boringssl

Revīziju grafs

Autors	SHA1	Ziņojums	Datums
David Benjamin	3d458dc048	Revert of Determining certificate_auth and key_exchange based on SSL. Reason for revert: Right now in TLS 1.3, certificate_auth is exactly the same as whether we're doing resumption. With the weird reauth stuff punted to later in the spec, having extra state is just more room for bugs to creep in. Original issue's description: > Determining certificate_auth and key_exchange based on SSL. > > This allows us to switch TLS 1.3 to use non-cipher based negotiation > without needing to use separate functions between 1.3 and below. > > BUG=77 > > Change-Id: I9207e7a6793cb69e8300e2c15afe3548cbf82af2 > Reviewed-on: https://boringssl-review.googlesource.com/10803 > Reviewed-by: David Benjamin <davidben@google.com> > Commit-Queue: David Benjamin <davidben@google.com> > CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> > Change-Id: I240e3ee959ffd1f2481a06eabece3af554d20ffa Reviewed-on: https://boringssl-review.googlesource.com/11008 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	639846e5e4	Add tests for trailing data in handshake messages. It's easy to forget to check those. Unfortunately, it's also easy to forget to check inner structures, which is going to be harder to stress, but do these to start with. In doing, so fix up and unify some error-handling, and add a missing check when parsing TLS 1.2 CertificateRequest. This was also inspired by the recent IETF posting. Change-Id: I27fe3cd3506258389a75d486036388400f0a33ba Reviewed-on: https://boringssl-review.googlesource.com/10963 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	bd09eccd6d	Determining certificate_auth and key_exchange based on SSL. This allows us to switch TLS 1.3 to use non-cipher based negotiation without needing to use separate functions between 1.3 and below. BUG=77 Change-Id: I9207e7a6793cb69e8300e2c15afe3548cbf82af2 Reviewed-on: https://boringssl-review.googlesource.com/10803 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	4d0be24319	Only allow SSL_set_session before the handshake. Otherwise things break horribly. Explicitly abort to help catch bugs. Change-Id: I66e2bf8808199b3331b3adde68d73758a601eb8c Reviewed-on: https://boringssl-review.googlesource.com/10761 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	8a8349b53e	Request contexts are now illegal during the handshake. One less thing to keep track of. https://github.com/tlswg/tls13-spec/pull/549 got merged. Change-Id: Ide66e547140f8122a3b8013281be5215c11b6de0 Reviewed-on: https://boringssl-review.googlesource.com/10482 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	4aa154e08f	Adding code to send session as PSK Identity. BUG=75 Change-Id: Ied864cfccbc0e68d71c55c5ab563da27b7253463 Reviewed-on: https://boringssl-review.googlesource.com/9043 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Martin Kreichgauer	baafa4a653	Undo rename of tlsext_tick_lifetime_hint. It was renamed to ticket_liftetime_hint in 1e6f11a7ff72bea394e6651b512e435fbc95d323, which breaks Qt. Change-Id: I9c6d3097fe96e669f06a4e0880bd4d7d82b03ba8 Reviewed-on: https://boringssl-review.googlesource.com/10181 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	4087df92f4	Move more side-specific code out of tls13_process_certificate. tls13_process_certificate can take a boolean for whether anonymous is allowed. This does change the error on the client slightly, but I think this is correct anyway. It is not a syntax error for the server to send no certificates in so far as the Certificate message allows it. It's just illegal. Change-Id: I1af80dacf23f50aad0b1fbd884bc068a40714399 Reviewed-on: https://boringssl-review.googlesource.com/9072 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	1e6f11a7ff	Adding NewSessionTicket. We will now send tickets as a server and accept them as a client. Correctly offering and resuming them in the handshake will be implemented in a follow-up. Now that we're actually processing draft 14 tickets, bump the draft version. Change-Id: I304320a29c4ffe564fa9c00642a4ace96ff8d871 Reviewed-on: https://boringssl-review.googlesource.com/8982 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	7259f2fd08	Prefix ext_key_share methods. Change-Id: Id6a7443246479c62cbe0024e2131a2013959e21e Reviewed-on: https://boringssl-review.googlesource.com/9078 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	3ce4389e96	Move some client/server special-cases out of tls13_process_certificate. Where we can move uncommon logic to the caller, we probably ought to. Change-Id: I54a09fffffc20290be05295137ccb605d562cad0 Reviewed-on: https://boringssl-review.googlesource.com/9069 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	4890165509	Empty signature algorithms in TLS 1.3 CertificateRequest is illegal. In TLS 1.2, this was allowed to be empty for the weird SHA-1 fallback logic. In TLS 1.3, not only is the fallback logic gone, but omitting them is a syntactic error. struct { opaque certificate_request_context<0..2^8-1>; SignatureScheme supported_signature_algorithms<2..2^16-2>; DistinguishedName certificate_authorities<0..2^16-1>; CertificateExtension certificate_extensions<0..2^16-1>; } CertificateRequest; Thanks to Eric Rescorla for pointing this out. Change-Id: I4991e59bc4647bb665aaf920ed4836191cea3a5a Reviewed-on: https://boringssl-review.googlesource.com/9062 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	87eab4902d	Splitting SSL session state. To prevent configuration/established session confusion, the handshake session state is separated into the configured session (ssl->session) and the newly created session (ssl->s3->new_session). Upon conclusion of the handshake, the finalized session is stored in (ssl->s3->established_session). During the handshake, any requests for the session (SSL_get_session) return a non-resumable session, to prevent resumption of a partially filled session. Sessions should only be cached upon the completion of the full handshake, using the resulting established_session. The semantics of accessors on the session are maintained mid-renego. Change-Id: I4358aecb71fce4fe14a6746c5af1416a69935078 Reviewed-on: https://boringssl-review.googlesource.com/8612 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	613fe3baa5	Call expect_flight and received_flight in the 1.3 logic. This doesn't do anything since they're for DTLS, but we ought to satisfy the API nonetheless. expect_flight is easy with ssl_hs_flush_and_read_message. received_flight I think basically needs to get sprinkled into the state machine. Change-Id: I406c7f776ad8e5e3cbcafcac6b26a688c6d3caf1 Reviewed-on: https://boringssl-review.googlesource.com/8883 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>	pirms 8 gadiem
Steven Valdez	5440fe0cd1	Adding HelloRetryRequest. [Tests added by davidben.] Change-Id: I0d54a4f8b8fe91b348ff22658d95340cdb48b089 Reviewed-on: https://boringssl-review.googlesource.com/8850 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
David Benjamin	13f1ebe827	Factor out the client_cert_cb code. Share a bit more of it between TLS 1.2 and 1.3. Change-Id: I43c9dbf785a3d33db1793cffb0fdbd3af075cc89 Reviewed-on: https://boringssl-review.googlesource.com/8849 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem
Steven Valdez	143e8b3fd9	Add TLS 1.3 1-RTT. This adds the machinery for doing TLS 1.3 1RTT. Change-Id: I736921ffe9dc6f6e64a08a836df6bb166d20f504 Reviewed-on: https://boringssl-review.googlesource.com/8720 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	pirms 8 gadiem

17 Revīzijas (9a5f49eec089f080e7fac41c387086f6fc0ae6a5)