From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 10071 invoked from network); 12 Jun 2021 13:21:43 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 12 Jun 2021 13:21:43 -0000 Received: from duke.felloff.net ([216.126.196.34]) by 1ess; Sat Jun 12 09:15:13 -0400 2021 Message-ID: <867EF01C41DA1F5C5F16C87137F0B4D8@felloff.net> Date: Sat, 12 Jun 2021 15:15:02 +0200 From: cinap_lenrek@felloff.net To: 9front@9front.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: proven flexible strategy-scale framework descriptor Subject: Re: [9front] libsec: various tls changes Reply-To: 9front@9front.org Precedence: bulk i think theres a problem with the curve negotiation. the new tlsServerExtensions() function can leave c->sec->nc unset. and later, tlsServer2() has this change: - Namedcurve *nc = &namedcurves[0]; /* secp256r1 */ - m.tag = HServerKeyExchange; - m.u.serverKeyExchange.curve = nc->tlsid; - m.u.serverKeyExchange.dh_parameters = tlsSecECDHEs1(c->sec, nc); + m.u.serverKeyExchange.curve = c->sec->nc->tlsid; + m.u.serverKeyExchange.dh_parameters = tlsSecECDHEs1(c->sec); maybe we can make the code more explicit about this? it is hard to see that it is supposed to modify. otherwise the changes seem reasonable. it is just alot of changes all at once. maybe you can submit the prf changes and the unixtime changes separately? -- cinap