kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
163c95691a
boringssl/crypto/err
History
David Benjamin 163c95691a Forbid EMS from changing during renegotation. 
Changing parameters on renegotiation makes all our APIs confusing. This
one has no reason to change, so lock it down. In particular, our
preference to forbid Token Binding + renego may be overridden at the
IETF, even though it's insane. Loosening it will be a bit less of a
headache if EMS can't change.

https://www.ietf.org/mail-archive/web/unbearable/current/msg00690.html
claims that this is already in the specification and enforced by NSS. I
can't find anything to this effect in the specification. It just says
the client MUST disable renegotiation when EMS is missing, which is
wishful thinking. At a glance, NSS doesn't seem to check, though I could
be misunderstanding the code.

Nonetheless, locking this down is a good idea anyway. Accurate or not,
take the email as an implicit endorsement of this from Mozilla.

Change-Id: I236b05991d28bed199763dcf2f47bbfb9d0322d7
Reviewed-on: https://boringssl-review.googlesource.com/10721
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-30 15:43:35 +00:00
..
asn1.errordata Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
bio.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
bn.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
cipher.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
CMakeLists.txt Add a run_tests target to run all tests. 2015-10-26 20:33:44 +00:00
conf.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
dh.errordata Reimplement PKCS #3 DH parameter parsing with crypto/bytestring. 2016-05-09 19:36:41 +00:00
digest.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
dsa.errordata Reimplement DSA parsing logic with crypto/asn1. 2016-02-17 00:26:01 +00:00
ec.errordata Always use Fermat's Little Theorem in ecdsa_sign_setup. 2016-06-20 17:11:42 +00:00
ecdh.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
ecdsa.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
engine.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
err_data_generate.go Make err_data_generator.go silent by default. 2016-04-18 19:42:15 +00:00
err_test.cc Don't bother sampling __func__. 2015-11-03 22:50:59 +00:00
err.c Wrap MSVC-only warning pragmas in a macro. 2016-06-09 21:29:36 +00:00
evp.errordata Reset crypto/evp error codes. 2016-02-26 23:34:04 +00:00
hkdf.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
obj.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
pem.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
pkcs8.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00
rsa.errordata Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
ssl.errordata Forbid EMS from changing during renegotation. 2016-08-30 15:43:35 +00:00
x509.errordata Add checks to X509_NAME_oneline() 2016-05-03 16:34:59 +00:00
x509v3.errordata Get rid of err function codes. 2015-07-16 02:02:08 +00:00