Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Bug 1471126 - Provide extra information needed to use record layer se…
…paration, r=ekr This started as an attempt to remove the cipher spec update callback we use for testing. Using the new, public secrets interface should be better for that. In doing so, it became apparent that we needed more interfaces to NSS to support the use of these secrets. In particular: 1. We need to know what the KDF hash function is for a given cipher suite. This allows users of the secret to use the right hash function. 2. We need to know what cipher spec was picked when sending 0-RTT. NSS currently doesn't expose that information. (When receiving 0-RTT you can safely assume that the negotiated cipher suite is good to use.) 3. We need to know what epoch NSS is currently using. Otherwise, we can't be sure which epoch to feed it. Data from a good epoch is saved, whereas data from a bad epoch is lost, so applications need to know. So this patch adds these functions to the appropriate info functions and uses that information in tests to remove and re-add protection. The test changes are considerable. The main effect of the changes is to rely on the new functions for managing secrets, rather than the old interface. But with the changes in the other CLs for this bug, secrets appear before they are used, which complicates things considerably. For that, I've moved more logic into the TlsCipherSpec class, which now tracks per-epoch state, like sequence numbers and record drops. Trial decryption (yep) is used to identify the right cipher spec every time when decrypting, so tests are no longer tolerant of failures to decrypt. It's no longer possible to have a test enable decryption and pass when decryption fails; this is particularly true for some parameterized tests that assumed it was OK to enable decryption even for TLS 1.2 and earlier. --HG-- extra : rebase_source : 4d5a752d0b9837db2ddee9cef481ed7fb588b62d extra : amend_source : 2559f37290e31c70a4591b11f30b84f5640c86e7 extra : source : 6d5ddd89089058ed7be42a17d92e195a31aec46e extra : histedit_source : aa847484ab6b1826d1494052b20f29a2136a3644
- Loading branch information
1 parent
7b3eabb
commit c88db17
Showing
21 changed files
with
621 additions
and
423 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
|
||
2 functions with some indirect sub-type change: | ||
|
||
[C]'function SECStatus SSL_GetCipherSuiteInfo(PRUint16, SSLCipherSuiteInfo*, PRUintn)' at sslinfo.c:326:1 has some indirect sub-type changes: | ||
parameter 2 of type 'SSLCipherSuiteInfo*' has sub-type changes: | ||
in pointed to type 'typedef SSLCipherSuiteInfo' at sslt.h:433:1: | ||
underlying type 'struct SSLCipherSuiteInfoStr' at sslt.h:366:1 changed: | ||
type size changed from 768 to 832 (in bits) | ||
1 data member insertion: | ||
'SSLHashType SSLCipherSuiteInfoStr::kdfHash', at offset 768 (in bits) at sslt.h:429:1 | ||
|
||
[C]'function SECStatus SSL_GetPreliminaryChannelInfo(PRFileDesc*, SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:111:1 has some indirect sub-type changes: | ||
parameter 2 of type 'SSLPreliminaryChannelInfo*' has sub-type changes: | ||
in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:379:1: | ||
underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:333:1 changed: | ||
type size changed from 160 to 192 (in bits) | ||
1 data member insertion: | ||
'PRUint16 SSLPreliminaryChannelInfoStr::zeroRttCipherSuite', at offset 160 (in bits) at sslt.h:375:1 | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.