kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
163c95691a
boringssl/crypto
History
David Benjamin 163c95691a Forbid EMS from changing during renegotation. 
Changing parameters on renegotiation makes all our APIs confusing. This
one has no reason to change, so lock it down. In particular, our
preference to forbid Token Binding + renego may be overridden at the
IETF, even though it's insane. Loosening it will be a bit less of a
headache if EMS can't change.

https://www.ietf.org/mail-archive/web/unbearable/current/msg00690.html
claims that this is already in the specification and enforced by NSS. I
can't find anything to this effect in the specification. It just says
the client MUST disable renegotiation when EMS is missing, which is
wishful thinking. At a glance, NSS doesn't seem to check, though I could
be misunderstanding the code.

Nonetheless, locking this down is a good idea anyway. Accurate or not,
take the email as an implicit endorsement of this from Mozilla.

Change-Id: I236b05991d28bed199763dcf2f47bbfb9d0322d7
Reviewed-on: https://boringssl-review.googlesource.com/10721
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-30 15:43:35 +00:00
..
aes Allow .arch directives with Clang. 2016-08-26 17:45:49 +00:00
asn1 Fix off by 1 in ASN1_STRING_set() 2016-08-24 04:40:39 +00:00
base64 Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
bio Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
bn Rewrite BN_bn2dec. 2016-08-23 19:57:26 +00:00
buf Add BUF_MEM_reserve. 2016-05-18 19:09:06 +00:00
bytestring Clarify CBS/CBB with respect to high tag number form. 2016-08-26 17:48:48 +00:00
chacha Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
cipher Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
cmac Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
conf
curve25519 Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
des
dh Add constants for BN_rand and use them. 2016-08-18 18:18:31 +00:00
digest Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
dsa Add various 1.1.0 accessors. 2016-08-10 16:52:15 +00:00
ec Be -Wnewline-eof clean. 2016-08-29 19:15:19 +00:00
ecdh Import NIST ECDH test vectors. 2016-08-30 15:32:22 +00:00
ecdsa Use BN_mod_inverse_odd instead of |BN_mod_inverse| for ECC. 2016-08-05 22:09:35 +00:00
engine
err Forbid EMS from changing during renegotation. 2016-08-30 15:43:35 +00:00
evp Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
hkdf Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
hmac Move remaining ScopedContext types out of scoped_types.h 2016-08-11 01:15:45 +00:00
lhash Use non-deprecated methods on windows. 2016-05-19 20:30:50 +00:00
md4
md5 Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
modes Allow .arch directives with Clang. 2016-08-26 17:45:49 +00:00
newhope Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
obj Rename the |dont_return_name| flag of |OBJ_obj2txt| to |always_return_oid|. 2016-08-10 17:18:25 +00:00
pem Reject inappropriate private key encryption ciphers. 2016-05-03 16:30:08 +00:00
perlasm Sync x86 perlasm drivers with upstream master. 2016-06-27 22:00:51 +00:00
pkcs8 Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
poly1305 Resolve a small handful of size_t truncation warnings. 2016-08-05 19:12:31 +00:00
rand Resolve a small handful of size_t truncation warnings. 2016-08-05 19:12:31 +00:00
rc4 Simplify RC4 code and remove assembly. 2016-08-30 15:32:31 +00:00
rsa Add various 1.1.0 accessors. 2016-08-10 16:52:15 +00:00
sha sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows. 2016-08-16 19:46:06 +00:00
stack Fix stack macro const-ness. 2016-05-13 18:24:57 +00:00
test Move remaining ScopedContext types out of scoped_types.h 2016-08-11 01:15:45 +00:00
x509 Finish aligning up_ref functions with OpenSSL 1.1.0. 2016-08-11 16:51:52 +00:00
x509v3 Finish aligning up_ref functions with OpenSSL 1.1.0. 2016-08-11 16:51:52 +00:00
CMakeLists.txt Switch perlasm calling convention. 2016-06-27 21:59:26 +00:00
constant_time_test.c
cpu-aarch64-linux.c
cpu-arm-linux.c
cpu-arm.c
cpu-intel.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
crypto.c Add no-op function ENGINE_register_all_complete. 2016-07-12 17:54:41 +00:00
ex_data.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
internal.h Adding ARRAY_SIZE macro for getting the size of constant arrays. 2016-08-19 19:30:39 +00:00
mem.c Breaking news: 1998 has come and gone. 2016-07-11 23:51:47 +00:00
refcount_c11.c
refcount_lock.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
refcount_test.c
thread_none.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_pthread.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
thread_test.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
thread_win.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
thread.c Remove a bunch of unnecessary includes. 2016-06-28 20:31:14 +00:00
time_support.c