2020-06-01 Kevin Jacobs <kjacobs@mozilla.com> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c, mach: Bug 1528113 - Use ARM's crypto extension for SHA256 [ea54fd986036] 2020-04-08 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c, lib/ssl/tls13psk.h, lib/ssl/tls13replay.c: Bug 1603042 - TLS 1.3 out-of-band PSK support [a448d7919077] 2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c: Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs ARMv8 CPU has accelerated hardware instruction for SHA256 that supports GCC 4.9+. We should use it if available. [61c83f79e90c] 2020-06-02 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c, lib/ssl/tls13psk.h, lib/ssl/tls13replay.c: Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt This patch adds support for External (out-of-band) PSKs in TLS 1.3. An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`, and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt` can be used to add a PSK while also specifying a suite and max_early_data_size for use with 0-RTT. As part of handling PSKs more generically, the patch also changes how resumption PSKs are handled internally, so as to rely on the same mechanisms where possible. A socket is currently limited to only one External PSK at a time. If the server doesn't find the same identity for the configured EPSK, it will fall back to certificate authentication. [a2293e897889] * lib/freebl/mpi/mplogic.c: cast in LZCNTLOOP [96e65b2e9531] * lib/freebl/freebl.gyp: Use KRML_VERIFIED_UINT128 on MSVC builds [abd50c862bdb] 2020-06-03 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c, lib/ssl/tls13con.c: Bug 1643123 - Allow External PSKs to be used with Early Export [46ef0c025cfc] 2020-06-02 Sylvestre Ledru <sledru@mozilla.com> * lib/ssl/tls13con.c: Bug 1642809 - Fix an assert (we need a comparison, not assignment) r=kjacobs [d0789cb32d8e] 2020-06-03 Mike Hommey <mh@glandium.org> * cmd/shlibsign/Makefile: Bug 1642153 - Avoid infinite recursion when CHECKLOC is not set. r=jcj [e955ece90b05] 2020-06-03 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/ssl_auth_unittest.cc, gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/tls13con.c: Bug 1642871 - Allow tickets and PHA after resumption, r=kjacobs The first part of this is fairly simple: we accidentally disabled sending of session tickets after resumption. The second part is much less obvious, because the spec is unclear. This change takes the interpretation that it is OK to use post- handshake authentication if the handshake is resumed, but not OK if the handshake is based on a PSK. (This is based on a first- principles understanding of resumption being a continuation of a certificate-based connection rather than a reading of the spec, see the bug for why the spec appears to be unhelpful on this point.) This still prohibits the use of post-handshake authentication if an external PSK was used, but that is more an abundance of caution than anything principled. [e9502f71b7fe] 2020-06-04 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c, lib/ssl/tls13con.c: Bug 1643123 - Allow External PSKs to be used with Early Export r=mt This patch adjusts `tls13_exporter` to pull the hash algorithm from the first PSK when a suite is not configured yet, which allows early export with external PSKs. [d211f3013abb]
Bug 1642687 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
2020-06-01 Kevin Jacobs <kjacobs@mozilla.com> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c, mach: Bug 1528113 - Use ARM's crypto extension for SHA256 [ea54fd986036] 2020-06-01 Makoto Kato <m_kato@ga2.so-net.ne.jp> * coreconf/config.gypi, lib/freebl/Makefile, lib/freebl/blinit.c, lib/freebl/freebl.gyp, lib/freebl/sha256-armv8.c, lib/freebl/sha256.h, lib/freebl/sha512.c: Bug 1528113 - Use ARM's crypto extension for SHA256 r=kjacobs ARMv8 CPU has accelerated hardware instruction for SHA256 that supports GCC 4.9+. We should use it if available. [61c83f79e90c] 2020-06-02 Kevin Jacobs <kjacobs@mozilla.com> * automation/abi-check/expected-report-libssl3.so.txt, gtests/ssl_gtest/libssl_internals.c, gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/manifest.mn, gtests/ssl_gtest/ssl_0rtt_unittest.cc, gtests/ssl_gtest/ssl_extension_unittest.cc, gtests/ssl_gtest/ssl_gtest.gyp, gtests/ssl_gtest/tls_agent.cc, gtests/ssl_gtest/tls_agent.h, gtests/ssl_gtest/tls_connect.cc, gtests/ssl_gtest/tls_connect.h, gtests/ssl_gtest/tls_psk_unittest.cc, lib/ssl/manifest.mn, lib/ssl/ssl.gyp, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c, lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslinfo.c, lib/ssl/sslsecur.c, lib/ssl/sslsock.c, lib/ssl/sslt.h, lib/ssl/tls13con.c, lib/ssl/tls13con.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13psk.c, lib/ssl/tls13psk.h, lib/ssl/tls13replay.c: Bug 1603042 - TLS 1.3 out-of-band PSK support r=mt This patch adds support for External (out-of-band) PSKs in TLS 1.3. An External PSK (EPSK) can be set by calling `SSL_AddExternalPsk`, and removed with `SSL_RemoveExternalPsk`. `SSL_AddExternalPsk0Rtt` can be used to add a PSK while also specifying a suite and max_early_data_size for use with 0-RTT. As part of handling PSKs more generically, the patch also changes how resumption PSKs are handled internally, so as to rely on the same mechanisms where possible. A socket is currently limited to only one External PSK at a time. If the server doesn't find the same identity for the configured EPSK, it will fall back to certificate authentication. [a2293e897889] 2020-06-03 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c, lib/ssl/tls13con.c: Bug 1643123 - Allow External PSKs to be used with Early Export [46ef0c025cfc] 2020-06-02 Sylvestre Ledru <sledru@mozilla.com> * lib/ssl/tls13con.c: Bug 1642809 - Fix an assert (we need a comparison, not assignment) r=kjacobs [d0789cb32d8e] 2020-06-03 Mike Hommey <mh@glandium.org> * cmd/shlibsign/Makefile: Bug 1642153 - Avoid infinite recursion when CHECKLOC is not set. r=jcj [e955ece90b05] 2020-06-03 Martin Thomson <mt@lowentropy.net> * gtests/ssl_gtest/ssl_auth_unittest.cc, gtests/ssl_gtest/ssl_resumption_unittest.cc, lib/ssl/tls13con.c: Bug 1642871 - Allow tickets and PHA after resumption, r=kjacobs The first part of this is fairly simple: we accidentally disabled sending of session tickets after resumption. The second part is much less obvious, because the spec is unclear. This change takes the interpretation that it is OK to use post- handshake authentication if the handshake is resumed, but not OK if the handshake is based on a PSK. (This is based on a first- principles understanding of resumption being a continuation of a certificate-based connection rather than a reading of the spec, see the bug for why the spec appears to be unhelpful on this point.) This still prohibits the use of post-handshake authentication if an external PSK was used, but that is more an abundance of caution than anything principled. [e9502f71b7fe] 2020-06-04 Kevin Jacobs <kjacobs@mozilla.com> * gtests/ssl_gtest/ssl_exporter_unittest.cc, lib/ssl/sslinfo.c, lib/ssl/tls13con.c: Bug 1643123 - Allow External PSKs to be used with Early Export r=mt This patch adjusts `tls13_exporter` to pull the hash algorithm from the first PSK when a suite is not configured yet, which allows early export with external PSKs. [d211f3013abb]