Commit Graph

62 Commits

Author SHA1 Message Date
David Benjamin
60e7992764 Remove DTLSv1_listen.
This was added in http://rt.openssl.org/Ticket/Display.html?id=2033 to support
a mode where a DTLS socket would statelessly perform the ClientHello /
HelloVerifyRequest portion of the handshake, to be handed off to a socket
specific to this peer address.

This is not used by WebRTC or other current consumers. If we need to support
something like this, it would be cleaner to do the listen portion (cookieless
ClientHello + HelloVerifyRequest) externally and then spin up an SSL instance
on receipt of a cookied ClientHello. This would require a slightly more complex
BIO to replay the second ClientHello but would avoid peppering the DTLS
handshake state with a special short-circuiting mode.

Change-Id: I7a413932edfb62f8b9368912a9a0621d4155f1aa
Reviewed-on: https://boringssl-review.googlesource.com/2220
Reviewed-by: Adam Langley <agl@google.com>
2014-11-10 22:39:24 +00:00
Adam Langley
ec48af40a7 Make SSL_MODE_AUTO_RETRY the default.
Without SSL_MODE_AUTO_RETRY, even blocking mode will return
SSL_ERROR_WANT_{READ|WRITE} in the event of a renegotiation.

The comments in the code speak only of "nasty problems" unless this is
done. The original commit that added SSL_MODE_AUTO_RETRY
(54f10e6adce56eb2e59936e32216162aadc5d050) gives a little more detail:

    The [...] behaviour is needed by applications such as s_client and
    s_server that use select() to determine when to use SSL_read.

Without the -nbio flag, s_client will use select() to find when the
socket is readable and then call SSL_read with a blocking socket.
However, this will still block in the event of an incomplete record, so
the delay is already unbounded. This it's very unclear what the point of
this behaviour ever was.

Perhaps if the read and write paths were different sockets where the
read socket was non-blocking but the write socket was blocking. But that
seems like an implausible situation to worry too much about.

Change-Id: I9d9f2526afc2e0fd0e5440e9a047f419a2d61afa
Reviewed-on: https://boringssl-review.googlesource.com/2140
Reviewed-by: Adam Langley <agl@google.com>
2014-11-04 01:25:22 +00:00
David Benjamin
a0ca1b742f DTLS1_AD_MISSING_HANDSHAKE_MESSAGE does not exist.
This code isn't compiled in. It seems there was some half-baked logic for a
7-byte alert that includes more information about handshake messages
retransmit.

No such alert exists, and the code had a FIXME anyway. If it gets resurrected
in DTLS 1.3 or some extension, we can deal with it then.

Change-Id: I8784ea8ee44bb8da4b0fe5d5d507997526557432
Reviewed-on: https://boringssl-review.googlesource.com/2121
Reviewed-by: Adam Langley <agl@google.com>
2014-11-04 00:26:01 +00:00
David Benjamin
cc23df53da Remove SSL_OP_CISCO_ANYCONNECT.
I see no internal users and the existence of a THIRD version encoding
complicates all version-checking logic. Also convert another version check to
SSL_IS_DTLS that was missed earlier.

Change-Id: I60d215f57d44880f6e6877889307dc39dbf838f7
Reviewed-on: https://boringssl-review.googlesource.com/1550
Reviewed-by: Adam Langley <agl@google.com>
2014-08-18 17:57:01 +00:00
Alex Chernyakhovsky
a324603651 Remove OPENSSL_NO_TLS{,1}
A modern TLS library without full support for TLS does not make sense.

Change-Id: I032537d1412f6e4effc9a2dd47123baf0084b4c6
Reviewed-on: https://boringssl-review.googlesource.com/1382
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 19:20:19 +00:00
David Benjamin
59b3a728dc Fix some DTLS alerts.
Caught by clang scan-build.

Change-Id: Ib17368557d3e8b2edac91e0441e64c21a5eb1318
Reviewed-on: https://boringssl-review.googlesource.com/1341
Reviewed-by: Adam Langley <agl@google.com>
2014-07-30 00:34:23 +00:00
David Benjamin
13ab3e3ce1 Remove heartbeat extension.
Change-Id: I0273a31e49c5367b89b9899553e3ebe13ec50687
Reviewed-on: https://boringssl-review.googlesource.com/1050
Reviewed-by: Adam Langley <agl@google.com>
2014-06-26 20:48:19 +00:00
David Benjamin
3f6fa3db62 Remove more remnants of compression.
Change-Id: I721914594fc92a66d95c7ec2088f13b68e964103
2014-06-24 18:43:57 -04:00
Adam Langley
d74d7d030c Added SSLErr call for internal error in dtls1_buffer_record
(Imported from upstream's de8a5b523f38377c8e0d9098ebff880749156db6)
2014-06-20 13:17:41 -07:00
Adam Langley
3a54f9e015 Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug.
PR#3362

(Imported from upstream's 8de85b00484e7e4ca6f0b6e174fb1dc97db91281)
2014-06-20 13:17:41 -07:00
Adam Langley
d493d5289d CBC record splitting.
This patch removes support for empty records (which is almost
universally disabled via SSL_OP_ALL) and adds optional support for 1/n-1
record splitting.

The latter is not enabled by default, since it's not typically used on
servers, but it should be enabled in web browsers since there are known
attacks in that case (see BEAST).
2014-06-20 13:17:35 -07:00
Adam Langley
95c29f3cd1 Inital import.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)
2014-06-20 13:17:32 -07:00