boringssl

History

David Benjamin 786793411a Do not distinguish NULL and empty PSK identity hints. Plain PSK omits the ServerKeyExchange when there is no hint and includes it otherwise (it should have always sent it), while other PSK ciphers like ECDHE_PSK cannot omit the hint. Having different capabilities here is odd and RFC 4279 5.2 suggests that all PSK ciphers are capable of "[not] provid[ing] an identity hint". Interpret this to mean no identity hint and empty identity hint are the same state. Annoyingly, this gives a plain PSK implementation two options for spelling an empty hint. The spec isn't clear and this is not really a battle worth fighting, so I've left both acceptable and added a test for this case. See also https://android-review.googlesource.com/c/275217/. This is also consistent with Android's PskKeyManager API, our only consumer anyway. https://developer.android.com/reference/android/net/PskKeyManager.html Change-Id: I8a8e6cc1f7dd1b8b202cdaf3d4f151bebfb4a25b Reviewed-on: https://boringssl-review.googlesource.com/11087 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>		2016-09-20 23:00:47 +00:00
..
test	Do not distinguish NULL and empty PSK identity hints.	2016-09-20 23:00:47 +00:00
CMakeLists.txt	Add TLS 1.3 1-RTT.	2016-07-18 09:54:46 +00:00
custom_extensions.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
d1_both.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
d1_lib.c	Remove RC4 from TLS for real.	2016-09-16 03:06:36 +00:00
d1_pkt.c	Move post-handshake message handling out of read_app_data.	2016-07-29 21:05:49 +00:00
d1_srtp.c	Make kSRTPProfiles static.	2016-05-13 14:12:22 +00:00
dtls_method.c	Switch finish_handshake to release_current_message.	2016-07-28 22:59:18 +00:00
dtls_record.c	Fix the alias checks in dtls_record.c.	2016-06-09 21:11:22 +00:00
handshake_client.c	Do not distinguish NULL and empty PSK identity hints.	2016-09-20 23:00:47 +00:00
handshake_server.c	Don't send the access_denied alert innappropriately.	2016-09-16 20:12:09 +00:00
internal.h	Move peer_psk_identity_hint to SSL_HANDSHAKE.	2016-09-20 22:37:24 +00:00
s3_both.c	Move peer_psk_identity_hint to SSL_HANDSHAKE.	2016-09-20 22:37:24 +00:00
s3_enc.c	Splitting SSL session state.	2016-07-29 21:22:46 +00:00
s3_lib.c	Move peer_psk_identity_hint to SSL_HANDSHAKE.	2016-09-20 22:37:24 +00:00
s3_pkt.c	Stop pretending to ssl_clear_bad_session.	2016-08-03 21:07:36 +00:00
ssl_aead_ctx.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
ssl_asn1.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
ssl_buffer.c	Add SSL_is_dtls.	2016-08-02 20:43:58 +00:00
ssl_cert.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
ssl_cipher.c	Remove RC4 from TLS for real.	2016-09-16 03:06:36 +00:00
ssl_ecdh.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00
ssl_file.c	Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit.	2016-04-27 18:40:25 +00:00
ssl_lib.c	Do not distinguish NULL and empty PSK identity hints.	2016-09-20 23:00:47 +00:00
ssl_rsa.c	Fix a number of sigalg scope issues.	2016-08-24 00:24:34 +00:00
ssl_session.c	Only allow SSL_set_session before the handshake.	2016-09-12 19:16:46 +00:00
ssl_stat.c	Factor out the client_cert_cb code.	2016-07-20 09:25:52 +00:00
ssl_test.cc	Remove RC4 from TLS for real.	2016-09-16 03:06:36 +00:00
t1_enc.c	Splitting SSL session state.	2016-07-29 21:22:46 +00:00
t1_lib.c	Release TLS 1.3 key shares earlier in TLS 1.2.	2016-09-19 20:35:35 +00:00
tls13_both.c	Implement BORINGSSL_UNSAFE_FUZZER_MODE for TLS 1.3.	2016-08-19 19:11:34 +00:00
tls13_client.c	Release TLS 1.3 key shares earlier in TLS 1.2.	2016-09-19 20:35:35 +00:00
tls13_enc.c	const-correct a variable.	2016-09-06 18:19:37 +00:00
tls13_server.c	Don't send the access_denied alert innappropriately.	2016-09-16 20:12:09 +00:00
tls_method.c	Add TLS_{client,server}_method.	2016-08-05 18:59:32 +00:00
tls_record.c	Use C99 for size_t loops.	2016-09-12 19:44:24 +00:00