kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
97760d5254
boringssl/ssl
History
David Benjamin 97760d5254 Slightly simplify V2ClientHello sniffing. 
Rather than sniff for ClientHello, just fall through to standard logic
once weird cases are resolved.

This means that garbage will now read as WRONG_VERSION rather than
UNKNOWN_PROTOCOL, but the rules here were slightly odd anyway. This also
means we'll now accept empty records before the ClientHello (up to the
empty record limit), and process records of the wrong type with the
usual codepath during the handshake.

This shouldn't be any more risk as it just makes the ClientHello more
consistent with the rest of the protocol. A TLS implementation that
doesn't parse V2ClientHello would do the same unless it still
special-cased the first record. All newly-exposed states are reachable
by fragmenting ClientHello by one byte and then sending the record in
question.

BUG=468889

Change-Id: Ib701ae5d8adb663e158c391639b232a9d9cd1c6e
Reviewed-on: https://boringssl-review.googlesource.com/5712
Reviewed-by: Adam Langley <agl@google.com>
2015-08-17 20:48:06 +00:00
..
pqueue Fix some malloc test crashs. 2015-05-21 18:00:10 +00:00
test Slightly simplify V2ClientHello sniffing. 2015-08-17 20:48:06 +00:00
CMakeLists.txt Implement custom extensions. 2015-07-31 01:12:00 +00:00
custom_extensions.c Fix NULL dereference in the case of an unexpected extension from a server. 2015-08-07 18:21:20 +00:00
d1_both.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
d1_clnt.c Decouple the handshake buffer and digest. 2015-08-07 01:10:33 +00:00
d1_lib.c Decouple the handshake buffer and digest. 2015-08-07 01:10:33 +00:00
d1_meth.c Further tidy up cipher logic. 2015-06-01 22:48:30 +00:00
d1_pkt.c Clean up DTLS1_BITMAP code. 2015-08-05 21:23:05 +00:00
d1_srtp.c Convert the SRTP extension to the new system 2015-07-21 21:44:22 +00:00
d1_srvr.c Decouple the handshake buffer and digest. 2015-08-07 01:10:33 +00:00
internal.h Remove SSL_CTRL_SET_CLIENT_CERT_TYPES. 2015-08-17 19:15:14 +00:00
s3_both.c Switch the handshake buffer from memory BIO to BUF_MEM. 2015-08-07 01:11:42 +00:00
s3_clnt.c Simplify tls1_channel_id_hash. 2015-08-07 01:16:33 +00:00
s3_enc.c Simplify handshake hash handling. 2015-08-07 01:47:21 +00:00
s3_lib.c Remove SSL_CTRL_SET_CLIENT_CERT_TYPES. 2015-08-17 19:15:14 +00:00
s3_meth.c Further tidy up cipher logic. 2015-06-01 22:48:30 +00:00
s3_pkt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
s3_srvr.c Slightly simplify V2ClientHello sniffing. 2015-08-17 20:48:06 +00:00
ssl_aead_ctx.c Fold away SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD. 2015-08-07 00:57:37 +00:00
ssl_algs.c
ssl_asn1.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
ssl_cert.c Remove SSL_CTRL_SET_CLIENT_CERT_TYPES. 2015-08-17 19:15:14 +00:00
ssl_cipher.c Simplify handshake hash handling. 2015-08-07 01:47:21 +00:00
ssl_lib.c Slightly simplify V2ClientHello sniffing. 2015-08-17 20:48:06 +00:00
ssl_rsa.c Add server-side support for asynchronous signing. 2015-07-31 01:14:29 +00:00
ssl_sess.c Reserve ex_data index zero for app_data. 2015-07-20 16:56:34 +00:00
ssl_stat.c Remove ssl2.h and ssl23.h. 2015-07-01 21:47:01 +00:00
ssl_test.cc Add tests for the padding extension. 2015-07-29 19:20:53 +00:00
ssl_txt.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t1_enc.c Simplify handshake hash handling. 2015-08-07 01:47:21 +00:00
t1_lib.c Simplify tls1_channel_id_hash. 2015-08-07 01:16:33 +00:00