Chiebot-Mirror/boringssl - boringssl - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
David Benjamin	0a6bfa36c9	Always check the TLS 1.3 downgrade signal. These APIs were used by Chromium to control the carve-out for the TLS 1.3 downgrade signal. As of https://chromium-review.googlesource.com/c/chromium/src/+/2324170, Chromium no longer uses them. Update-Note: SSL_CTX_set_ignore_tls13_downgrade, SSL_set_ignore_tls13_downgrade, and SSL_is_tls13_downgrade now do nothing. Calls sites should be removed. (There are some copies of older Chromium lying around, so I haven't removed the functions yet.) The enforcement was already on by default, so this CL does not affect callers that don't use those functions. Change-Id: I016af8291cd92051472d239c4650602fe2a68f5b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44124 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	fa9796ece4	Add SSL_early_data_reason_string. QUICHE has a switch-case converting ssl_early_data_reason_t to a string for logging. This causes a lot of churn when we add a new value. Instead, add a function for this. Bump BORINGSSL_API_VERSION so we can easily land a CL in QUICHE to start using the function without coordinating repositories. Change-Id: I176ca07b4f75a3ea7153a387219459665062aad9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43724 Reviewed-by: Nick Harper <nharper@chromium.org> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
Steven Valdez	51607f1fe1	Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
David Benjamin	e580e9ded3	Simplify 0-RTT tests. Add an earlyData and earlyDataRejected flag to configure the standard 0-RTT test options. It's too tedious otherwise. Along the way, I added an -expect-cipher flag to a few of the tests which could do with them. This does cause most 0-RTT tests to exchange a quick burst of data, so a few more fuzzer mode suppressions are needed. I think that's probably fine. Maybe we should mess with fuzzer mode so it's able to trial decrypt as this is getting a little tedious. Change-Id: Ib6490fe006d91294aab1a06d88f7793c6ae840c8 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43086 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
David Benjamin	3ff161cc08	Print SSL_get_error in bssl_shim. If a test fails due to an unexpected SSL_get_error result, notably 0-RTT rejection, it's very difficult to debug. Change-Id: I08585551f6d3d3c4ea414bf3ac7bc9ba0ed4063b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43085 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com>	5 years ago
David Benjamin	b0e98e408c	Test SSL_get0_alpn_selected on both client and server. On the server, we echo the selected ALPN back out of the same getter as the client. Change-Id: I11978b9cd0a3e7c611f162e9cf5054e52005a195 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43045 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago