,

privateKey)

- elif cipherSuite in CipherSuite.ecdheCertSuites:

- keyExchange = ECDHE_RSAKeyExchange(cipherSuite,

- clientHello,

- serverHello,

- privateKey)

else:

assert(False)

for result in self._serverCertKeyExchange(clientHello, serverHello,

@@ -1474,7 +1450,6 @@

CipherSuite.getSrpCertSuites(settings, self.version)

cipherSuites += CipherSuite.getSrpSuites(settings, self.version)

elif certChain:

- cipherSuites += CipherSuite.getEcdheCertSuites(settings, self.version)

cipherSuites += CipherSuite.getDheCertSuites(settings, self.version)

cipherSuites += CipherSuite.getCertSuites(settings, self.version)

elif anon:

« no previous file with comments | « third_party/tlslite/tlslite/messages.py ('k') | third_party/tlslite/tlslite/utils/p256.py » ('j') | no next file with comments »