Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/extended_master_secret.patch

Issue 1301403002: Fix extended master secret implementation in tlslite (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/tlslite/tlslite/handshakesettings.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
2 index 6d78a20..f9c8676 100644 2 index 6d78a20..f9c8676 100644
3 --- a/third_party/tlslite/tlslite/constants.py 3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py 4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366 5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366
6 srp = 12 # RFC 5054 6 srp = 12 # RFC 5054
7 cert_type = 9 # RFC 6091 7 cert_type = 9 # RFC 6091
8 signed_cert_timestamps = 18 # RFC 6962 8 signed_cert_timestamps = 18 # RFC 6962
9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06 9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06
10 tack = 0xF300 10 tack = 0xF300
11 supports_npn = 13172 11 supports_npn = 13172
12 channel_id = 30032 12 channel_id = 30032
13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl ite/tlslite/handshakesettings.py 13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl ite/tlslite/handshakesettings.py
14 index 605ed42..7679823 100644 14 index 605ed42..a7b6ab9 100644
15 --- a/third_party/tlslite/tlslite/handshakesettings.py 15 --- a/third_party/tlslite/tlslite/handshakesettings.py
16 +++ b/third_party/tlslite/tlslite/handshakesettings.py 16 +++ b/third_party/tlslite/tlslite/handshakesettings.py
17 @@ -111,6 +111,10 @@ class HandshakeSettings(object): 17 @@ -111,6 +111,10 @@ class HandshakeSettings(object):
18 @type alertAfterHandshake: bool 18 @type alertAfterHandshake: bool
19 @ivar alertAfterHandshake: If true, the server will send a fatal 19 @ivar alertAfterHandshake: If true, the server will send a fatal
20 alert immediately after the handshake completes. 20 alert immediately after the handshake completes.
21 + 21 +
22 + @type enableExtendedMasterSecret: bool 22 + @type enableExtendedMasterSecret: bool
23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended 23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended
24 + master secret TLS extension and will negotiated it with supporting clients. 24 + master secret TLS extension and will negotiated it with supporting clients.
25 25
26 Note that TACK support is not standardized by IETF and uses a temporary 26 Note that TACK support is not standardized by IETF and uses a temporary
27 TLS Extension number, so should NOT be used in production software. 27 TLS Extension number, so should NOT be used in production software.
28 @@ -129,6 +133,7 @@ class HandshakeSettings(object): 28 @@ -129,6 +133,7 @@ class HandshakeSettings(object):
29 self.tlsIntoleranceType = 'alert' 29 self.tlsIntoleranceType = 'alert'
30 self.useExperimentalTackExtension = False 30 self.useExperimentalTackExtension = False
31 self.alertAfterHandshake = False 31 self.alertAfterHandshake = False
32 + self.enableExtendedMasterSecret = True 32 + self.enableExtendedMasterSecret = True
33 33
34 # Validates the min/max fields, and certificateTypes 34 # Validates the min/max fields, and certificateTypes
35 # Filters out unsupported cipherNames and cipherImplementations 35 # Filters out unsupported cipherNames and cipherImplementations
36 @@ -146,6 +151,7 @@ class HandshakeSettings(object):
37 other.tlsIntolerant = self.tlsIntolerant
38 other.tlsIntoleranceType = self.tlsIntoleranceType
39 other.alertAfterHandshake = self.alertAfterHandshake
40 + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
41
42 if not cipherfactory.tripleDESPresent:
43 other.cipherNames = [e for e in self.cipherNames if e != "3des"]
36 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit e/mathtls.py 44 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit e/mathtls.py
37 index 60a331a..0a23fe1 100644 45 index 60a331a..0a23fe1 100644
38 --- a/third_party/tlslite/tlslite/mathtls.py 46 --- a/third_party/tlslite/tlslite/mathtls.py
39 +++ b/third_party/tlslite/tlslite/mathtls.py 47 +++ b/third_party/tlslite/tlslite/mathtls.py
40 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): 48 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length):
41 index += 1 49 index += 1
42 return bytes 50 return bytes
43 51
44 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): 52 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom):
45 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, 53 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom,
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): 221 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object):
214 222
215 return md5Bytes + shaBytes 223 return md5Bytes + shaBytes
216 224
217 + def _getHandshakeHash(self): 225 + def _getHandshakeHash(self):
218 + if self.version in ((3,1), (3,2)): 226 + if self.version in ((3,1), (3,2)):
219 + return self._handshake_md5.digest() + \ 227 + return self._handshake_md5.digest() + \
220 + self._handshake_sha.digest() 228 + self._handshake_sha.digest()
221 + elif self.version == (3,3): 229 + elif self.version == (3,3):
222 + return self._handshake_sha256.digest() 230 + return self._handshake_sha256.digest()
OLDNEW
« no previous file with comments | « no previous file | third_party/tlslite/tlslite/handshakesettings.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698