adding a new custom ciphersuite to NSS (to be used by Thunderbird for TLS establishment)

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: adding a new custom ciphersuite to NSS (to be used by Thunderbird for TLS establishment)

Mozilla - Security mailing list
On Wednesday, December 6, 2017 at 9:27:44 AM UTC+5, f masood wrote:

> On Tuesday, December 5, 2017 at 8:50:42 AM UTC+5, f masood wrote:
> > On Tuesday, December 5, 2017 at 8:21:41 AM UTC+5, Kyle Hamilton wrote:
> > > First, you shouldn't include .pyc files in patches.  (binary files in
> > > patch files tend to make patches unreadable by most text viewers.)
> > > Python will recompile .py files to .pyc as necessary.
> > >
> > > Second, have you tried running your code through a debugger?  If it's
> > > crashing, chances are it's either not allocating memory correctly, or
> > > it's writing outside the bounds of memory that it's allocated.  A
> > > debugger will help you figure out what's going on, and why.
> > >
> > > -Kyle H
> > >
> > > On Mon, Dec 4, 2017 at 12:03 AM, f masood via dev-security
> > > <[hidden email]> wrote:
> > > > On Wednesday, November 29, 2017 at 11:03:35 AM UTC+5, f masood wrote:
> > > >> Thanks for the reply.
> > > >>
> > > >> 1. I did the changes to SSL3con.c but now when I start the Thunderbird.exe the application crashes and Mozilla Crash report dialog comes in.
> > > >>
> > > >>
> > > >> 2. I have created a diff file in which i have used NS naming convention instead of MYSEED. So, NS === SEED cipher.
> > > >>
> > > >> 3. The diff file can be downloaded from the following link:
> > > >> https://drive.google.com/drive/folders/1ZUY-rSBOZd5fVq58jVRUBJeFYrNkCgQB
> > > >>
> > > >>
> > > >>
> > > >> On Wednesday, November 29, 2017 at 2:06:40 AM UTC+5, Ángel wrote:
> > > >> > On 2017-11-27 at 03:41 -0800, f masood via dev-security wrote:
> > > >> > > Update:
> > > >> > >
> > > >> > > 1. i have done the changes as done by the patch however, I get the following error:
> > > >> > >
> > > >> > > i.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (178) : too many initializers
> > > >> > >
> > > >> > > ii.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (179) : too many initializers
> > > >> > >
> > > >> > > iii.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (5609) : too many initializers
> > > >> > >
> > > >> > > iv.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (5591) : too many initializers
> > > >> > >
> > > >> > > can anyone help me out ?  i am stuck pretty bad !
> > > >> >
> > > >> > Maybe you could provide a relevant snippet of the changes you were
> > > >> > doing? Or at least provide a link to the file in hg.mozilla.org
> > > >> > You clearly have an error in the C code around line 179 of
> > > >> > mozilla/security/nss/lib/ssl/ssl3con.c but how should we know what you
> > > >> > changed, and therein, what's wrong there?
> > > >> >
> > > >> > Cheers
> > > >
> > > > I have manually done changes (addition) in the
> > > >
> > > > mozilla/security/manager/ssl/nsNSSCallbacks.cpp file i.e.
> > > >
> > > > case TLS_ECDHE_ECDSA_WITH_MYSEED_CBC_SHA: value = 15; break;
> > > >
> > > > Although it is not mentioned in the PATCH file of CHACHA but all the CIPHERSUITES have been added to this file also, is this might be calling the thunderbird to crash again and again ???
> > > > _______________________________________________
> > > > dev-security mailing list
> > > > [hidden email]
> > > > https://lists.mozilla.org/listinfo/dev-security
> >
> > 1. So, I ran CLOBBER command and then rebuilt the complete THUNDERBIRD [it took 118 minutes], now its not crashing.
> >
> > 2. But the CIPHERSUITE (MYSEED) is not being sent to SERVER in client hello packet by the thunderbird, I can only see the ciphers already added before [e.g aes, chacha, aes-gcm etc...] .
> >
> > 3. have followed all the steps of the patch of adding ChaCha Poly in NSS.
> >
> > any help in this regard ?
> >
> > 4. or how to test it ? any other method ?
>
> ***Update #7***
>
> all the existing ciphers are added in the files:
>
> a.   /manager/ssl/nsNSSCallbacks.cpp
>
> b.   /manager/ssl/nsNSSComponent.cpp
>
>
> but the ChaCha patch does not have modification to this file ??? Should I add the cipher here ? Any help ?


 ***HELP PLEASE ***
_______________________________________________
dev-security mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-security
12