third_party/tlslite/patches/fallback_scsv.patch - Issue 109563002: net: add test for TLS_FALLBACK_SCSV

Side by Side Diff: third_party/tlslite/patches/fallback_scsv.patch

Issue 109563002: net: add test for TLS_FALLBACK_SCSV (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Typo fix. Created 7 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/ tlslite/TLSConnection.py

	2 index d2270a9..e6ce187 100644

	3 --- a/third_party/tlslite/tlslite/TLSConnection.py

	4 +++ b/third_party/tlslite/tlslite/TLSConnection.py

	5 @@ -937,7 +937,8 @@ class TLSConnection(TLSRecordLayer):

	6 certChain=None, privateKey=None, reqCert=False,

	7 sessionCache=None, settings=None, checker=None,

	8 reqCAs=None, tlsIntolerant=0,

	9 - signedCertTimestamps=None):

	10 + signedCertTimestamps=None,

	11 + fallbackSCSV=False):

	12 """Perform a handshake in the role of server.

	13

	14 This function performs an SSL or TLS handshake. Depending on

	15 @@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer):

	16 """

	17 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,

	18 certChain, privateKey, reqCert, sessionCache, settings,

	19 - checker, reqCAs, tlsIntolerant, signedCertTimestamps):

	20 + checker, reqCAs, tlsIntolerant, signedCertTimestamps,

	21 + fallbackSCSV):

	22 pass

	23

	24

	25 @@ -1030,7 +1032,8 @@ class TLSConnection(TLSRecordLayer):

	26 certChain=None, privateKey=None, reqCert=False,

	27 sessionCache=None, settings=None, checker=None,

	28 reqCAs=None, tlsIntolerant=0,

	29 - signedCertTimestamps=None):

	30 + signedCertTimestamps=None,

	31 + fallbackSCSV=False):

	32 """Start a server handshake operation on the TLS connection.

	33

	34 This function returns a generator which behaves similarly to

	35 @@ -1049,7 +1052,8 @@ class TLSConnection(TLSRecordLayer):

	36 sessionCache=sessionCache, settings=settings,

	37 reqCAs=reqCAs,

	38 tlsIntolerant=tlsIntolerant,

	39 - signedCertTimestamps=signedCertTimestamps)

	40 + signedCertTimestamps=signedCertTimestamps,

	41 + fallbackSCSV=fallbackSCSV)

	42 for result in self._handshakeWrapperAsync(handshaker, checker):

	43 yield result

	44

	45 @@ -1057,7 +1061,8 @@ class TLSConnection(TLSRecordLayer):

	46 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,

	47 certChain, privateKey, reqCert,

	48 sessionCache, settings, reqCAs,

	49 - tlsIntolerant, signedCertTimestamps):

	50 + tlsIntolerant, signedCertTimestamps,

	51 + fallbackSCSV):

	52

	53 self._handshakeStart(client=False)

	54

	55 @@ -1141,12 +1146,18 @@ class TLSConnection(TLSRecordLayer):

	56 yield result

	57

	58 #If client's version is too high, propose my highest version

	59 - elif clientHello.client_version > settings.maxVersion:

	60 + if clientHello.client_version > settings.maxVersion:

	61 self.version = settings.maxVersion

	62 -

	63 else:

	64 #Set the version to the client's version

	65 self.version = clientHello.client_version

	66 + if (fallbackSCSV and

	67 + clientHello.client_version < settings.maxVersion):

	68 + for cipherSuite in clientHello.cipher_suites:

	69 + if cipherSuite == 0x5600:

	70 + for result in self._sendError(\

	71 + AlertDescription.inappropriate_fallback):

	72 + yield result

	73

	74 #Get the client nonce; create server nonce

	75 clientRandom = clientHello.random

	76 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py

	77 index b5a345a..23e3dcb 100644

	78 --- a/third_party/tlslite/tlslite/constants.py

	79 +++ b/third_party/tlslite/tlslite/constants.py

	80 @@ -91,6 +91,7 @@ class AlertDescription:

	81 protocol_version = 70

	82 insufficient_security = 71

	83 internal_error = 80

	84 + inappropriate_fallback = 86

	85 user_canceled = 90

	86 no_renegotiation = 100

	87 unknown_srp_username = 120

	88 diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite /errors.py

	89 index c7f7ba8..45087e6 100644

	90 --- a/third_party/tlslite/tlslite/errors.py

	91 +++ b/third_party/tlslite/tlslite/errors.py

	92 @@ -48,6 +48,7 @@ class TLSAlert(TLSError):

	93 AlertDescription.protocol_version: "protocol_version",\

	94 AlertDescription.insufficient_security: "insufficient_security",\

	95 AlertDescription.internal_error: "internal_error",\

	96 + AlertDescription.inappropriate_fallback: "inappropriate_fallback",\

	97 AlertDescription.user_canceled: "user_canceled",\

	98 AlertDescription.no_renegotiation: "no_renegotiation",\

	99 AlertDescription.unknown_srp_username: "unknown_srp_username",\

OLD	NEW

« no previous file with comments | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/TLSConnection.py » ('j') | third_party/tlslite/tlslite/TLSConnection.py » ('J')