Issue 292550043: Bug 1261676 - Only resume in TLS 1.3 if PSK cipher suites are enabled

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 292550043: Bug 1261676 - Only resume in TLS 1.3 if PSK cipher suites are enabled (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
8 years ago by mt

Modified:
7 years, 8 months ago

Reviewers:
ekr-rietveld

Visibility:
Public.

More Reviews

Description

Bug 1261676 - Only resume in TLS 1.3 if PSK cipher suites are enabled

Patch Set 1 #

Total comments: 8

Created: 8 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+106 lines, -10 lines)			Patch
M	external_tests/ssl_gtest/ssl_loopback_unittest.cc	View	1 chunk	+70 lines, -5 lines	2 comments	Download
M	external_tests/ssl_gtest/test_io.cc	View	2 chunks	+6 lines, -1 line	0 comments	Download
M	external_tests/ssl_gtest/tls_agent.cc	View	1 chunk	+1 line, -0 lines	0 comments	Download
M	lib/ssl/ssl3con.c	View	3 chunks	+24 lines, -4 lines	4 comments	Download
M	lib/ssl/ssl3ext.c	View	1 chunk	+4 lines, -0 lines	2 comments	Download
M	lib/ssl/sslimpl.h	View	1 chunk	+1 line, -0 lines	0 comments	Download

Messages

Total messages: 3

Expand All Messages | Collapse All Messages

ekr-rietveld

See comments. I am OK with landing this, but I want your thoughts https://codereview.appspot.com/292550043/diff/1/external_tests/ssl_gtest/ssl_loopback_unittest.cc File ...

7 years, 11 months ago (2016-05-03 16:03:54 UTC) #2

7 years, 11 months ago (2016-05-10 00:59:53 UTC) #3

https://codereview.appspot.com/292550043/diff/1/lib/ssl/ssl3con.c
File lib/ssl/ssl3con.c (right):

https://codereview.appspot.com/292550043/diff/1/lib/ssl/ssl3con.c#newcode996
lib/ssl/ssl3con.c:996: tls13_PskSuiteEnabled(sslSocket *ss)
On 2016/05/03 16:03:54, ekr-webrtc wrote:
> Ugh. n^2.

Yep, would need some major restructuring to fix.  At least n is small.

> This seems like it belongs in tls13con.c

It needs to access the tables and static functions in this file.  Since
ssl3con.c manages all the "is this enabled" functions, I figure that this is the
best arrangement for now.

https://codereview.appspot.com/292550043/diff/1/lib/ssl/ssl3con.c#newcode1007
lib/ssl/ssl3con.c:1007: if (authType == ssl_auth_psk &&
On 2016/05/03 16:03:54, ekr-webrtc wrote:
> unnecessary temporary

Done.

https://codereview.appspot.com/292550043/diff/1/lib/ssl/ssl3ext.c
File lib/ssl/ssl3ext.c (right):

https://codereview.appspot.com/292550043/diff/1/lib/ssl/ssl3ext.c#newcode3331
lib/ssl/ssl3ext.c:3331: }
On 2016/05/03 16:03:54, ekr-webrtc wrote:
> This is fine now but won't be fine with the new PSK rules that require it to
be
> the exact same cipher. Maybe we should change now.

This eventually calls down to tls13_AllowPskCipher() via ssl3_config_match(). 
So it will pick up whatever that does.  For now, I think that the rules are
right: check that it has the same symmetric cipher.  I have asked Elio to add a
check for the PRF hash:

https://bugzilla.mozilla.org/show_bug.cgi?id=923089#c93

Expand All Messages | Collapse All Messages