Chiebot-Mirror/boringssl - boringssl - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
Adam Langley	ca058c0647	Revert "Add support for the new QUIC TLS extension codepoint" This reverts commit `7ba96a675e`. BUG=oss-fuzz:28720 Change-Id: Ibfea49cc3101079573eedbb33c443c85a14e4b4c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44644 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>	4 years ago
David Schinazi	7ba96a675e	Add support for the new QUIC TLS extension codepoint IETF QUIC draft 33 is replacing the TLS extension codepoint for QUIC transport parameters from 0xffa5 to 57. To support multiple versions of Chrome, we need to support both codepoints in BoringSSL. This CL adds support for the new codepoint in a way that can be enabled on individual connections. Change-Id: I3bf06ea0710702c0dc45bb3ff2e3d772e9f87f9b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44585 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>	4 years ago
Steven Valdez	51607f1fe1	Implement draft-vvv-tls-alps-01. (Original CL by svaldez, reworked by davidben.) Change-Id: I8570808fa5e96a1c9e6e03c4877039a22e73254f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42404 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>	4 years ago
David Benjamin	3989c99706	Fix crash when flushing an SSL BIO. OpenSSL synchronizes bio->next_bio and ssl->rbio with a variety of callbacks, so BIO_copy_next_retry worked. We do not, so attempting to flush the BIO crashed. The SSL BIO is a compatibility hack and intentionally much more limited, so start by just copying things from the right BIO directly. Add a basic unit test for SSL BIOs. If we need to, we can implement a more complex synchronization later. Additionally reject reconfiguring an SSL BIO because that will leak the object right now. Change-Id: I724c95ab6f1a3a1aa1889b0483c81ce3bdc534ae Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43424 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Nick Harper	5e086956f2	Fix handling of quic_early_data_context. The quic_early_data_context should always be saved in the SSL_SESSION. This change fixes a bug where it was only saved in the SSL_SESSION on full handshakes (but not resumption handshakes). Bug: 376 Change-Id: I3659d3398e85ac4263760b504d7ea8458fc7e1e2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43264 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago
Nick Harper	74161f485b	Enforce presence of ALPN when QUIC is in use. Update-Note: If an SSL_QUIC_METHOD is set, connections will now fail if ALPN is not negotiated. This new behavior can be detected by checking if the value of BORINGSSL_API_VERSION is greater than 10. Bug: 294 Change-Id: I42fb80aa09268e77cec4a51e49cdad79bd72fa58 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42304 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago