Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(388)

Side by Side Diff: third_party/tlslite/patches/tls13_intolerance.patch

Issue 2800853008: Add a dedicated error code for TLS 1.3 interference. (Closed)
Patch Set: shrink CL Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
2 index 82e8c075fe2a..8fb75d0948e4 100644
3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -58,6 +58,7 @@ class ExtensionType: # RFC 6066 / 4366
6 signed_cert_timestamps = 18 # RFC 6962
7 extended_master_secret = 23 # RFC 7627
8 token_binding = 24 # draft-ietf-tokbind-negotiation
9 + supported_versions = 43 # draft-ietf-tls-tls13-18
10 tack = 0xF300
11 supports_npn = 13172
12 channel_id = 30032
13 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py
14 index ac7e563021d9..b29db939c2a8 100644
15 --- a/third_party/tlslite/tlslite/messages.py
16 +++ b/third_party/tlslite/tlslite/messages.py
17 @@ -140,6 +140,7 @@ class ClientHello(HandshakeMsg):
18 self.tb_client_params = []
19 self.support_signed_cert_timestamps = False
20 self.status_request = False
21 + self.has_supported_versions = False
22 self.ri = False
23
24 def create(self, version, random, session_id, cipher_suites,
25 @@ -251,6 +252,11 @@ class ClientHello(HandshakeMsg):
26 if extLength != 1 or p.getFixBytes(extLength)[0] != 0:
27 raise SyntaxError()
28 self.ri = True
29 + elif extType == ExtensionType.supported_versions:
30 + # Ignore the extension, but make a note of it for
31 + # intolerance simulation.
32 + self.has_supported_versions = True
33 + _ = p.getFixBytes(extLength)
34 else:
35 _ = p.getFixBytes(extLength)
36 index2 = p.index
37 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py
38 index 8ba1c6e636ab..2309d4fa8f3a 100644
39 --- a/third_party/tlslite/tlslite/tlsconnection.py
40 +++ b/third_party/tlslite/tlslite/tlsconnection.py
41 @@ -1457,6 +1457,15 @@ class TLSConnection(TLSRecordLayer):
42 self._handshakeDone(resumed=False)
43
44
45 + def _isIntolerant(self, settings, clientHello):
46 + if settings.tlsIntolerant is None:
47 + return False
48 + clientVersion = clientHello.client_version
49 + if clientHello.has_supported_versions:
50 + clientVersion = (3, 4)
51 + return clientVersion >= settings.tlsIntolerant
52 +
53 +
54 def _serverGetClientHello(self, settings, certChain, verifierDB,
55 sessionCache, anon, fallbackSCSV):
56 #Tentatively set version to most-desirable version, so if an error
57 @@ -1480,8 +1489,7 @@ class TLSConnection(TLSRecordLayer):
58 yield result
59
60 #If simulating TLS intolerance, reject certain TLS versions.
61 - elif (settings.tlsIntolerant is not None and
62 - clientHello.client_version >= settings.tlsIntolerant):
63 + elif self._isIntolerant(settings, clientHello):
64 if settings.tlsIntoleranceType == "alert":
65 for result in self._sendError(\
66 AlertDescription.handshake_failure):
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698