| Index: third_party/tlslite/tlslite/tlsrecordlayer.py
|
| diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| index 23c2a2f4d972751a3e80c8fad3492bf4d927fea3..a09499d26c50c9b696b2c34be391db4dae46a146 100644
|
| --- a/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| +++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
|
| @@ -2,6 +2,7 @@
|
| # Trevor Perrin
|
| # Google (adapted by Sam Rushing) - NPN support
|
| # Martin von Loewis - python 3 port
|
| +# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
|
| #
|
| # See the LICENSE file for legal information regarding use of this file.
|
|
|
| @@ -116,6 +117,7 @@ class TLSRecordLayer(object):
|
| #Handshake digests
|
| self._handshake_md5 = hashlib.md5()
|
| self._handshake_sha = hashlib.sha1()
|
| + self._handshake_sha256 = hashlib.sha256()
|
|
|
| #TLS Protocol Version
|
| self.version = (0,0) #read-only
|
| @@ -376,7 +378,7 @@ class TLSRecordLayer(object):
|
|
|
| @rtype: str
|
| @return: The name of the TLS version used with this connection.
|
| - Either None, 'SSL 3.0', 'TLS 1.0', or 'TLS 1.1'.
|
| + Either None, 'SSL 3.0', 'TLS 1.0', 'TLS 1.1', or 'TLS 1.2'.
|
| """
|
| if self.version == (3,0):
|
| return "SSL 3.0"
|
| @@ -384,6 +386,8 @@ class TLSRecordLayer(object):
|
| return "TLS 1.0"
|
| elif self.version == (3,2):
|
| return "TLS 1.1"
|
| + elif self.version == (3,3):
|
| + return "TLS 1.2"
|
| else:
|
| return None
|
|
|
| @@ -565,6 +569,7 @@ class TLSRecordLayer(object):
|
| if contentType == ContentType.handshake:
|
| self._handshake_md5.update(compat26Str(b))
|
| self._handshake_sha.update(compat26Str(b))
|
| + self._handshake_sha256.update(compat26Str(b))
|
|
|
| #Calculate MAC
|
| if self._writeState.macContext:
|
| @@ -575,7 +580,7 @@ class TLSRecordLayer(object):
|
| if self.version == (3,0):
|
| mac.update( compatHMAC( bytearray([len(b)//256] )))
|
| mac.update( compatHMAC( bytearray([len(b)%256] )))
|
| - elif self.version in ((3,1), (3,2)):
|
| + elif self.version in ((3,1), (3,2), (3,3)):
|
| mac.update(compatHMAC( bytearray([self.version[0]] )))
|
| mac.update(compatHMAC( bytearray([self.version[1]] )))
|
| mac.update( compatHMAC( bytearray([len(b)//256] )))
|
| @@ -593,10 +598,10 @@ class TLSRecordLayer(object):
|
| if self._writeState.encContext.isBlockCipher:
|
|
|
| #Add TLS 1.1 fixed block
|
| - if self.version == (3,2):
|
| + if self.version >= (3,2):
|
| b = self.fixedIVBlock + b
|
|
|
| - #Add padding: b = b + (macBytes + paddingBytes)
|
| + #Add padding: b = b+ (macBytes + paddingBytes)
|
| currentLength = len(b) + len(macBytes)
|
| blockLength = self._writeState.encContext.block_size
|
| paddingLength = blockLength - 1 - (currentLength % blockLength)
|
| @@ -787,6 +792,7 @@ class TLSRecordLayer(object):
|
| #Update handshake hashes
|
| self._handshake_md5.update(compat26Str(p.bytes))
|
| self._handshake_sha.update(compat26Str(p.bytes))
|
| + self._handshake_sha256.update(compat26Str(p.bytes))
|
|
|
| #Parse based on handshake type
|
| if subType == HandshakeType.client_hello:
|
| @@ -796,11 +802,12 @@ class TLSRecordLayer(object):
|
| elif subType == HandshakeType.certificate:
|
| yield Certificate(constructorType).parse(p)
|
| elif subType == HandshakeType.certificate_request:
|
| - yield CertificateRequest().parse(p)
|
| + yield CertificateRequest(self.version).parse(p)
|
| elif subType == HandshakeType.certificate_verify:
|
| - yield CertificateVerify().parse(p)
|
| + yield CertificateVerify(self.version).parse(p)
|
| elif subType == HandshakeType.server_key_exchange:
|
| - yield ServerKeyExchange(constructorType).parse(p)
|
| + yield ServerKeyExchange(constructorType,
|
| + self.version).parse(p)
|
| elif subType == HandshakeType.server_hello_done:
|
| yield ServerHelloDone().parse(p)
|
| elif subType == HandshakeType.client_key_exchange:
|
| @@ -970,7 +977,7 @@ class TLSRecordLayer(object):
|
| "Encrypted data not a multiple of blocksize"):
|
| yield result
|
| b = self._readState.encContext.decrypt(b)
|
| - if self.version == (3,2): #For TLS 1.1, remove explicit IV
|
| + if self.version >= (3,2): #For TLS 1.1, remove explicit IV
|
| b = b[self._readState.encContext.block_size : ]
|
|
|
| #Check padding
|
| @@ -982,7 +989,7 @@ class TLSRecordLayer(object):
|
| else:
|
| if self.version == (3,0):
|
| totalPaddingLength = paddingLength+1
|
| - elif self.version in ((3,1), (3,2)):
|
| + elif self.version in ((3,1), (3,2), (3,3)):
|
| totalPaddingLength = paddingLength+1
|
| paddingBytes = b[-totalPaddingLength:-1]
|
| for byte in paddingBytes:
|
| @@ -1019,7 +1026,7 @@ class TLSRecordLayer(object):
|
| if self.version == (3,0):
|
| mac.update( compatHMAC(bytearray( [len(b)//256] ) ))
|
| mac.update( compatHMAC(bytearray( [len(b)%256] ) ))
|
| - elif self.version in ((3,1), (3,2)):
|
| + elif self.version in ((3,1), (3,2), (3,3)):
|
| mac.update(compatHMAC(bytearray( [self.version[0]] ) ))
|
| mac.update(compatHMAC(bytearray( [self.version[1]] ) ))
|
| mac.update(compatHMAC(bytearray( [len(b)//256] ) ))
|
| @@ -1046,6 +1053,7 @@ class TLSRecordLayer(object):
|
| self._client = client
|
| self._handshake_md5 = hashlib.md5()
|
| self._handshake_sha = hashlib.sha1()
|
| + self._handshake_sha256 = hashlib.sha256()
|
| self._handshakeBuffer = []
|
| self.allegedSrpUsername = None
|
| self._refCount = 1
|
| @@ -1078,13 +1086,16 @@ class TLSRecordLayer(object):
|
| if cipherSuite in CipherSuite.shaSuites:
|
| macLength = 20
|
| digestmod = hashlib.sha1
|
| + elif cipherSuite in CipherSuite.sha256Suites:
|
| + macLength = 32
|
| + digestmod = hashlib.sha256
|
| elif cipherSuite in CipherSuite.md5Suites:
|
| macLength = 16
|
| digestmod = hashlib.md5
|
|
|
| if self.version == (3,0):
|
| createMACFunc = createMAC_SSL
|
| - elif self.version in ((3,1), (3,2)):
|
| + elif self.version in ((3,1), (3,2), (3,3)):
|
| createMACFunc = createHMAC
|
|
|
| outputLength = (macLength*2) + (keyLength*2) + (ivLength*2)
|
| @@ -1099,6 +1110,11 @@ class TLSRecordLayer(object):
|
| b"key expansion",
|
| serverRandom + clientRandom,
|
| outputLength)
|
| + elif self.version == (3,3):
|
| + keyBlock = PRF_1_2(masterSecret,
|
| + b"key expansion",
|
| + serverRandom + clientRandom,
|
| + outputLength)
|
| else:
|
| raise AssertionError()
|
|
|
| @@ -1131,7 +1147,7 @@ class TLSRecordLayer(object):
|
| self._pendingWriteState = serverPendingState
|
| self._pendingReadState = clientPendingState
|
|
|
| - if self.version == (3,2) and ivLength:
|
| + if self.version >= (3,2) and ivLength:
|
| #Choose fixedIVBlock for TLS 1.1 (this is encrypted with the CBC
|
| #residue to create the IV for each sent block)
|
| self.fixedIVBlock = getRandomBytes(ivLength)
|
|
|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master