Issue 307030043: TLS 1.3 draft-14 changes

Can't Edit
Can't Publish+Mail
Start Review

Created:
7 years, 8 months ago by ekr-rietveld

Modified:
7 years, 8 months ago

Reviewers:
mt

Visibility:
Public.

More Reviews

Patch Set 2 : Self-review #

Total comments: 16

Created: 7 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+141 lines, -72 lines)			Patch
M	external_tests/ssl_gtest/libssl_internals.h	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	external_tests/ssl_gtest/libssl_internals.c	View		1 chunk	+13 lines, -0 lines	2 comments	Download
M	external_tests/ssl_gtest/ssl_agent_unittest.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	external_tests/ssl_gtest/ssl_loopback_unittest.cc	View		1 chunk	+15 lines, -0 lines	2 comments	Download
M	lib/ssl/ssl3con.c	View		4 chunks	+26 lines, -5 lines	8 comments	Download
M	lib/ssl/ssl3ext.c	View	1	10 chunks	+22 lines, -21 lines	2 comments	Download
M	lib/ssl/ssl3prot.h	View		2 chunks	+2 lines, -1 line	0 comments	Download
M	lib/ssl/sslimpl.h	View		1 chunk	+3 lines, -1 line	0 comments	Download
M	lib/ssl/tls13con.c	View		9 chunks	+58 lines, -43 lines	2 comments	Download

Messages

Total messages: 8

Expand All Messages | Collapse All Messages

ekr-rietveld

https://codereview.appspot.com/307030043/diff/1/lib/ssl/ssl3ext.c File lib/ssl/ssl3ext.c (right): https://codereview.appspot.com/307030043/diff/1/lib/ssl/ssl3ext.c#newcode3702 lib/ssl/ssl3ext.c:3702: rv = ssl3_AppendHandshakeNumber(ss, 0, 4); Nice placeholder but should ...

7 years, 8 months ago (2016-08-13 21:19:19 UTC) #1

ekr-rietveld

PTAL. This is missing the HRR changes because they are gated on you.

7 years, 8 months ago (2016-08-13 21:24:06 UTC) #2

I think that this is pretty good. I have a small suggestion about the alerts. ...

7 years, 8 months ago (2016-08-15 03:53:50 UTC) #3

Ooops, I forgot: LGTM on condition that you fix Bug 1281249 On 2016/08/15 03:53:50, mt ...

7 years, 8 months ago (2016-08-15 03:55:09 UTC) #4

ekr-rietveld

I take it from your comments that you trust me to move the early_data entry ...

7 years, 8 months ago (2016-08-15 04:51:01 UTC) #5

On 2016/08/15 04:51:01, ekr-webrtc wrote: > I take it from your comments that you trust ...

7 years, 8 months ago (2016-08-15 06:25:10 UTC) #6

On 2016/08/15 06:25:10, mt wrote: > On 2016/08/15 04:51:01, ekr-webrtc wrote: > > I take ...

7 years, 8 months ago (2016-08-15 06:31:15 UTC) #7

ekr-rietveld

7 years, 8 months ago (2016-08-15 16:01:01 UTC) #8

https://codereview.appspot.com/307030043/diff/20001/external_tests/ssl_gtest/...
File external_tests/ssl_gtest/libssl_internals.c (right):

https://codereview.appspot.com/307030043/diff/20001/external_tests/ssl_gtest/...
external_tests/ssl_gtest/libssl_internals.c:249: SSL3_SendAlert(ss, level,
type);
On 2016/08/15 03:53:50, mt wrote:
> You should check the return code of this one and return false if it isn't
> SECSuccess.

Done.

https://codereview.appspot.com/307030043/diff/20001/external_tests/ssl_gtest/...
File external_tests/ssl_gtest/ssl_loopback_unittest.cc (right):

https://codereview.appspot.com/307030043/diff/20001/external_tests/ssl_gtest/...
external_tests/ssl_gtest/ssl_loopback_unittest.cc:202:
WAIT_(client_->error_code() == SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, 2000);
On 2016/08/15 03:53:50, mt wrote:
> Are the status codes right here?  This one seems like it might also need to be
> RX_UNKNOWN_ALERT.

This reflects the alert the other side sent. We just make it fatal

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3con.c
File lib/ssl/ssl3con.c (right):

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3con.c#newcode...
lib/ssl/ssl3con.c:3855: * treated as fatal. */
On 2016/08/15 03:53:50, mt wrote:
> Why not generate a different error if the alert is at the wrong level?
> 
> That is, after the alert_fatal block and the end_of_early_data blocks below,
add
> a check:
> 
> if (ss->version >= SSL_...1_3 &&
>     desc != close_notify &&
>     desc != user_canceled) {
>     if (!ss->opt.noCache && ss->sec.uncache)
>         ss->sec.uncache(ss->sec.ci.sid);
>     PORT_SetError(SSL_ERROR_RX_INVALID_WARNING_ALERT);
>     return SECFailure;
> }

I hear you here, but I think this is an inferior result because it hides the
other side's alert.

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3con.c#newcode...
lib/ssl/ssl3con.c:7170: SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random);
On 2016/08/15 03:53:50, mt wrote:
> We need a PR_STATIC_ASSERT that checks that sizeof(tls13_downgrade_random) ==
> sizeof(tls12_downgrade_random)

Done.

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3con.c#newcode...
lib/ssl/ssl3con.c:8962: * client_version indicating TLS 1.2 or below MUST set
the first eight
On 2016/08/15 03:53:50, mt wrote:
> s/first/last (and below)

Done.

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3con.c#newcode...
lib/ssl/ssl3con.c:11131: NewSessionTicket nticket = { 0 };
On 2016/08/15 03:53:50, mt wrote:
> note to self, check on this

Done.

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3ext.c
File lib/ssl/ssl3ext.c (right):

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/ssl3ext.c#newcode...
lib/ssl/ssl3ext.c:3729: /* Obfuscated ticket age. Ignore. */
On 2016/08/15 03:53:50, mt wrote:
> Can you open a bug where we check this one?  That probably means having a new
> public function where we set the timer slack.

Done.

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/tls13con.c
File lib/ssl/tls13con.c (right):

https://codereview.appspot.com/307030043/diff/20001/lib/ssl/tls13con.c#newcod...
lib/ssl/tls13con.c:1390: * wrong in draft-13. Bug 1281249. */
On 2016/08/15 03:53:50, mt wrote:
> We should fix this bug here at the same time since you fixed it.  This will
make
> the HRR patch much more pleasant.

Done.

Expand All Messages | Collapse All Messages