Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(295)

Issue 1057733002: Require ECDHE for False Start. (Closed)

Created:
5 years, 8 months ago by davidben
Modified:
5 years, 8 months ago
Reviewers:
agl, Ryan Sleevi
CC:
chromium-reviews, cbentzel+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Require ECDHE for False Start. This adds just enough of an implementation of ECDHE_RSA to tlslite to support it on the server side. It also rolls BoringSSL e2e1326..4d78718 to pick up the corresponding BoringSSL change. Summary of changes available at: https://boringssl.googlesource.com/boringssl/+log/e2e1326..4d78718 BUG=460271 Committed: https://crrev.com/8f7efab800fc6987499c5365fce22349e3a4ef50 Cr-Commit-Position: refs/heads/master@{#323645}

Patch Set 1 #

Total comments: 9

Patch Set 2 : address comments and roll boringssl #

Patch Set 3 : roll just a little further #

Patch Set 4 : fix components build #

Unified diffs Side-by-side diffs Delta from patch set Stats (+824 lines, -76 lines) Patch
M DEPS View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M net/socket/ssl_client_socket_nss.cc View 1 chunk +1 line, -1 line 0 comments Download
M net/socket/ssl_client_socket_unittest.cc View 1 7 chunks +29 lines, -9 lines 0 comments Download
M net/ssl/ssl_cipher_suite_names.h View 1 chunk +3 lines, -0 lines 0 comments Download
M net/ssl/ssl_cipher_suite_names.cc View 1 8 chunks +63 lines, -36 lines 0 comments Download
M net/test/spawned_test_server/base_test_server.h View 1 chunk +3 lines, -2 lines 0 comments Download
M net/test/spawned_test_server/base_test_server.cc View 1 chunk +2 lines, -0 lines 0 comments Download
M net/tools/testserver/testserver.py View 1 chunk +5 lines, -5 lines 0 comments Download
M third_party/boringssl/boringssl.gypi View 1 1 chunk +2 lines, -0 lines 0 comments Download
M third_party/boringssl/boringssl_tests.gypi View 1 12 chunks +24 lines, -10 lines 0 comments Download
M third_party/boringssl/boringssl_unittest.cc View 1 1 chunk +6 lines, -2 lines 0 comments Download
M third_party/boringssl/update_gypi_and_asm.py View 1 1 chunk +4 lines, -2 lines 0 comments Download
M third_party/tlslite/README.chromium View 2 chunks +2 lines, -1 line 0 comments Download
A third_party/tlslite/patches/ecdhe_rsa.patch View 1 chunk +428 lines, -0 lines 0 comments Download
M third_party/tlslite/tlslite/constants.py View 9 chunks +44 lines, -1 line 0 comments Download
M third_party/tlslite/tlslite/handshakesettings.py View 1 chunk +1 line, -1 line 0 comments Download
M third_party/tlslite/tlslite/messages.py View 4 chunks +16 lines, -2 lines 0 comments Download
M third_party/tlslite/tlslite/tlsconnection.py View 5 chunks +28 lines, -3 lines 0 comments Download
A third_party/tlslite/tlslite/utils/p256.py View 1 chunk +162 lines, -0 lines 0 comments Download

Messages

Total messages: 25 (8 generated)
davidben
Tests are expected to fail on BoringSSL ports right now. I'll update it later to ...
5 years, 8 months ago (2015-04-02 00:04:00 UTC) #2
davidben
https://codereview.chromium.org/1057733002/diff/1/third_party/tlslite/tlslite/utils/p256.py File third_party/tlslite/tlslite/utils/p256.py (right): https://codereview.chromium.org/1057733002/diff/1/third_party/tlslite/tlslite/utils/p256.py#newcode2 third_party/tlslite/tlslite/utils/p256.py:2: # See the LICENSE file for legal information regarding ...
5 years, 8 months ago (2015-04-02 00:20:36 UTC) #3
agl
LGTM. (Have just landed the BoringSSL change.) https://codereview.chromium.org/1057733002/diff/1/net/ssl/ssl_cipher_suite_names.cc File net/ssl/ssl_cipher_suite_names.cc (right): https://codereview.chromium.org/1057733002/diff/1/net/ssl/ssl_cipher_suite_names.cc#newcode307 net/ssl/ssl_cipher_suite_names.cc:307: int key_exchange; ...
5 years, 8 months ago (2015-04-02 00:36:43 UTC) #4
Ryan Sleevi
LGTM % nit https://codereview.chromium.org/1057733002/diff/1/net/socket/ssl_client_socket_unittest.cc File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/1057733002/diff/1/net/socket/ssl_client_socket_unittest.cc#newcode2936 net/socket/ssl_client_socket_unittest.cc:2936: // Test that False Start is ...
5 years, 8 months ago (2015-04-02 00:42:58 UTC) #5
davidben
Also rolled forward to incorporate BoringSSL changes. Will CQ once try bots are green. (There's ...
5 years, 8 months ago (2015-04-02 16:48:31 UTC) #6
davidben
Looks like inttypes.h + C++ makes Android grumpy. https://boringssl-review.googlesource.com/#/c/4202/ should fix it.
5 years, 8 months ago (2015-04-02 18:30:43 UTC) #7
agl
lgtm
5 years, 8 months ago (2015-04-02 18:42:07 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1057733002/40001
5 years, 8 months ago (2015-04-02 19:09:29 UTC) #11
commit-bot: I haz the power
Try jobs failed on following builders: android_clang_dbg_recipe on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/android_clang_dbg_recipe/builds/63362)
5 years, 8 months ago (2015-04-02 20:09:16 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1057733002/60001
5 years, 8 months ago (2015-04-02 20:42:29 UTC) #16
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_gn_rel on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_gn_rel/builds/75231)
5 years, 8 months ago (2015-04-02 21:06:19 UTC) #18
davidben
On 2015/04/02 21:06:19, I haz the power (commit-bot) wrote: > Try jobs failed on following ...
5 years, 8 months ago (2015-04-02 21:11:04 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1057733002/60001
5 years, 8 months ago (2015-04-02 21:14:05 UTC) #21
commit-bot: I haz the power
Committed patchset #4 (id:60001)
5 years, 8 months ago (2015-04-03 05:39:29 UTC) #22
alph
A revert of this CL (patchset #4 id:60001) has been created in https://codereview.chromium.org/1055683005/ by alph@chromium.org. ...
5 years, 8 months ago (2015-04-03 08:06:20 UTC) #23
davidben
On 2015/04/03 08:06:20, alph wrote: > A revert of this CL (patchset #4 id:60001) has ...
5 years, 8 months ago (2015-04-03 17:06:09 UTC) #24
commit-bot: I haz the power
5 years, 8 months ago (2015-04-03 20:33:16 UTC) #25
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/8f7efab800fc6987499c5365fce22349e3a4ef50
Cr-Commit-Position: refs/heads/master@{#323645}

Powered by Google App Engine
This is Rietveld 408576698