Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(58)

Issue 16394004: Support the new TLS 1.2 HMAC-SHA256 cipher suites specified in (Closed)

Created:
6 years ago by wtc
Modified:
6 years ago
Reviewers:
agl
CC:
chromium-reviews, cbentzel+watch_chromium.org
Visibility:
Public.

Description

Support the new TLS 1.2 HMAC-SHA256 cipher suites specified in RFC 5246 and RFC 5289. To avoid making ClientHello too big, the new DH_DSS, DH_RSA, DHE_DSS, DH_anon, ECDH_ECDSA, and ECDH_RSA are not added. Do not generate client_write_IV and server_write_IV in TLS 1.1+ for CBC block ciphers because 1) they aren't used, and 2) a buffer in the NSS softoken is not big enough if the HMAC key is 32 bytes (for HMAC-SHA256) and client_write_IV and server_write_IV are still generated. Do not downgrade to TLS 1.1 silently when SSL_BYPASS_PKCS11 mode is requested because we won't be able to test the new TLS 1.2 only cipher suites in PKCS #11 bypass mode. Instead, silently turn off PKCS #11 bypass if TLS 1.2 is enabled. R=agl@chromium.org BUG=90392 TEST=none (done in NSS upstream) Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=204467

Patch Set 1 #

Patch Set 2 : Additional changes to pass upstream NSS SSL tests #

Total comments: 11

Patch Set 3 : Adjust cipher suite order, add comments #

Patch Set 4 : Add a patch #

Unified diffs Side-by-side diffs Delta from patch set Stats (+564 lines, -24 lines) Patch
M net/third_party/nss/README.chromium View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M net/third_party/nss/patches/applypatches.sh View 1 2 3 1 chunk +2 lines, -0 lines 0 comments Download
A net/third_party/nss/patches/tls12hmacsha256.patch View 1 2 3 1 chunk +472 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/ssl3con.c View 1 2 13 chunks +38 lines, -3 lines 0 comments Download
M net/third_party/nss/ssl/ssl3ecc.c View 3 chunks +4 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/sslenum.c View 1 2 5 chunks +9 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/sslimpl.h View 2 chunks +3 lines, -2 lines 0 comments Download
M net/third_party/nss/ssl/sslinfo.c View 5 chunks +8 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/sslproto.h View 3 chunks +8 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/sslsock.c View 1 2 5 chunks +17 lines, -18 lines 0 comments Download
M net/third_party/nss/ssl/sslt.h View 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 5 (0 generated)
wtc
https://codereview.chromium.org/16394004/diff/6001/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://codereview.chromium.org/16394004/diff/6001/net/third_party/nss/ssl/ssl3con.c#newcode1363 net/third_party/nss/ssl/ssl3con.c:1363: mac += 2; This mac += 2 is used ...
6 years ago (2013-06-05 00:30:40 UTC) #1
agl
lgtm LGTM https://codereview.chromium.org/16394004/diff/6001/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://codereview.chromium.org/16394004/diff/6001/net/third_party/nss/ssl/ssl3con.c#newcode99 net/third_party/nss/ssl/ssl3con.c:99: { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE}, This is prioritizing ...
6 years ago (2013-06-05 14:53:47 UTC) #2
wtc
Thanks for the review. I made the changes you suggested. Please check the diffs between ...
6 years ago (2013-06-05 18:51:20 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/wtc@chromium.org/16394004/37002
6 years ago (2013-06-06 00:11:12 UTC) #4
commit-bot: I haz the power
6 years ago (2013-06-06 09:48:35 UTC) #5
Message was sent while issue was closed.
Change committed as 204467

Powered by Google App Engine
This is Rietveld 408576698